Switch Engine™ Command Reference

Guide

for Version 32.7.1

9038072-00 Rev AB
May 2024
Copyright © 2024 Extreme Networks, Inc. All rights reserved.

Legal Notice
Extreme Networks, Inc. reserves the right to make changes in specifications and other
information contained in this document and its website without prior notice. The reader should
in all cases consult representatives of Extreme Networks to determine whether any such changes
have been made.
The hardware, firmware, software or any specifications described or referred to in this document
are subject to change without notice.

Trademarks
Extreme Networks and the Extreme Networks logo are trademarks or registered trademarks of
Extreme Networks, Inc. in the United States and/or other countries.
All other names (including any product names) mentioned in this document are the property
of their respective owners and may be trademarks or registered trademarks of their respective
companies/owners.
For additional information on Extreme Networks trademarks, see: www.extremenetworks.com/
about-extreme-networks/company/legal/trademarks

Open Source Declarations

Some software files have been licensed under certain open source or third-party licenses.
End-user license agreements and open source declarations can be found at: https://
www.extremenetworks.com/support/policies/open-source-declaration/
Introduction to the Switch Engine™
Command Reference
Conventions on page 3
Related Publications on page 3
Send Feedback on page 4
Help and Support on page 4

This guide is intended for use by network administrators who are responsible
for installing and setting up network equipment. In addition to comprehensive
conceptual information about each feature of our software, you will also find
detailed configuration material, helpful examples, and troubleshooting information.
Also included are supported platforms and recommended best practices for optimal
software performance.

Important
Release 31.6 introduced new names for the network operating systems running
on Universal hardware. ExtremeXOS (EXOS) was renamed to Switch Engine
and VSP Operating System Software (VOSS) was renamed to Fabric Engine. All
references to ExtremeXOS apply to Switch Engine 31.6 and later.

Note
If the information in the release notes shipped with your switch differs from the
information in this guide, follow the release notes.

Conventions
To help you better understand the information presented in this guide, the following
topics describe the formatting conventions used for notes, text, and other elements.

Related Publications

Switch Engine Publications

• Switch Engine 32.7.1 Command Reference Guide
• Switch Engine 32.7.1 Feature License Requirements
• Switch Engine and ExtremeXOS 32.7.1 EMS Messages Catalog
• Switch Engine 32.7.1 User Guide

Switch Engine™ Command Reference Guide for version 32.7.1 3

 Introduction to the Switch Engine™ Command
Open Source Declarations Reference

• Switch Engine 32.7.1 Release Notes

• ExtremeXOS Quick Guide
• Extreme Hardware/Software Compatibility and Recommendation Matrices
• Extreme Optics Compatibility
• Switch Configuration with Chalet for ExtremeXOS 21.x and Later
• ACL Solutions Guide
• ExtremeXOS and Switch Engine SNMP Traps Reference

Open Source Declarations

Some software files have been licensed under certain open source licenses. More
information is available at: www.extremenetworks.com/support/policies/open-source-
declaration/.

Send Feedback
The User Enablement team at Extreme Networks has made every effort to ensure
that this document is accurate, complete, and easy to use. We strive to improve our
documentation to help you in your work, so we want to hear from you. We welcome all
feedback, but we especially want to know about:
• Content errors, or confusing or conflicting information.
• Improvements that would help you find relevant information.
• Broken links or usability issues.

To send feedback, email us at [email protected].

Provide as much detail as possible including the publication title, topic heading,
and page number (if applicable), along with your comments and suggestions for
improvement.

Help and Support

If you require assistance, contact Extreme Networks using one of the following
methods:
Extreme Portal
Search the GTAC (Global Technical Assistance Center) knowledge base; manage
support cases and service contracts; download software; and obtain product
licensing, training, and certifications.
The Hub
A forum for Extreme Networks customers to connect with one another, answer
questions, and share ideas and feedback. This community is monitored by Extreme
Networks employees, but is not intended to replace specific guidance from GTAC.
Call GTAC

4 Switch Engine™ Command Reference Guide for version 32.7.1

Introduction to the Switch Engine™ Command
Reference Subscribe to Product Announcements

For immediate support: (800) 998 2408 (toll-free in U.S. and Canada) or
1 (408) 579 2800. For the support phone number in your country, visit
www.extremenetworks.com/support/contact.

Before contacting Extreme Networks for technical support, have the following
information ready:
• Your Extreme Networks service contract number, or serial numbers for all involved
Extreme Networks products
• A description of the failure
• A description of any actions already taken to resolve the problem
• A description of your network environment (such as layout, cable type, other
relevant environmental information)
• Network load at the time of trouble (if known)
• The device history (for example, if you have returned the device before, or if this is a
recurring problem)
• Any related RMA (Return Material Authorization) numbers

Subscribe to Product Announcements

You can subscribe to email notifications for product and software release
announcements, Field Notices, and Vulnerability Notices.

1. Go to The Hub.
2. In the list of categories, expand the Product Announcements list.
3. Select a product for which you would like to receive notifications.
4. Select Subscribe.
5. To select additional products, return to the Product Announcements list and repeat
steps 3 and 4.

You can modify your product selections or unsubscribe at any time.

Switch Engine™ Command Reference Guide for version 32.7.1 5

Command Reference Overview
Audience on page 6
Structure of this Guide on page 7
Product Overview on page 8
Software Required on page 9
Understanding the Command Syntax on page 9
Port Numbering on page 13
Line-Editing Keys on page 15
Command History on page 15
Extreme Networks PoE Devices on page 15

This guide provides details of the command syntax for all Switch Engine commands in
this Switch Engine version.

The guide does not provide feature descriptions, explanations of the technologies, or
configuration examples. For information about the various features and technologies
supported by Extreme Networks switches, see Switch Engine 32.7.1 User Guide.

This chapter includes the following sections:

• Audience
• Structure of this Guide
• Understanding the Command Syntax
• Port Numbering
• Line-Editing Keys
• Command History

Audience
This guide is intended for use by network administrators who are responsible for
installing and setting up network equipment.

It assumes a basic working knowledge of the following:

• Local area networks (LANs).
• Ethernet concepts.
• Ethernet switching and bridging concepts.
• Routing concepts.
• Internet Protocol (IP) concepts.

6 Switch Engine™ Command Reference Guide for version 32.7.1

Command Reference Overview Structure of this Guide

• Routing Information Protocol (RIP), Open Shortest Path First (OSPF), and
Intermediate System-Intermediate System (IS-IS) concepts.
• Border Gateway Protocol (BGP-4) concepts.
• IP Multicast concepts.
• Protocol Independent Multicast (PIM) concepts.
• Simple Network Management Protocol (SNMP).

Structure of this Guide

This guide documents each Switch Engine command.

Related commands are grouped together and organized into chapters based on their
most common usage. The chapters reflect the organization of Switch Engine 32.7.1 User
Guide. If a specific command is relevant to a wide variety of functions and could be
included in a number of different chapters, we have attempted to place the command
in the most logical chapter. Within each chapter, commands appear in alphabetical
order.

For each command, the following information is provided:

• Command Syntax—The actual syntax of the command. The syntax conventions (the
use of braces, for example) are defined in the section Understanding the Command
Syntax on page 9.
• Description—A brief (one sentence) summary of what the command does.
• Syntax Description—The definition of any keywords and options used in the
command.
• Default—The defaults, if any, for this command. The default can be the default action
of the command if optional arguments are not provided, or it can be the default
state of the switch (such as for an enable/disable command).
• Usage Guidelines—Information to help you use the command. This may include
prerequisites, prohibitions, and related commands, as well as other information.
• Example—Examples of the command usage, including output, if relevant.
• History—The version of Switch Engine in which the command was introduced, and
version(s) where it was modified, if appropriate.
• Platform Availability—Platforms on which the command is available.

Switch Engine™ Command Reference Guide for version 32.7.1 7

Product Overview Command Reference Overview

Product Overview
This table lists the Extreme Networks products that run the Switch Engine software.

Table 1: Switch Engine Switches

Switch Series Switch Models
4120* 4120-24MW-4Y
4120-48MW-4Y
4220* 4220-8X
4220-12P-4X
4220-12T-4X
4220-24P-4X
4220-24T-4X
4220-48P-4X
4220-48T-4X
4220-4MW-8P-4X
4220-4MW-20P-4X
4220-8MW-40P-4X
ExtremeSwitching 5320 5320-48T-8XE
5320-48P-8XE
5320-24T-8XE
5320-24P-8XE
5320-16P-4XE
5320-16P-4XE-DC
5320-24T-4X-XT
5320-24T-24S-4XE-XT
ExtremeSwitching 5420 5420F-8W-16P-4XE
5420F-24P-4XE
5420F-24S-4XE
5420F-24T-4XE
5420F-16MW-32P-4XE
5420F-16W-32P-4XE
5420F-48P-4XE
5420F-48P-4XL
5420F-48T-4XE
5420M-24T-4YE
5420M-24W-4YE
5420M-16MW-32P-4YE
5420M-48T-4YE
5420M-48W-4YE

8 Switch Engine™ Command Reference Guide for version 32.7.1

Command Reference Overview Software Required

Table 1: Switch Engine Switches (continued)

Switch Series Switch Models
ExtremeSwitching 5520 5520-24T
5520-24W
5520-48T
5520-48W
5520-12MW-36W
5520-24X
5520-48SE
5520-24T-ACDC-BASE
5520-48T-ACDC-BASE
5520-24X-ACDC-BASE
5520-48SE-ACDC-BASE
ExtremeSwitching 5720 5720-24MW
5720-24MXW
5720-48MW
5720-48MXW
Extreme 7520 7520-48Y-8C
7520-48XT-6C
7520-48YE-8CE
Extreme 7720 7720-32C

* - See 4000 Series User Guide for this version of Switch Engine for detailed information
on these Cloud-managed devices.

Software Required
ExtremeXOS and Switch Engine Software Support lists the minimum Switch Engine
software version required to support each ExtremeSwitching switch model.

Note
The features available on each switch are determined by the installed feature
license and optional feature packs. For more information, see the Feature
License Requirements document.

A SummitStack is a combination of up to eight Summit family switches that are

connected together.

Understanding the Command Syntax

This section covers the following topics:
• Access Levels
• Syntax Symbols
• Syntax Helper on page 11

Switch Engine™ Command Reference Guide for version 32.7.1 9

Access Levels Command Reference Overview

• Object Names
• Command Shortcuts

Access Levels
When entering a command at the prompt, ensure that you have the appropriate
privilege level.

Most configuration commands require you to have the administrator privilege level.

Syntax Symbols
You may see a variety of symbols shown as part of the command syntax.

These symbols explain how to enter the command, and you do not type them as part of
the command itself. The following table summarizes command syntax symbols.

Note
Switch Engine software does not support the ampersand (&), left angle bracket
(<), or right angle bracket (>) because they are reserved characters with special
meaning in XML.

Table 2: Command Syntax Symbols

Symbol Description
square Enclose a required value or list of required arguments. One or more
brackets [ ] values or arguments can be specified. For example, in the syntax
use image [primary | secondary]
you must specify either the primary or secondary image when
entering the command. Do not type the square brackets.
braces { } Enclose an optional value or a list of optional arguments. One or more
values or arguments can be specified. For example, in the syntax
reboot {time month day year hour min sec} {cancel}
{msmslot_id} {slotslot-number | node-addressnode-address |
stack-topology {as-standby}}
you can specify either a particular date and time combination, or
the keyword cancel to cancel a previously scheduled reboot. In this
command, if you do not specify an argument, the command will
prompt asking if you want to reboot the switch now. Do not type the
braces.
vertical bar | Separates mutually exclusive items in a list, one of which must be
entered. For example, in the syntax
configure snmp community [readonly | readwrite]
alphanumeric_string
you must specify either the read or write community string in the
command. Do not type the vertical bar.

10 Switch Engine™ Command Reference Guide for version 32.7.1

Command Reference Overview Syntax Helper

Syntax Helper
The CLI has a built-in syntax helper. If you are unsure of the complete syntax for a
particular command, enter as much of the command as possible and press [Tab]. The
syntax helper provides a list of options for the remainder of the command, and places
the cursor at the end of the command you have entered so far, ready for the next
option.

If the command is one where the next option is a named component, such as a VLAN,
access profile, or route map, the syntax helper also lists any currently configured names
that might be used as the next option. In situations where this list might be very long,
the syntax helper lists only one line of names, followed by an ellipses (...) to indicate that
there are more names than can be displayed.

Some values (such as the node-address used in Summit stack) are lengthy, but
limited in number. Switch Engine places these values into a "namespace." This allows
command completion on these values.

The syntax helper also provides assistance if you have entered an incorrect command.

Abbreviated Syntax
Abbreviated syntax is the shortest unambiguous allowable abbreviation of a command
or parameter.

Typically, this is the first three letters of the command. If you do not enter enough
letters to allow the switch to determine which command you mean, the syntax helper
provides a list of the options based on the portion of the command you have entered.

Note
When using abbreviated syntax, you must enter enough characters to make
the command unambiguous and distinguishable to the switch.

CLI File Name Completion

When entering a command, at the point where a file name could be entered, press
[Tab] or ? to display an alphabetically sorted list of possible file names. You can also
type part of the file name to display a filtered list of file names matching what you have
typed so far.

The following commands support this behavior:

• cd directory_name
• configure access-list aclname [any | ports port_list | vlan vlan_name]
{ingress}
• configure ip-security dhcp-bindings storage filename name
• configure snmp access-profile [ access_profile {readonly | readwrite}
| [[add rule ] [first | [[before | after] previous_rule]]] | delete
rule | none ]
• configure ssh2 access-profile [ access_profile | [[add rule] [first |
[[before | after] previous_rule]]] | delete rule | none]

Switch Engine™ Command Reference Guide for version 32.7.1 11

Object Names Command Reference Overview

• configure telnet access-profile [ access_profile | [[add rule ] [first

| [[before | after] previous_rule]]] | delete rule | none ]
• configure vlan vlan_name udp-profile [profilename | none]
• cp old_name new_name
• create process name executable exe {start [auto | on-demand]} {node
node} {vr vr-name} {description description} {arg1 {arg2 { arg3 { arg4
{ arg5 { arg6 { arg7 { arg8 { arg9 }}}}}}}}}
• create process name python-module python-module {start [auto | on-
demand]} {node node} {vr vr-name} {description description} {arg1
{arg2 {arg3 {arg4 {arg5 {arg6 {arg7 {arg8 {arg9}}}}}}}}}
• edit policy filename
• enable license file filename
• enable ssh2 {access-profile [access_profile | none]} {port
tcp_port_number} {vr [vr_name | all | default]}
• load script filename {arg1} {arg2} ... {arg9}
• ls file_name
• mkdir directory_name
• mv old_name new_name
• scp2 {cipher cipher} {mac mac} {compression [on | off]} {port portnum}
{vr vr_name} user [hostname | ipaddress]:remote_file local_file
• show ssl {[trusted-ca | ocsp-signature-ca] [file_name | all]}
{manufacturing}{certificate | detail}
• tftp [ ip-address | host-name ] { -v vr_name } { -b block_size } [ -g
| -p ] [ -l local-file { -r remote-file } | -r remote-file { -l local-
file } ]
• tftp get [ ip-address | host-name] { vr vr_name } { block-size
block_size } remote-file local-file} {force-overwrite}
• tftp put [ ip-address | host-name] {vr vr_name} {block-size
block_size}local-file { remote-file}
• rm file_name
• rmdir directory_name
• run script filename {arg1} {arg2} ... {arg9}
• unconfigure ssl certificate [trusted-ca | ocsp-signature-ca]
[file_name | all ]

Object Names
All named components within a category of the switch configuration, such as VLAN
(Virtual LAN), must be given a unique object name.

12 Switch Engine™ Command Reference Guide for version 32.7.1

Command Reference Overview Command Shortcuts

Object names must begin with an alphabetical character and may contain
alphanumeric characters and underscores ( _ ), but they cannot contain spaces. The
maximum allowed length for a name is 32 characters.

Object names can be reused across categories (for example, STPD (Spanning
Tree Domain) and VLAN names). If the software encounters any ambiguity in the
components within your command, it generates a message requesting that you clarify
the object you specified.

Note
If you use the same name across categories, Extreme Networks recommends
that you specify the identifying keyword as well as the actual name. If you do
not use the keyword, the system may return an error message.

Reserved Keywords
Keywords such as vlan, STP (Spanning Tree Protocol), and other 2nd level keywords,
are determined to be reserved keywords and cannot be used as object names. This
restriction applies to the specific word (vlan) only, while expanded versions (vlan2) can
be used.

A complete list of the reserved keywords for Switch Engine is found in the “Reserved
Keywords” section of the Switch Engine 32.7.1 User Guide. Any keyword that is not on
this list can be used as an object name.

Command Shortcuts
Components are typically named using the create command.

When you enter a command to configure a named component, you do not need
to use the keyword of the component. For example, to create a VLAN, enter a VLAN
name:
create vlan engineering

Once you have created the VLAN with a unique name, you can then eliminate
the keyword vlan from all other commands that require the name to be entered
(unless you used the same name for another category such as STPD or EAPS
(Extreme Automatic Protection Switching)).

For example, instead of entering the command:

configure vlan engineering delete port 1:3,4:6

you could enter the following shortcut:

configure engineering delete port 1:3,4:6

Port Numbering
Commands that require you to enter one or more port numbers use the parameter
port_list in the syntax.

Switch Engine™ Command Reference Guide for version 32.7.1 13

Stand-alone Switch Numerical Ranges Command Reference Overview

The available variables differ on a stand-alone switch and SummitStack.

Note
The keyword all acts on all possible ports; it continues on all ports even if one
port in the sequence fails.

Stand-alone Switch Numerical Ranges

On ExtremeSwitching switches, the port number is simply noted by the physical port
number.

Separate the port numbers by a dash to enter a range of contiguous numbers, and
separate the numbers by a comma to enter a range of non-contiguous numbers:
• x-y—Specifies a contiguous series of ports on a stand-alone switch.
• x,y—Specifies a non-contiguous series of ports on a stand-alone switch.
• x-y,a,d—Specifies a contiguous series of ports and a non-contiguous series of ports
on a stand-alone switch.
• Port:Channel—For 4120, ExtremeSwitching 5720, 7520, and 7720 channelized ports.
For example, 49:4 maps to Port 49, Channel 4.

SummitStack Numerical Ranges

On SummitStack switches, the port number is a combination of the slot number and
the port number.

The nomenclature for the port number is as follows: slot:port

For example, if there is a switch in slot 2 of the stack with a total of four ports, the
following ports are valid:
• 2:1
• 2:2
• 2:3
• 2:4

You can also use wildcard combinations (*) to specify port combinations.

The following wildcard combinations are allowed:

• slot:*—Specifies all ports on a particular switch in the stack.
• slot:x-slot:y—Specifies a contiguous series of ports on a range of switches in the
stack.
• slot:x-y—Specifies a contiguous series of ports on a particular switch in the stack.
• slota:x-slotb:y—Specifies a contiguous series of ports on a SummitStack node and
end on another node.
• Slot:Port:Channel—For 4120, ExtremeSwitching 5720, 7520, and 7720 channelized
ports. For example, 2:49:4 maps to Slot 2, Port 49, Channel 4.

14 Switch Engine™ Command Reference Guide for version 32.7.1

Command Reference Overview Line-Editing Keys

Line-Editing Keys
Table 3 describes the line-editing keys available using the CLI.

Table 3: Line-Editing Keys

Key(s) Description
Left arrow or [Ctrl] + B Moves the cursor one character to the left.
Right arrow or [Ctrl] + Moves the cursor one character to the right.
F
[Ctrl] + H or Deletes character to left of cursor and shifts remainder of line
Backspace to left.
Delete or [Ctrl] + D Deletes character under cursor and shifts remainder of line to
left.
[Ctrl] + K Deletes characters from under cursor to end of line.
Insert Toggles on and off. When toggled on, inserts text and shifts
previous text to right.
[Ctrl] + A Moves cursor to first character in line.
[Ctrl] + E Moves cursor to last character in line.
[Ctrl] + L Clears screen and movers cursor to beginning of line.
[Ctrl] + P or Up Arrow Displays previous command in command history buffer and
places cursor at end of command.
[Ctrl] + N or Down Displays next command in command history buffer and
Arrow places cursor at end of command.
[Ctrl] + U Clears all characters typed from cursor to beginning of line.
[Ctrl] + W Deletes previous word.
[Ctrl] + C Interrupts the current CLI command execution.

Command History
The operating system "remembers" all the commands you enter.

You can display a list of these commands by using the following command:
history

If you use a command more than once, consecutively, the history will list only the first
instance.

Extreme Networks PoE Devices

Following is a list of the Extreme Networks devices that support PoE+ and PoE++ and
the minimum required software:

Switch Engine™ Command Reference Guide for version 32.7.1 15

PoE+ Command Reference Overview

PoE+
• ExtremeSwitching 5420F-8W-16P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-24P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16MW-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16W-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-48P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-48P-4XL—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-16MW-32P-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5320-48P-8XE—Switch Engine 31.6 and later.
• ExtremeSwitching 5320-24P-8XE—Switch Engine 31.6 and later.
• ExtremeSwitching 5320-16P-4XE—Switch Engine 31.7 and later.
• ExtremeSwitching 5320-16P-4XE-DC—Switch Engine 31.7 and later.
• 4220-12P-4X—Switch Engine 32.7.1 and later.
• 4220-24P-4X—Switch Engine 32.7.1 and later.
• 4220-48P-4X—Switch Engine 32.7.1 and later.
• 4220-4MW-8P-4X—Switch Engine 32.7.1 and later.
• 4220-4MW-20P-4X—Switch Engine 32.7.1 and later.
• 4220-8MW-40P-4X—Switch Engine 32.7.1 and later.

PoE++
• ExtremeSwitching 5520-24W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5520-48W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5520-12MW-36W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5420F-8W-16P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16MW-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16W-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-24W-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-16MW-32P-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-48W-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5720-24MW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-24MXW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-48MW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-48MXW—Switch Engine 32.1 and later.
• 4120-24MW-4Y—Switch Engine 32.7 1 and later.
• 4120-48MW-4Y—Switch Engine 32.7 1 and later.
• 4220-4MW-8P-4X—Switch Engine 32.7 1 and later.
• 4220-4MW-20P-4X—Switch Engine 32.7 1 and later.
• 4220-8MW-40P-4X—Switch Engine 32.7 1 and later.

16 Switch Engine™ Command Reference Guide for version 32.7.1

Commands
alias on page 89
cat on page 91
cd on page 93
check policy attribute on page 93
check policy on page 95
clear access-list counter on page 96
clear access-list meter on page 97
clear account lockout on page 98
clear bgp flap-statistics on page 99
clear bgp neighbor counters on page 101
clear bootprelay ipv6 prefix-delegation snooping on page 102
clear cdp counters on page 103
clear cdp neighbor on page 104
clear counters on page 104
clear counters bfd on page 106
clear counters bfd missed-hellos on page 106
clear counters cfm segment all on page 107
clear counters cfm segment all frame-delay on page 110
clear counters cfm segment all frame-loss on page 113
clear counters cfm segment frame-delay on page 115
clear counters cfm segment frame-loss mep on page 117
clear counters cfm segment frame-loss on page 118
clear counters cfm segment on page 120
clear counters cfm session missed-hellos on page 121
clear counters edp on page 122
clear counters erps on page 123
clear counters mpls on page 124
clear counters fdb mac-tracking on page 125
clear counters flowmon on page 126
clear counters identity-management on page 126
clear counters iparp on page 127
clear counters l2vpn on page 128
clear counters mpls ldp on page 129
clear counters mpls rsvp-te on page 130

Switch Engine™ Command Reference Guide for version 32.7.1 17

 Commands

clear counters mpls static lsp on page 131

clear counters policy on page 132
clear counters ports on page 132
clear counters ports protocol filter on page 134
clear counters stp on page 134
clear counters virtual-network on page 135
clear counters virtual-network remote-endpoint on page 136
clear counters vpls on page 137
clear counters vr on page 138
clear counters vrrp on page 139
clear counters wred ecn on page 140
clear counters xml-notification on page 141
clear cpu-monitoring on page 141
clear dns cache on page 142
clear dns cache analytics entries on page 143
clear eaps counters on page 144
clear elrp counters on page 145
clear elsm ports auto-restart on page 146
clear elsm ports counters on page 147
clear esrp counters on page 148
clear esrp neighbor on page 149
clear esrp sticky on page 150
clear ethernet oam counters on page 151
clear fdb on page 152
clear fdb vpls on page 153
clear igmp counters on page 154
clear igmp group on page 155
clear igmp snooping on page 156
clear inline-power stats ports on page 157
clear ip nat counters vlan on page 158
clear iparp on page 159
clear ip-security anomaly-protection notify cache on page 160
clear ip-security arp validation violations on page 161
clear ip-security dhcp-snooping entries on page 161
clear ip-security source-ip-lockdown entries ports on page 162
clear ipv6 dad on page 163
clear isis counters on page 164
clear isis counters area on page 165
clear isis counters vlan on page 166
clear l2pt counters rtep on page 167
clear l2pt counters vlan on page 167
clear l2pt counters vman on page 168

18 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

clear l2pt counters vpls on page 169

clear lacp counters on page 170
clear lldp neighbors on page 171
clear log on page 172
clear log counters on page 173
clear mac-locking station on page 174
clear macsec counters on page 175
clear meter out-of-profile on page 176
clear mld counters on page 178
clear mld group on page 178
clear mld snooping on page 179
clear msdp counters on page 180
clear msdp sa-cache on page 182
clear neighbor-discovery cache on page 183
clear netlogin state on page 184
clear netlogin state agent on page 185
clear netlogin state mac-address on page 186
clear network-clock gptp counters on page 187
clear nodealias on page 187
clear ospf counters on page 189
clear ospfv3 counters on page 190
clear pim cache on page 191
clear pim snooping on page 192
clear port rate-limit flood on page 193
clear ports link-flap-detection counters on page 194
clear ports link-flap-detection status on page 194
clear port rate-limit flood on page 195
clear process group statistics on page 196
clear rip counters on page 197
clear ripng counters on page 198
clear screen on page 199
clear session on page 199
clear slot on page 201
clear stpd ports on page 202
clear switch bluetooth on page 203
clear vm storage on page 204
clear vlan dhcp-address-allocation on page 205
configure access-list on page 206
configure access-list action-resolution highest-priority on page 207
configure access-list action-resolution multiple on page 208
configure access-list add on page 209
configure access-list delete on page 210

Switch Engine™ Command Reference Guide for version 32.7.1 19

 Commands

configure access-list network-zone on page 211

configure access-list rule-compression port-counters on page 213
configure access-list vlan-acl-precedence on page 214
configure access-list width on page 215
configure access-list zone on page 216
configure account on page 217
configure account encrypted on page 219
configure account password-policy char-validation on page 220
configure account password-policy history on page 221
configure account password-policy lockout-on-login-failures on page 223
configure account password-policy lockout-time-period on page 224
configure account password-policy max-age on page 225
configure account password-policy min-age on page 226
configure account password-policy min-different-characters on page 227
configure account password-policy min-length on page 229
configure account privilege on page 230
configure auto-peering oneconfig bootprelay on page 231
configure auto-peering oneconfig id on page 232
configure auto-peering one-config iproute on page 233
configure auto-peering one-config nsi-id on page 234
configure auto-peering oneconfig overlay on page 235
configure auto-peering one-config password on page 237
configure auto-peering one-config remote id on page 238
configure auto-provision cloud-connector server on page 239
configure automation edge connect/disconnect on page 240
configure banner on page 241
configure bfd vlan on page 242
configure bfd vlan authentication on page 244
configure bgp add aggregate-address on page 245
configure bgp add confederation-peer sub-AS-number on page 246
configure bgp add network on page 248
configure bgp as-display-format on page 249
configure bgp as-number on page 250
configure bgp cluster-id on page 251
configure bgp confederation-id on page 252
configure bgp delete aggregate-address on page 254
configure bgp delete confederation-peer sub-AS-number on page 255
configure bgp delete network on page 256
configure bgp evpn ignore-as on page 257
configure bgp evpn instance rd on page 258
configure bgp evpn instance route-target on page 259
configure bgp evpn instance vxlan on page 260

20 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

configure bgp evpn l3vni on page 261

configure bgp export shutdown-priority on page 262
configure bgp import-policy on page 264
configure bgp local-preference on page 265
configure bgp maximum-as-path-length on page 266
configure bgp maximum-paths on page 267
configure bgp med on page 268
configure bgp neighbor allowas-in on page 269
configure bgp neighbor alternate-local-as on page 271
configure bgp neighbor bfd on page 272
configure bgp neighbor connect-retry on page 273
configure bgp neighbor dampening on page 274
configure bgp neighbor description on page 276
configure bgp neighbor dont-allowas-in on page 278
configure bgp neighbor maximum-prefix on page 279
configure bgp neighbor next-hop-self on page 282
configure bgp neighbor no-dampening on page 283
configure bgp neighbor password on page 285
configure bgp neighbor peer-group on page 287
configure bgp neighbor route-policy on page 288
configure bgp neighbor route-reflector-client on page 290
configure bgp neighbor send-community on page 292
configure bgp neighbor shutdown-priority on page 294
configure bgp neighbor soft-reset on page 295
configure bgp neighbor source-interface on page 297
configure bgp neighbor timer on page 298
configure bgp neighbor weight on page 299
configure bgp peer-group allowas-in on page 300
configure bgp peer-group connect-retry on page 302
configure bgp peer-group dampening on page 303
configure bgp peer-group dont-allowas-in on page 305
configure bgp peer-group maximum-prefix on page 306
configure bgp peer-group next-hop-self on page 309
configure bgp peer-group no-dampening on page 310
configure bgp peer-group password on page 312
configure bgp peer-group remote-AS-number on page 313
configure bgp peer-group route-policy on page 314
configure bgp peer-group route-reflector-client on page 315
configure bgp peer-group send-community on page 316
configure bgp peer-group soft-reset on page 318
configure bgp peer-group source-interface on page 320
configure bgp peer-group timer on page 321

Switch Engine™ Command Reference Guide for version 32.7.1 21

 Commands

configure bgp peer-group weight on page 322

configure bgp restart address-family on page 323
configure bgp restart restart-time on page 324
configure bgp restart stale-route-time on page 325
configure bgp restart update-delay on page 326
configure bgp restart on page 327
configure bgp routerid on page 329
configure bgp soft-reconfiguration on page 330
configure bootprelay on page 331
configure bootprelay add on page 332
configure bootprelay delete on page 333
configure bootprelay dhcp-agent information check on page 334
configure bootprelay dhcp-agent information circuit-id port-
information on page 335
configure bootprelay dhcp-agent information circuit-id vlan-
information on page 336
configure bootprelay dhcp-agent information option on page 337
configure bootprelay dhcp-agent information policy on page 338
configure bootprelay dhcp-agent information remote-id on page 339
configure bootprelay dhcp-agent source-vlan on page 340
configure bootprelay include-secondary on page 341
configure bootprelay ipv6 option interface-id on page 342
configure bootprelay ipv6 option remote-id on page 344
configure bootprelay ipv6 prefix-delegation snooping add on page 345
configure bootprelay ipv6 prefix-delegation snooping on page 346
configure bootprelay vlan include-secondary on page 347
configure cdp cos-extend ports on page 348
configure cdp device-id on page 349
configure cdp frequency on page 350
configure cdp hold-time on page 351
configure cdp management-address on page 351
configure cdp power-available ports on page 353
configure cdp trust-extend ports on page 354
configure cdp voip-vlan ports on page 355
configure cfm domain add association integer on page 356
configure cfm domain add association meg on page 357
configure cfm domain add association string on page 358
configure cfm domain add association vlan-id on page 359
configure cfm domain add association vpn-id oui index on page 360
configure cfm domain association add remote-mep on page 361
configure cfm domain association add on page 362
configure cfm domain association delete remote-mep on page 364

22 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

configure cfm domain association delete on page 365

configure cfm domain association destination-mac-type on page 366
configure cfm domain association end-point add group on page 366
configure cfm domain association end-point delete group on page 367
configure cfm domain association end-point transmit-interval on page 368
configure cfm domain association ports end-point ccm on page 370
configure cfm domain association ports end-point mepid on page 371
configure cfm domain association ports end-point sender-id-
ipaddress on page 372
configure cfm domain association ports end-point on page 373
configure cfm domain association remote-mep mac-address on page 374
configure cfm domain delete association on page 374
configure cfm domain md-level on page 375
configure cfm group add rmep on page 376
configure cfm group delete rmep on page 377
configure cfm segment add domain association on page 378
configure cfm segment delete domain association on page 378
configure cfm segment dot1p on page 379
configure cfm segment frame-delay dot1p on page 380
configure cfm segment frame-delay window on page 381
configure cfm segment frame-delay/frame-loss transmit interval on page 382
configure cfm segment frame-loss consecutive on page 383
configure cfm segment frame-loss dot1p on page 383
configure cfm segment frame-loss mep on page 384
configure cfm segment frame-loss ses-threshold on page 385
configure cfm segment frame-loss window on page 386
configure cfm segment threshold on page 387
configure cfm segment timeout on page 388
configure cfm segment transmit-interval on page 389
configure cfm segment window on page 390
configure cli on page 391
configure cli journal on page 392
configure cli max-failed-logins on page 393
configure cli max-sessions on page 394
configure cli mode on page 394
configure cli mode scripting on page 396
configure cli moved-keywords on page 396
configure cli password prompting-only on page 397
configure cli script path on page 398
configure cli script timeout on page 399
configure cos-index on page 400
configure database add server on page 402

Switch Engine™ Command Reference Guide for version 32.7.1 23

 Commands

configure database delete server on page 403

configure database max-retry-interval on page 404
configure database server password on page 405
configure debug core-dumps on page 406
configure dhcp ipv6 client identifier-type on page 407
configure diagnostics privilege on page 408
configure diffserv examination code-point qosprofile on page 409
configure diffserv replacement code-point on page 410
configure dns cache analytics [add | delete] protected-client on page 411
configure dns cache add | delete name-server on page 413
configure dns cache analytics on page 414
configure dns-client add on page 415
configure dns-client default-domain on page 416
configure dns-client delete on page 417
configure dos-protect acl-expire on page 418
configure dos-protect interval on page 419
configure dos-protect trusted ports on page 420
configure dos-protect type l3-protect alert-threshold on page 421
configure dos-protect type l3-protect notify-threshold on page 422
configure dot1p type on page 422
configure eaps add control vlan on page 424
configure eaps add protected vlan on page 425
configure eaps cfm on page 426
configure eaps config-warnings off on page 427
configure eaps config-warnings on on page 428
configure eaps delete control vlan on page 429
configure eaps delete protected vlan on page 430
configure eaps failtime expiry-action on page 432
configure eaps failtime on page 433
configure eaps fast-convergence on page 434
configure eaps hello-pdu-egress on page 435
configure eaps hellotime on page 436
configure eaps mode on page 437
configure eaps multicast add-ring-ports on page 439
configure eaps multicast send-igmp-query on page 440
configure eaps multicast temporary-flooding duration on page 441
configure eaps multicast temporary-flooding on page 442
configure eaps name on page 443
configure eaps port on page 444
configure eaps priority on page 446
configure eaps shared-port common-path-timers on page 447
configure eaps shared-port link-id on page 448

24 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

configure eaps shared-port mode on page 449

configure eaps shared-port segment-timers expiry-action on page 450
configure eaps shared-port segment-timers health-interval on page 451
configure eaps shared-port segment-timers timeout on page 452
configure edp advertisement-interval on page 453
configure elrp-client dynamic-vlans on page 454
configure elrp-client dynamic-vlans action on page 455
configure elrp-client dynamic-vlans client/uplink ports/remote-endpoints
vxlan on page 457
configure elrp-client disable ports on page 458
configure elrp-client hardware-assist on page 460
configure elrp-client inter-vlan-loop-detection on page 461
configure elrp-client one-shot on page 462
configure elrp-client periodic on page 464
configure elsm ports hellotime on page 466
configure elsm ports hold-threshold on page 467
configure elsm ports uptimer-threshold on page 469
configure erps add control vlan on page 469
configure erps add protected vlan on page 470
configure erps control-mac on page 471
configure erps cfm port group on page 473
configure erps cfm protection group on page 473
configure erps delete control vlan on page 474
configure erps delete protected vlan on page 475
configure erps dynamic-state on page 476
configure erps name on page 477
configure erps neighbor port on page 478
configure erps notify-topology-change on page 479
configure erps protection-port on page 480
configure erps revert on page 481
configure erps ring-ports east | west on page 481
configure erps subring-mode on page 482
configure erps sub-ring on page 483
configure erps timer guard on page 484
configure erps timer hold-off on page 485
configure erps timer periodic on page 486
configure erps timer wait-to-block on page 487
configure erps timer wait-to-restore on page 487
configure erps topology-change on page 488
configure esrp add elrp-poll ports on page 489
configure esrp add master on page 490
configure esrp add member on page 491

Switch Engine™ Command Reference Guide for version 32.7.1 25

 Commands

configure esrp add track-environment on page 492

configure esrp add track-iproute on page 493
configure esrp add track-ping on page 494
configure esrp add track-vlan on page 495
configure esrp aware add selective-forward-ports on page 496
configure esrp aware delete selective-forward-ports on page 498
configure esrp delete elrp-poll ports on page 499
configure esrp delete master on page 499
configure esrp delete member on page 500
configure esrp delete track-environment on page 501
configure esrp delete track-iproute on page 502
configure esrp delete track-ping on page 503
configure esrp delete track-vlan on page 504
configure esrp domain-id on page 504
configure esrp election-policy on page 505
configure esrp elrp-master-poll disable on page 509
configure esrp elrp-master-poll enable on page 510
configure esrp elrp-premaster-poll disable on page 512
configure esrp elrp-premaster-poll enable on page 512
configure esrp group on page 514
configure esrp mode on page 515
configure esrp name on page 516
configure esrp ports mode on page 516
configure esrp ports no-restart on page 517
configure esrp ports restart on page 518
configure esrp ports weight on page 519
configure esrp priority on page 520
configure esrp timer hello on page 521
configure esrp timer neighbor on page 522
configure esrp timer neutral on page 524
configure esrp timer premaster on page 525
configure esrp timer restart on page 526
configure failsafe-account on page 527
configure fabric attach management-vlan on page 528
configure fabric attach management-vlan ports on page 529
configure fabric attach ports on page 531
configure fabric attach port authentication on page 531
configure fabric attach uplink on page 533
configure fabric attach zero-touch-client on page 534
configure fdb agingtime on page 535
configure fdb mac-tracking ports on page 536
configure fdb static-mac-move packets on page 537

26 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

configure fdb vlan vxlan on page 538

configure flow-redirect add nexthop on page 539
configure flow-redirect delete nexthop on page 540
configure flow-redirect health-check on page 541
configure flow-redirect nexthop on page 542
configure flow-redirect no-active on page 543
configure flow-redirect vr on page 544
configure flowmon collector on page 545
configure flowmon group on page 546
configure flowmon group collector on page 548
configure flowmon group key on page 549
configure flowmon key ipv4 on page 550
configure flowmon key ipv6 on page 551
configure forwarding internal-tables on page 553
configure forwarding flow-control fabric on page 555
configure forwarding hash-algorithm on page 556
configure forwarding hash-recursion-level on page 558
configure forwarding ipmc all on page 559
configure forwarding ipmc compression on page 560
configure forwarding ipmc llmnr on page 561
configure forwarding ipmc local-network-range on page 561
configure forwarding ipmc lookup-key on page 562
configure forwarding ipmc mdns on page 564
configure forwarding ipmc upnp on page 565
configure forwarding L2-protocol blocking-type on page 565
configure forwarding L2-protocol fast-convergence on page 566
configure forwarding rate-limit overhead-bytes on page 567
configure forwarding sharing on page 568
configure forwarding suppression filters on page 570
configure forwarding vpex ipmc replication on page 571
configure forwarding vpex vlan-port-filter on page 572
configure identity-management role on page 573
configure identity-management role-based-vlan on page 574
configure identity-management access-list on page 575
configure identity-management blacklist on page 576
configure identity-management database memory-size on page 579
configure identity-management detection on page 580
configure identity-management greylist on page 582
configure identity-management kerberos snooping aging time on page 583
configure identity-management kerberos snooping force-aging
time on page 584
configure identity-management kerberos snooping forwarding on page 585

Switch Engine™ Command Reference Guide for version 32.7.1 27

 Commands

configure identity-management kerberos snooping server on page 586

configure identity-management list-precedence on page 587
configure identity-management ports on page 588
configure identity-management role add child-role on page 589
configure identity-management role add dynamic-rule on page 590
configure identity-management role add policy on page 591
configure identity-management role delete child-role on page 592
configure identity-management role delete dynamic-rule on page 593
configure identity-management role delete policy on page 594
configure identity-management role match-criteria inheritance on page 595
configure identity-management role priority on page 596
configure identity-management stale-entry aging-time on page 597
configure identity-management whitelist on page 600
configure cli idle-timeout on page 602
configure igmp on page 603
configure igmp router-alert receive-required on page 604
configure igmp router-alert transmit on page 605
configure igmp snooping filters on page 606
configure igmp snooping flood-list on page 608
configure igmp snooping leave-timeout on page 609
configure igmp snooping timer on page 610
configure igmp snooping vlan ports add dynamic group on page 612
configure igmp snooping vlan ports add static group on page 613
configure igmp snooping vlan ports add static router on page 615
configure igmp snooping vlan ports delete static group on page 616
configure igmp snooping vlan ports delete static router on page 617
configure igmp snooping vlan ports filter on page 618
configure igmp snooping vlan ports set join-limit on page 619
configure igmp ssm-map add on page 620
configure igmp ssm-map delete on page 621
configure inline-power classification on page 622
configure inline-power detection ports on page 624
configure inline-power disconnect-precedence on page 626
configure inline-power label ports on page 628
configure inline-power operator-limit ports on page 631
configure inline-power priority ports on page 633
configure inline-power usage-threshold on page 635
configure instant-port profile on page 637
configure ip anycast mac on page 638
configure ip nat add vlan on page 639
configure ip nat aging-time on page 640
configure ip nat delete vlan on page 641

28 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

configure ip nat rule destination on page 642

configure ip nat rule destination protocol on page 643
configure ip nat rule egress on page 644
configure ip nat rule monitor on page 645
configure ip nat rule name on page 646
configure ip nat rule source on page 647
configure iparp add proxy on page 648
configure iparp add on page 650
configure iparp delete proxy on page 651
configure iparp delete on page 652
configure ip-arp fast-convergence on page 652
configure iparp locktime on page 654
configure iparp max_entries on page 655
configure iparp max_pending_entries on page 656
configure iparp max_proxy_entries on page 656
configure iparp proxy reachable | entry-required on page 657
configure iparp reachable-time on page 659
configure iparp retransmit-time on page 660
configure iparp timeout on page 660
configure ipforwarding originated-packets on page 661
configure ipmcforwarding on page 662
configure ipmroute add on page 663
configure ipmroute delete on page 665
configure ip-mtu vlan on page 666
configure iproute add (IPv4) on page 667
configure iproute add (IPV6) on page 669
configure iproute add (Multicast) on page 670
configure iproute add blackhole ipv4 default on page 672
configure iproute add blackhole ipv6 default on page 673
configure iproute add blackhole on page 674
configure iproute add default on page 675
configure iproute add direct-inter-vr on page 676
configure iproute add lsp on page 677
configure iproute add protection on page 679
configure iproute delete on page 680
configure iproute delete blackhole on page 681
configure iproute delete blackhole ipv4 default on page 682
configure iproute delete blackhole ipv6 default on page 683
configure iproute delete default on page 684
configure iproute delete direct-inter-vr on page 685
configure iproute ipv6 priority on page 686
configure iproute priority on page 688

Switch Engine™ Command Reference Guide for version 32.7.1 29

 Commands

configure iproute reserved-entries on page 691

configure iproute protection ping interval on page 693
configure iproute sharing hash-algorithm crc on page 694
configure iproute sharing max-gateways on page 696
configure ip-security anomaly-protection icmp ipv4-max-size on page 698
configure ip-security anomaly-protection icmp ipv6-max-size on page 698
configure ip-security anomaly-protection notify cache on page 699
configure ip-security anomaly-protection notify rate limit on page 700
configure ip-security anomaly-protection notify rate window on page 701
configure ip-security anomaly-protection notify trigger off on page 702
configure ip-security anomaly-protection notify trigger on on page 702
configure ip-security anomaly-protection tcp on page 703
configure ip-security dhcp-bindings add on page 704
configure ip-security dhcp-bindings delete on page 705
configure ip-security dhcp-bindings storage filename on page 706
configure ip-security dhcp-bindings storage location on page 707
configure ip-security dhcp-bindings storage on page 708
configure ip-security dhcp-snooping information check on page 709
configure ip-security dhcp-snooping information circuit-id port-information
port on page 710
configure ip-security dhcp-snooping information circuit-id vlan-
information on page 711
configure ip-security dhcp-snooping information option on page 712
configure ip-security dhcp-snooping information policy on page 713
configure ip-security dhcp-snooping information remote-id on page 713
configure ipv6 dad on page 714
configure ipv6 hop-limit on page 716
configure iqagent http-proxy on page 717
configure iqagent server on page 718
configure irdp on page 719
configure isis add vlan on page 720
configure isis area add area-address on page 721
configure isis area add summary-address on page 722
configure isis area area-password on page 724
configure isis area delete area-address on page 725
configure isis area delete summary-address on page 726
configure isis area domain-password on page 727
configure isis area interlevel-filter level 1-to-2 on page 728
configure isis area interlevel-filter level 2-to-1 on page 729
configure isis area is-type level on page 730
configure isis area metric-style on page 731
configure isis area overload-bit on-startup on page 732

30 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

configure isis area system-id on page 733

configure isis area timer lsp-gen-interval on page 734
configure isis area timer lsp-refresh-interval on page 735
configure isis area timer max-lsp-lifetime on page 736
configure isis area timer restart on page 737
configure isis area timer spf-interval on page 738
configure isis area topology-mode on page 739
configure isis circuit-type on page 740
configure isis delete vlan on page 741
configure isis hello-multiplier on page 742
configure isis import-policy on page 743
configure isis link-type on page 744
configure isis mesh on page 745
configure isis metric on page 746
configure isis password vlan on page 747
configure isis priority on page 748
configure isis restart grace-period on page 749
configure isis restart on page 750
configure isis timer csnp-interval on page 751
configure isis timer hello-interval on page 752
configure isis timer lsp-interval on page 753
configure isis timer restart-hello-interval on page 754
configure isis timer retransmit-interval on page 755
configure isis wide-metric on page 756
configure jumbo-frame-size on page 757
configure keychain accept-tolerance on page 758
configure keychain add key on page 759
configure keychain delete key on page 760
configure keychain key active-lifetime on page 761
configure keychain key hash-altorithm on page 762
configure l2pt profile add profile on page 763
configure l2pt profile delete profile on page 765
configure l2vpn add peer on page 766
configure l2vpn add service on page 768
configure l2vpn delete peer on page 769
configure l2vpn delete service on page 771
configure l2vpn health-check vccv on page 772
configure l2vpn peer mpls lsp on page 773
configure l2vpn peer on page 774
configure l2vpn vpls add peer ipaddress on page 776
configure vpls add service on page 777
configure l2vpn vpls peer static-pw on page 779

Switch Engine™ Command Reference Guide for version 32.7.1 31

 Commands

configure l2vpn vpls redundancy on page 780

configure l2vpn vpws add peer ipaddress on page 781
configure l2vpn vpws peer static-pw on page 783
configure l2vpn on page 784
configure lacp member-port priority on page 786
configure ldap domain on page 787
configure ldap domain add server on page 788
configure ldap domain base-dn on page 790
configure ldap domain bind-user on page 791
configure ldap domain delete server on page 793
configure ldap domain netlogin on page 794
configure ldap hierarchical-search-oid on page 795
configure lldp management-address on page 796
configure lldp med fast-start repeat-count on page 797
configure lldp ports dcbx add application on page 799
configure lldp ports dcbx delete application on page 800
configure lldp ports management-address on page 801
configure lldp ports port-description on page 802
configure lldp ports system-capabilities on page 803
configure lldp ports system-description on page 804
configure lldp ports system-name on page 805
configure lldp ports vendor-specific avaya-extreme call-server on page 806
configure lldp ports vendor-specific avaya-extreme dot1q-framing on page 807
configure lldp ports vendor-specific avaya-extreme file-server on page 809
configure lldp ports vendor-specific avaya-extreme poe-conservation-
request on page 810
configure lldp ports vendor-specific dcbx on page 811
configure lldp ports vendor-specific dot1 port-protocol-vlan-ID on page 812
configure lldp ports vendor-specific dot1 port-vlan-ID on page 813
configure lldp ports vendor-specific dot1 vlan-name on page 814
configure lldp ports vendor-specific dot3 link-aggregation on page 815
configure lldp ports vendor-specific dot3 mac-phy on page 816
configure lldp ports vendor-specific dot3 max-frame-size on page 817
configure lldp ports vendor-specific dot3 power-via-mdi on page 818
configure lldp ports vendor-specific med capabilities on page 820
configure lldp ports vendor-specific med location-identification on page 821
configure lldp ports vendor-specific med policy application on page 823
configure lldp ports vendor-specific med power-via-mdi on page 825
configure lldp reinitialize-delay on page 827
configure lldp snmp-notification-interval on page 828
configure lldp transmit-delay on page 828
configure lldp transmit-hold on page 829

32 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

configure lldp transmit-interval on page 830

configure log display on page 831
configure log filter events on page 832
configure log filter events match on page 835
configure log messages privilege on page 839
configure log target filter on page 840
configure log target format on page 842
configure log target match on page 847
configure log target memory-buffer alert percent-full on page 849
configure log target severity on page 849
configure log target syslog on page 851
configure log target upm filter on page 853
configure log target upm match on page 854
configure log target xml-notification filter on page 855
configure mac-lockdown-timeout ports aging-time on page 856
configure mac-locking ports first-arrival aging on page 857
configure mac-locking ports first-arrival limit-learning on page 857
configure mac-locking ports first-arrival link-down-action on page 858
configure mac-locking ports first-arrival move-to-static on page 859
configure mac-locking ports learn-limit-action on page 860
configure mac-locking ports log on page 861
configure mac-locking ports static delete station on page 862
configure mac-locking ports static limit-learning on page 863
configure mac-locking ports static on page 864
configure mac-locking ports trap on page 865
configure macsec cipher-suite on page 866
configure macsec connectivity-association on page 867
configure macsec include-sci on page 869
configure macsec initialize ports on page 871
configure macsec mka actor-priority on page 872
configure macsec mka life-time on page 874
configure macsec replay-protect on page 875
configure mcast ipv4 cache timeout on page 877
configure mcast ipv6 cache timeout on page 878
configure meter on page 879
configure mirror add on page 881
configure mirror add ports anomaly on page 883
configure mirror control_index on page 884
configure mirror delete on page 885
configure mirror description on page 886
configure mirror name on page 886
configure mirror to on page 887

Switch Engine™ Command Reference Guide for version 32.7.1 33

 Commands

configure mirror to remote-ip delete on page 890

configure mirror to remote-ip protocol-type on page 891
configure mlag peer alternate ipaddress on page 892
configure mlag peer authentication on page 894
configure mlag peer interval on page 896
configure mlag peer ipaddress on page 897
configure mlag peer lacp-mac on page 898
configure mlag peer name on page 899
configure mlag ports convergence-control on page 900
configure mlag ports link-up-isolation on page 901
configure mlag ports reload-delay on page 902
configure mlag ports reload-interval on page 903
configure mld on page 904
configure mld snooping fast-learning on page 905
configure mld snooping filters on page 906
configure mld snooping flood-list on page 907
configure mld snooping leave-timeout on page 909
configure mld snooping timer on page 910
configure mld snooping vlan ports add dynamic group on page 911
configure mld snooping vlan ports add static group on page 912
configure mld snooping vlan ports add static router on page 913
configure mld snooping vlan ports delete static group on page 914
configure mld snooping vlan ports delete static router on page 915
configure mld snooping vlan ports filter on page 916
configure mld snooping vlan ports join-limit on page 918
configure mld ssm-map add on page 919
configure mld ssm-map delete on page 920
configure mpls add vlan on page 921
configure mpls delete vlan on page 922
configure mpls exp examination on page 923
configure mpls exp replacement on page 924
configure mpls labels max-static on page 925
configure mpls ldp advertise on page 926
configure mpls ldp loop-detection on page 928
configure mpls ldp timers on page 929
configure mpls lsr-id on page 930
configure mpls rsvp-te bandwidth committed-rate on page 931
configure mpls rsvp-te lsp add path on page 933
configure mpls rsvp-te lsp change on page 935
configure mpls rsvp-te lsp delete path on page 936
configure mpls rsvp-te lsp fast-reroute on page 937
configure mpls rsvp-te lsp path use profile on page 937

34 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

configure mpls rsvp-te lsp transport on page 938

configure mpls rsvp-te metric on page 940
configure mpls rsvp-te path add ero on page 941
configure mpls rsvp-te path delete ero on page 942
configure mpls rsvp-te profile (fast-reroute) on page 943
configure mpls rsvp-te profile on page 945
configure mpls rsvp-te timers lsp rapid-retry on page 948
configure mpls rsvp-te timers lsp standard-retry on page 950
configure mpls rsvp-te timers session on page 951
configure mpls static lsp transport on page 954
configure mpls static lsp on page 955
configure mrp ports timers on page 956
configure msdp as-display-format on page 958
configure msdp max-rejected-cache on page 959
configure msdp originator-id on page 960
configure msdp peer default-peer on page 961
configure msdp peer description on page 963
configure msdp peer mesh-group on page 964
configure msdp peer no-default-peer on page 965
configure msdp peer password on page 966
configure msdp peer sa-filter on page 967
configure msdp peer sa-limit on page 969
configure msdp peer source-interface on page 970
configure msdp peer timer on page 971
configure msdp peer ttl-threshold on page 972
configure msdp sa-cache-server on page 973
configure msrp latency-max-frame-size on page 974
configure msrp ports sr-pvid on page 975
configure msrp ports traffic-class delta-bandwidth on page 976
configure msrp sharing on page 977
configure msrp timers first-value-change-recovery on page 978
configure mstp format on page 979
configure mstp region on page 980
configure mstp revision on page 982
configure mvr add receiver on page 983
configure mvr add vlan on page 984
configure mvr delete receiver on page 985
configure mvr delete vlan on page 986
configure mvr mvr-address on page 986
configure mvr static group on page 988
configure mvrp stpd on page 989
configure mvrp tag ports registration on page 990

Switch Engine™ Command Reference Guide for version 32.7.1 35

 Commands

configure mvrp tag ports transmit on page 991

configure mvrp vlan auto-creation on page 992
configure mvrp vlan registration on page 992
configure neighbor-discovery cache add on page 993
configure neighbor-discovery cache delete on page 994
configure neighbor-discovery cache locktime on page 995
configure neighbor-discovery cache max_entries on page 996
configure neighbor-discovery cache max_pending_entries on page 997
configure neighbor-discovery cache reachable-time on page 998
configure neighbor-discovery cache retransmit-time on page 998
configure neighbor-discovery cache timeout on page 999
configure netlogin add mac-list on page 1000
configure netlogin add proxy-port on page 1002
configure netlogin agingtime on page 1002
configure netlogin allowed-refresh-failures on page 1003
configure netlogin authentication database-order on page 1004
configure netlogin authentication failure vlan on page 1005
configure netlogin authentication protocol-order on page 1006
configure netlogin authentication service-unavailable vlan on page 1007
configure netlogin banner on page 1009
configure netlogin base-url on page 1010
configure netlogin delete mac-list on page 1011
configure netlogin delete proxy-port on page 1012
configure netlogin dot1x eapol-transmit-version on page 1012
configure netlogin dot1x guest-vlan on page 1013
configure netlogin dot1x tag-eapol on page 1015
configure netlogin dot1x timers on page 1016
configure netlogin dynamic-vlan on page 1018
configure netlogin dynamic-vlan uplink-ports on page 1020
configure netlogin idle-timeout on page 1022
configure netlogin local-user security-profile on page 1022
configure netlogin local-user on page 1023
configure netlogin mac timers reauth-period on page 1025
configure netlogin mac username case on page 1026
configure netlogin mac username format on page 1027
configure netlogin move-fail-action on page 1028
configure netlogin port allow egress-traffic on page 1029
configure netlogin ports on page 1030
configure netlogin ports mode on page 1032
configure netlogin ports no-restart on page 1035
configure netlogin ports restart on page 1036
configure netlogin redirect-page on page 1037

36 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

configure netlogin session-refresh on page 1038

configure netlogin session-timeout on page 1039
configure netlogin trap on page 1041
configure netlogin vlan on page 1041
configure network-clock gptp bmca on page 1042
configure network-clock gptp default-set on page 1043
configure network-clock gptp ports announce on page 1044
configure network-clock gptp ports peer-delay on page 1046
configure network-clock gptp ports sync on page 1048
configure network-clock gptp slave-port on page 1049
configure network-clock ptp end-to-end transparent on page 1050
configure nodealias ports on page 1051
configure ntp key trusted/not-trusted on page 1053
configure ntp local-clock none on page 1053
configure ntp local-clock stratum on page 1054
configure ntp restrict-list on page 1055
configure ntp server/peer add on page 1056
configure ntp server/peer delete on page 1057
configure ospf bfd on page 1058
configure ospf add virtual-link on page 1059
configure ospf add vlan area on page 1060
configure ospf add vlan area link-type on page 1061
configure ospf area add range on page 1062
configure ospf area delete range on page 1063
configure ospf area external-filter on page 1064
configure ospf area interarea-filter on page 1065
configure ospf area normal on page 1066
configure ospf area nssa stub-default-cost on page 1066
configure ospf area stub stub-default-cost on page 1068
configure ospf area timer on page 1068
configure ospf ase-limit on page 1070
configure ospf ase-summary add on page 1071
configure ospf ase-summary delete on page 1072
configure ospf authentication on page 1073
configure ospf cost on page 1074
configure ospf delete virtual-link on page 1075
configure ospf delete vlan on page 1076
configure ospf import-policy on page 1076
configure ospf instanceid on page 1077
configure ospf lsa-batch-interval on page 1078
configure ospf metric-table on page 1079
configure ospf priority on page 1080

Switch Engine™ Command Reference Guide for version 32.7.1 37

 Commands

configure ospf restart grace-period on page 1081

configure ospf restart on page 1082
configure ospf restart-helper on page 1083
configure ospf routerid on page 1084
configure ospf spf-hold-time on page 1085
configure ospf virtual-link timer on page 1086
configure ospf vlan area on page 1087
configure ospf vlan neighbor add on page 1088
configure ospf vlan neighbor delete on page 1089
configure ospf vlan timer on page 1090
configure ospfv3 add interface all on page 1091
configure ospfv3 add interface on page 1092
configure ospfv3 add virtual-link on page 1094
configure ospfv3 area add range on page 1095
configure ospfv3 area cost on page 1096
configure ospfv3 area delete range on page 1097
configure ospfv3 area external-filter on page 1098
configure ospfv3 area interarea-filter on page 1099
configure ospfv3 area normal on page 1100
configure ospfv3 area nssa on page 1101
configure ospfv3 area priority on page 1102
configure ospfv3 area stub on page 1103
configure ospfv3 area timer on page 1104
configure ospfv3 authentication (Authentication Trailer) on page 1106
configure ospfv3 authentication (IPsec) on page 1107
configure ospfv3 bfd on page 1108
configure ospfv3 delete interface on page 1109
configure ospfv3 delete virtual-link on page 1110
configure ospfv3 import-policy on page 1111
configure ospfv3 interface area on page 1112
configure ospfv3 interface cost on page 1113
configure ospfv3 interface priority on page 1114
configure ospfv3 interface timer on page 1115
configure ospfv3 lsa-batch-interval on page 1117
configure ospfv3 metric-table on page 1118
configure ospfv3 restart on page 1119
configure ospfv3 restart grace-period on page 1120
configure ospfv3 restart-helper on page 1121
configure ospfv3 routerid on page 1122
configure ospfv3 spf-hold-time on page 1124
configure ospfv3 virtual-link authentication (Authentication Trailer) on page 1124
configure ospfv3 virtual-link authentication on page 1126

38 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

configure ospfv3 virtual-link restart-helper on page 1127

configure ospfv3 virtual-link timer on page 1129
configure pim add tunnel on page 1130
configure pim add vlan on page 1131
configure pim anycast-rp on page 1133
configure pim border on page 1134
configure pim cbsr on page 1135
configure pim crp static on page 1136
configure pim crp timer on page 1138
configure pim crp vlan on page 1138
configure pim delete tunnel on page 1140
configure pim delete vlan on page 1141
configure pim dense-neighbor-check on page 1142
configure pim dr-priority on page 1143
configure pim iproute sharing hash on page 1144
configure pim register-policy on page 1145
configure pim register-policy rp on page 1146
configure pim register-rate-limit-interval on page 1147
configure pim register-suppress-interval register-probe-interval on page 1148
configure pim snooping sgrpt-prune on page 1149
configure pim shutdown-priority on page 1150
configure pim spt-threshold on page 1151
configure pim ssm range on page 1152
configure pim state-refresh timer origination-interval on page 1153
configure pim state-refresh timer source-active-timer on page 1154
configure pim state-refresh ttl on page 1155
configure pim state-refresh on page 1156
configure pim timer tunnel on page 1157
configure pim timer vlan on page 1158
configure pim tunnel dr-priority on page 1159
configure pim vlan trusted-gateway on page 1160
configure policy access-list on page 1161
configure policy autoclear on page 1162
configure policy app-signature group name pattern on page 1163
configure policy app-signature minimum-ttl on page 1164
configure policy captive-portal on page 1165
configure policy captive-portal listening on page 1166
configure policy captive-portal rule-use on page 1167
configure policy convergence-endpoint on page 1169
configure policy convergence-endpoint clear on page 1169
configure policy convergence-endpoint index on page 1170
configure policy convergence-endpoint ports on page 1171

Switch Engine™ Command Reference Guide for version 32.7.1 39

 Commands

configure policy invalid action on page 1172

configure policy maptable on page 1173
configure policy port on page 1174
configure policy profile on page 1174
configure policy resource-profile on page 1177
configure policy rule on page 1179
configure policy rule admin-profile on page 1182
configure policy rule-model on page 1183
configure policy slices shared on page 1184
configure policy slices tci-overwrite on page 1185
configure policy syslog on page 1186
configure policy vlanauthorization on page 1187
configure policy vlanauthorization port on page 1188
configure port description-string on page 1189
configure port ethertype on page 1190
configure port reflective-relay on page 1191
configure port shared-packet-buffer on page 1192
configure ports on page 1193
configure ports auto 1G-optics-in-10G-ports on page 1194
configure ports auto off on page 1195
configure ports auto on on page 1196
configure ports auto-polarity on page 1199
configure ports ddmi on page 1200
configure ports debounce time on page 1201
configure ports display-string on page 1202
configure ports dot1p on page 1203
configure ports dwdm channel none on page 1203
configure ports dwdm channel on page 1204
configure ports eee on page 1207
configure ports forward-error-correction on page 1208
configure ports ingress-filtering on page 1209
configure ports isolation on page 1210
configure ports l2pt profile on page 1211
configure ports link-flap-detection action on page 1212
configure ports link-flap-detection interval threshold disable-time on page 1213
configure ports link-flap-detection on page 1215
configure ports link-scan interval on page 1215
configure ports monitor vlan on page 1217
configure ports partition on page 1218
configure ports protocol filter on page 1220
configure ports qosprofile on page 1221
configure ports rate-limit egress on page 1222

40 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

configure ports rate-limit flood on page 1223

configure ports redundant on page 1224
configure ports vlan on page 1226
configure power monitor on page 1229
configure private-vlan add network on page 1230
configure private-vlan add subscriber on page 1231
configure private-vlan delete on page 1232
configure protocol add on page 1233
configure process group other cpu-limit on page 1234
configure process group other memory-limit on page 1236
configure protocol delete on page 1237
configure protocol filter on page 1238
configure qosprofile on page 1240
configure qosprofile weight on page 1244
configure qosprofile wred on page 1245
configure qosprofile egress wred ecn on page 1247
configure qosscheduler weighted-deficit-round-robin on page 1248
configure radius algorithm on page 1250
configure radius dynamic-authorization server client-ip on page 1250
configure radius port bounce on page 1252
configure radius retries on page 1253
configure radius server client-ip on page 1254
configure radius shared-secret on page 1256
configure radius timeout on page 1258
configure radius tls ocsp on page 1259
configure radius tls ocsp nonce on page 1260
configure radius tls ocsp override on page 1261
configure radius tls ocsp signer on page 1262
configure radius tls tcp-user-timeout on page 1263
configure radius-accounting retries on page 1263
configure radius-accounting server client-ip on page 1264
configure radius-accounting shared-secret on page 1266
configure radius-accounting timeout on page 1268
configure rip add vlan on page 1269
configure rip delete vlan on page 1270
configure rip garbagetime on page 1271
configure rip import-policy on page 1271
configure rip routetimeout on page 1272
configure rip updatetime on page 1273
configure rip vlan cost on page 1274
configure rip vlan route-policy on page 1275
configure rip vlan rxmode on page 1276

Switch Engine™ Command Reference Guide for version 32.7.1 41

 Commands

configure rip vlan trusted-gateway on page 1277

configure rip vlan txmode on page 1278
configure ripng add on page 1279
configure ripng cost on page 1280
configure ripng delete on page 1280
configure ripng garbagetime on page 1281
configure ripng import-policy on page 1282
configure ripng route-policy on page 1283
configure ripng routetimeout on page 1285
configure ripng trusted-gateway on page 1285
configure ripng updatetime on page 1287
configure security fips-mode on page 1287
configure security python on page 1288
configure sflow agent ipaddress on page 1289
configure sflow collector ipaddress on page 1290
configure sflow max-cpu-sample-limit on page 1291
configure sflow poll-interval on page 1293
configure sflow ports sample-rate on page 1293
configure sflow sample-rate on page 1294
configure sharing add ports on page 1295
configure sharing address-based custom on page 1297
configure sharing address-based custom hash-seed on page 1299
configure sharing algorithm on page 1300
configure sharing delete ports on page 1301
configure sharing distribution-mode on page 1302
configure sharing health-check member-port add tcp-tracking on page 1303
configure sharing health-check member-port delete tcp-tracking on page 1305
configure sharing health-check member-port tcp-tracking on page 1305
configure sharing lacp activity-mode on page 1306
configure sharing lacp defaulted-state-action on page 1308
configure sharing lacp fallback on page 1309
configure sharing lacp fallback timeout on page 1310
configure sharing lacp system-priority on page 1312
configure sharing lacp timeout on page 1313
configure sharing minimum-active on page 1314
configure sharing port-based key on page 1315
configure slot description on page 1316
configure slot module on page 1317
configure slot restart-limit on page 1318
configure slpp guard ethertype on page 1319
configure slpp guard recovery-timeout on page 1320
configure snmp access-profile on page 1321

42 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

configure snmp add community on page 1324

configure snmp add trapreceiver on page 1325
configure snmp delete community on page 1327
configure snmp delete trapreceiver on page 1328
configure snmp ifmibifalias size on page 1329
configure snmp sysContact on page 1330
configure snmp sysLocation on page 1331
configure snmp sysName on page 1332
configure snmp traps batch-delay bfd on page 1333
configure snmpv3 add access on page 1334
configure snmpv3 add community on page 1336
configure snmpv3 add filter on page 1338
configure snmpv3 add filter-profile on page 1339
configure snmpv3 add group user on page 1340
configure snmpv3 add mib-view on page 1342
configure snmpv3 add notify on page 1343
configure snmpv3 add target-addr on page 1344
configure snmpv3 add target-params on page 1346
configure snmpv3 add user on page 1348
configure snmpv3 add user clone-from on page 1350
configure snmpv3 delete access on page 1351
configure snmpv3 delete community on page 1353
configure snmpv3 delete filter on page 1354
configure snmpv3 delete filter-profile on page 1355
configure snmpv3 delete group user on page 1356
configure snmpv3 delete mib-view on page 1358
configure snmpv3 delete notify on page 1359
configure snmpv3 delete target-addr on page 1360
configure snmpv3 delete target-params on page 1361
configure snmpv3 delete user on page 1362
configure snmpv3 engine-boots on page 1363
configure snmpv3 engine-id on page 1364
configure snmpv3 target-addr retry on page 1364
configure snmpv3 target-addr timeout on page 1365
configure sntp-client on page 1366
configure sntp-client update-interval on page 1367
configure ssh2 access-profile on page 1368
configure ssh2 dh-group on page 1370
configure ssh2 disable cipher mac on page 1371
configure ssh2 disable pk-alg on page 1372
configure ssh2 enable cipher mac on page 1373
configure ssh2 enable pk-alg on page 1374

Switch Engine™ Command Reference Guide for version 32.7.1 43

 Commands

configure ssh2 idletimeout on page 1375

configure ssh2 key on page 1376
configure ssh2 key algorithm on page 1378
configure ssh2 login-grace-timeout on page 1379
configure ssh2 rekey on page 1380
configure ssh2 secure-mode on page 1381
configure ssh2 x509v3 ocsp on page 1382
configure ssh2 x509v3 ocsp nonce on page 1383
configure ssh2 x509v3 ocsp override on page 1384
configure ssh2 x509v3 ocsp signer on page 1385
configure ssh2 x509v3 radius-password-auth on page 1386
configure ssh2 x509v3 username overwrite on page 1387
configure ssh2 x509v3 username strip-domain on page 1388
configure ssh2 x509v3 username use-domain on page 1389
configure sshd2 user-key add user on page 1390
configure sshd2 user-key delete user on page 1391
configure ssl certificate hash-algorithm on page 1391
configure ssl certificate pregenerated on page 1393
configure ssl certificate privkeylen on page 1394
configure ssl csr on page 1395
configure ssl privkey pregenerated on page 1397
configure stack-ports debounce time on page 1398
configure stacking alternate-ip-address on page 1399
configure stacking easy-setup on page 1401
configure stacking license-level on page 1403
configure stacking mac-address on page 1405
configure stacking master-capability on page 1407
configure stacking node-address on page 1408
configure stacking priority on page 1410
configure stacking redundancy on page 1411
configure stacking slot-number automatic on page 1413
configure stacking-support auto-discovery on page 1414
configure stacking-support stack-ports on page 1415
configure stpd add vlan on page 1418
configure stpd backup-root on page 1421
configure stpd bpdu-forwarding on page 1422
configure stpd default-encapsulation on page 1423
configure stpd delete vlan on page 1426
configure stpd description on page 1427
configure stpd filter-method on page 1428
configure stpd flush-method on page 1428
configure stpd forwarddelay on page 1429

44 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

configure stpd hellotime on page 1430

configure stpd loop-protect event-threshold on page 1431
configure stpd loop-protect event-window on page 1432
configure stpd maxage on page 1433
configure stpd max-hop-count on page 1434
configure stpd mode on page 1435
configure stpd multicast send-query on page 1437
configure stpd ports active-role disable on page 1438
configure stpd ports active-role enable on page 1439
configure stpd ports auto-edge on page 1440
configure stpd ports bpdu-restrict on page 1441
configure stpd ports cost on page 1442
configure stpd ports edge-safeguard disable on page 1444
configure stpd ports edge-safeguard enable on page 1445
configure stpd ports link-type on page 1447
configure stpd ports loop-protect on page 1450
configure stpd ports loop-protect partner on page 1451
configure stpd ports mode on page 1452
configure stpd ports port-priority on page 1453
configure stpd ports priority on page 1454
configure stpd ports reflection-bpdu on page 1456
configure stpd ports restricted-role disable on page 1457
configure stpd ports restricted-role enable on page 1458
configure stpd ports restricted-tcn on page 1459
configure stpd priority on page 1460
configure stpd priority-mode on page 1462
configure stpd tag on page 1462
configure stpd trap new-root on page 1464
configure stpd trap topology-change on page 1465
configure stpd tx-hold-count on page 1465
configure switch integrity-check image on page 1466
configure sys-health-check all level on page 1467
configure syslog add on page 1469
configure syslog tls cipher on page 1471
configure syslog tls ocsp on page 1472
configure syslog tls ocsp nonce on page 1473
configure syslog tls ocsp override on page 1474
configure syslog tls ocsp signer on page 1475
configure syslog tls tcp-user-timeout on page 1476
configure syslog delete on page 1477
configure syslog reference-identifier on page 1478
configure system ports notation on page 1479

Switch Engine™ Command Reference Guide for version 32.7.1 45

 Commands

configure sys-recovery-level switch on page 1481

configure sys-recovery-level on page 1483
configure tacacs priv-lvl on page 1484
configure tacacs-accounting server on page 1485
configure tacacs server client-ip on page 1487
configure tacacs shared-secret on page 1488
configure tacacs timeout on page 1489
configure tacacs-accounting server client-ip on page 1490
configure tacacs-accounting shared-secret on page 1492
configure tacacs-accounting timeout on page 1493
configure tech-support add collector on page 1494
configure tech-support collector on page 1495
configure tech-support collector data-set on page 1496
configure tech-support collector frequency error-detected on page 1497
configure tech-support collector report on page 1499
configure tech-support delete collector on page 1500
configure telnet access-profile on page 1501
configure telnet port on page 1503
configure telnet vr on page 1504
configure time on page 1505
configure timezone on page 1507
configure trusted-ports trust-for dhcp-server on page 1511
configure trusted-servers add server on page 1512
configure trusted-servers delete server on page 1513
configure tunnel ipaddress on page 1514
configure tunnel ip tcp adjust-mss on page 1516
configure tunnel ipv6 tcp adjust-mss on page 1517
configure twamp endpoint on page 1518
configure twamp key-id on page 1518
configure twamp reflector on page 1519
configure twamp server on page 1520
configure upm event on page 1520
configure upm profile maximum execution-time on page 1521
configure upm timer after on page 1522
configure upm timer at on page 1523
configure upm timer profile on page 1524
configure virtual-network on page 1525
configure virtual-network add network ports on page 1526
configure virtual-network delete network ports on page 1527
configure virtual-network dynamic on page 1528
configure virtual-network flooding on page 1529
configure virtual-network local endpoint on page 1530

46 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

configure virtual-network monitor on page 1532

configure virtual-network multicast group on page 1532
configure virtual-network name on page 1533
configure virtual-network remote-endpoint vxlan ipaddress on page 1534
configure virtual-network remote-endpoint vxlan ipaddress monitor on page 1535
configure virtual-network replication-role on page 1536
configure virtual-network selected-replicator on page 1537
configure virtual-network vxlan vni on page 1539
configure vlan add nsi | isid on page 1539
configure vlan add ports on page 1540
configure vlan add ports private-vlan translated on page 1542
configure vlan add ports stpd on page 1543
configure vlan add secondary-ipaddress on page 1546
configure vlan delete nsi | isid on page 1548
configure vlan delete ports on page 1549
configure vlan delete secondary-ipaddress on page 1550
configure vlan description on page 1551
configure vlan dhcp-address-range on page 1551
configure vlan dhcp-lease-timer on page 1552
configure vlan dhcp-options on page 1553
configure vlan dynamic-vlan uplink-ports on page 1555
configure vlan ipaddress on page 1556
configure vlan l2pt profile on page 1558
configure vlan name on page 1559
configure vlan netlogin-lease-timer on page 1560
configure vlan qosprofile on page 1561
configure vlan protocol on page 1562
configure vlan router-discovery add prefix on page 1563
configure vlan router-discovery default-lifetime on page 1564
configure vlan router-discovery delete prefix on page 1565
configure vlan router-discovery link-mtu on page 1566
configure vlan router-discovery managed-config-flag on page 1567
configure vlan router-discovery max-interval on page 1568
configure vlan router-discovery min-interval on page 1569
configure vlan router-discovery other-config-flag on page 1570
configure vlan router-discovery reachable-time on page 1571
configure vlan router-discovery retransmit-time on page 1571
configure vlan router-discovery set prefix on page 1572
configure router-discovery vrrp-lla-only on page 1574
configure vlan subvlan on page 1575
configure vlan subvlan-address-range on page 1576
configure vlan suppress on page 1577

Switch Engine™ Command Reference Guide for version 32.7.1 47

 Commands

configure vlan tag on page 1578

configure vlan udp-profile on page 1579
configure vlan untagged-ports auto-move on page 1581
configure vlan-translation add loopback-port on page 1582
configure vlan-translation add member-vlan on page 1583
configure vlan-translation delete loopback-port on page 1584
configure vlan-translation delete member-vlan on page 1585
configure vm add | delete ports on page 1586
configure vm add virtual-interface on page 1587
configure vm delete virtual-interface on page 1588
configure vm cpus on page 1589
configure vm disk bus-type on page 1590
configure vm memory on page 1591
configure vm vnc on page 1592
configure vman add ports on page 1593
configure vman add ports cep on page 1595
configure vman delete ports on page 1597
configure vman ethertype on page 1598
configure vman ports add cvid on page 1599
configure vman ports delete cvid on page 1601
configure vman protocol on page 1602
configure vman tag on page 1603
configure vm-tracking authentication database-order on page 1604
configure vm-tracking blackhole on page 1605
configure vm-tracking local-vm on page 1606
configure vm-tracking nms timeout on page 1607
configure vm-tracking nms on page 1607
configure vm-tracking repository on page 1609
configure vm-tracking timers on page 1610
configure vm-tracking vpp add on page 1611
configure vm-tracking vpp counters on page 1612
configure vm-tracking vpp delete on page 1613
configure vm-tracking vpp vlan-tag on page 1614
configure vpex auto-configuration mlag-id on page 1614
configure vpex mlag-id peer on page 1616
configure vpex ports on page 1617
configure vpex ring rebalancing on page 1618
configure vpls on page 1619
configure vpls add peer on page 1621
configure vpls delete peer on page 1623
configure vpls delete service on page 1624
configure vpls health-check vccv on page 1625

48 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

configure vpls peer l2pt profile on page 1626

configure vpls peer mpls lsp on page 1628
configure vpls peer on page 1629
configure vpls snmp-vpn-identifier on page 1630
configure vr add ports on page 1631
configure vr add protocol on page 1632
configure vr delete ports on page 1634
configure vr description on page 1635
configure vrrp group on page 1635
configure vrrp fabric-routing on page 1637
configure vrrp vlan vrid accept-mode on page 1638
configure vrrp vlan vrid add ipaddress on page 1640
configure vrrp vlan vrid add track-iproute on page 1641
configure vrrp vlan vrid add track-ping on page 1642
configure vrrp vlan vrid add track-vlan on page 1644
configure vrrp vlan vrid add virtual-link-local on page 1645
configure vrrp vlan vrid advertisement-interval on page 1646
configure vrrp vlan vrid delete track-iproute on page 1648
configure vrrp vlan vrid delete track-ping on page 1649
configure vrrp vlan vrid delete track-vlan on page 1650
configure vrrp vlan vrid delete ipaddress on page 1651
configure vrrp vlan vrid dont-preempt on page 1651
configure vrrp vlan vrid host-mobility on page 1652
configure vrrp vlan vrid ipv4 checksum on page 1654
configure vrrp vlan vrid preempt on page 1654
configure vrrp vlan vrid priority on page 1656
configure vrrp vlan vrid track-mode on page 1657
configure vrrp vlan vrid version on page 1658
configure web http access-profile on page 1659
configure xml-notification target add/delete on page 1661
configure xml-notification target on page 1662
configure l2pt encapsulation dest-mac on page 1663
cp on page 1663
create access-list on page 1666
create access-list network-zone on page 1668
create access-list zone on page 1669
create account on page 1669
create auto-peering bgp on page 1672
create auto-peering ospf on page 1673
create bgp evpn instance on page 1674
create bgp neighbor peer-group on page 1675
create bgp neighbor remote-AS-number on page 1677

Switch Engine™ Command Reference Guide for version 32.7.1 49

 Commands

create bgp peer-group on page 1679

create cfm domain dns md-level on page 1680
create cfm domain mac md-level on page 1681
create cfm domain string md-level on page 1682
create cfm segment destination on page 1684
create database on page 1685
create eaps shared-port on page 1686
create eaps on page 1686
create erps ring on page 1687
create esrp on page 1688
create fdb mac-tracking entry on page 1690
create fdb vlan ports on page 1690
create flow-redirect on page 1693
create flowmon collector on page 1694
create flowmon group on page 1695
create flowmon key on page 1695
create identity-management role on page 1696
create ip nat rule on page 1700
create isis area on page 1701
create keychain on page 1702
create l2pt profile on page 1703
create l2vpn fec-id-type pseudo-wire on page 1704
create ldap domain on page 1705
create log filter on page 1706
create log message on page 1707
create log target upm on page 1708
create log target xml-notification on page 1709
create macsec connectivity-association on page 1710
create meter on page 1712
create mirror control_index on page 1712
create mirror on page 1713
create mlag peer on page 1716
create mpls rsvp-te path on page 1717
create mpls rsvp-te profile fast-reroute on page 1719
create mpls rsvp-te profile on page 1719
create mpls static lsp on page 1720
create msdp mesh-group on page 1721
create msdp peer on page 1722
create netlogin local-user on page 1723
create network-clock ptp on page 1726
create ntp key on page 1728
create ospf area on page 1729

50 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

create ospfv3 area on page 1730

create policy access-list on page 1731
create policy access-list action-set on page 1734
create ports group on page 1735
create private-vlan on page 1736
create process executable on page 1737
create process python-module on page 1738
create protocol on page 1740
create qosprofile on page 1741
create sshd2 key-file on page 1742
create sshd2 user-key on page 1742
create stpd on page 1743
create tunnel 6to4 on page 1745
create tunnel gre destination source on page 1746
create tunnel ipv6-in-ipv4 on page 1747
create upm profile on page 1748
create upm timer on page 1749
create virtual-network on page 1750
create virtual-network remote-endpoint vxlan ipaddress on page 1751
create virtual-router on page 1752
create vlan on page 1754
create vm image on page 1757
create vm ova on page 1758
create vman on page 1760
create vm-tracking local-vm on page 1761
create vm-tracking vpp on page 1763
create vpls fec-id-type pseudo-wire on page 1764
create vrrp group on page 1765
create vrrp vlan vrid on page 1766
create xml-notification target url on page 1767
delete access-list on page 1768
delete access-list network-zone on page 1769
delete access-list zone on page 1770
delete account on page 1770
delete auto-peering on page 1772
delete bgp evpn instance on page 1772
delete bgp neighbor on page 1773
delete bgp peer-group on page 1774
delete cfm domain on page 1775
delete cfm segment on page 1776
delete database on page 1777
delete eaps shared-port on page 1777

Switch Engine™ Command Reference Guide for version 32.7.1 51

 Commands

delete eaps on page 1778

delete erps on page 1779
delete esrp on page 1780
delete fdb mac-tracking entry on page 1781
delete fdb on page 1781
delete flow-redirect on page 1783
delete flowmon collector on page 1783
delete flowmon group on page 1784
delete flowmon key on page 1785
delete identity-management role on page 1786
delete instant-port profile on page 1787
delete ip nat rule on page 1787
delete isis area on page 1788
delete keychain on page 1789
delete l2pt profile on page 1790
delete l2vpn on page 1791
delete ldap domain on page 1792
delete log filter on page 1793
delete log target upm on page 1794
delete log target xml-notification on page 1794
delete macsec connectivity-association on page 1795
delete meter on page 1796
delete mirror name on page 1797
delete mlag peer on page 1798
delete mpls rsvp-te lsp on page 1799
delete mpls rsvp-te path on page 1800
delete mpls rsvp-te profile on page 1801
delete mpls static lsp on page 1801
delete msdp mesh-group on page 1802
delete msdp peer on page 1803
delete netlogin local-user on page 1804
delete ntp key on page 1805
delete ospf area on page 1806
delete ospfv3 area on page 1807
delete policy access-list on page 1808
delete policy access-list action-set on page 1809
delete ports group on page 1809
delete private-vlan on page 1810
delete process on page 1811
delete protocol on page 1812
delete qosprofile on page 1812
delete sshd2 user-key on page 1813

52 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

delete stpd on page 1814

delete tunnel on page 1815
delete upm profile on page 1816
delete upm timer on page 1817
delete var on page 1817
delete var key on page 1818
delete virtual-network on page 1819
delete virtual-network remote-endpoint vxlan ipaddress on page 1820
delete virtual-router on page 1821
delete vlan on page 1822
delete vman on page 1822
delete vm on page 1823
delete vm-tracking local-vm on page 1824
delete vm-tracking vpp on page 1825
delete vpls on page 1826
delete vrrp group on page 1827
delete vrrp vlan vrid on page 1827
delete xml-notification target on page 1828
disable access-list permit to-cpu on page 1829
disable access-list refresh blackhole on page 1830
disable account on page 1831
disable auto-provision on page 1832
disable auto-provision cloud-connector on page 1833
disable avb on page 1834
disable avb ports on page 1834
disable bgp on page 1835
disable bgp advertise-inactive-route on page 1836
disable bgp aggregation on page 1837
disable bgp always-compare-med on page 1838
disable bgp community format on page 1839
disable bgp export vr on page 1840
disable bgp export on page 1841
disable bgp export [static | direct] l2vpn-evpn on page 1844
disable bgp fast-external-fallover on page 1845
disable bgp mpls-next-hop on page 1846
disable bgp multipath-relax on page 1846
disable bgp neighbor address-family l2vpn-evpn on page 1847
disable bgp neighbor capability address-family vpnv4 on page 1848
disable bgp neighbor capability on page 1850
disable bgp neighbor originate-default on page 1851
disable bgp neighbor remove-private-AS-numbers on page 1853
disable bgp neighbor soft-in-reset on page 1854

Switch Engine™ Command Reference Guide for version 32.7.1 53

 Commands

disable bgp neighbor on page 1856

disable bgp peer-group capability address-family vpnv4 on page 1857
disable bgp peer-group capability on page 1858
disable bgp peer-group next-hop-unchanged on page 1859
disable bgp peer-group originate-default on page 1860
disable bgp peer-group remove-private-AS-numbers on page 1862
disable bgp peer-group soft-in-reset on page 1862
disable bgp peer-group on page 1864
disable bootp vlan on page 1865
disable bootprelay ipv6 on page 1866
disable bootprelay on page 1867
disable cdp ports on page 1868
disable cfm segment frame-delay measurement on page 1869
disable cfm segment frame-loss measurement mep on page 1870
disable clear-flow on page 1870
disable cli history expansion on page 1871
disable cli prompting on page 1872
disable cli refresh on page 1873
disable cli scripting on page 1874
disable cli scripting output on page 1875
disable cli space-completion on page 1876
disable cli write-permission on page 1877
disable cli config-logging on page 1877
disable cli-config-logging expansion on page 1878
disable cli paging on page 1879
disable cpu-monitoring on page 1880
disable dhcp ports vlan on page 1881
disable dhcp vlan on page 1882
disable diffserv examination ports on page 1883
disable diffserv replacement ports on page 1884
disable dns cache on page 1885
disable dns cache analytics on page 1886
disable dns cache dnssec on page 1886
disable dos-protect on page 1887
disable dot1p examination inner-tag ports on page 1888
disable dot1p examination ports on page 1889
disable dot1p replacement ports on page 1890
disable eaps on page 1891
disable edp ports on page 1892
disable elrp-client on page 1893
disable elsm ports on page 1894
disable elsm ports auto-restart on page 1895

54 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

disable erps on page 1896

disable erps block-vc-recovery on page 1897
disable erps ring-name on page 1898
disable erps topology-change on page 1899
disable esrp on page 1900
disable ethernet oam ports link-fault-management on page 1900
disable fdb static-mac-move on page 1901
disable flooding ports on page 1902
disable flow-control ports on page 1904
disable flowmon on page 1905
disable flowmon group on page 1906
disable icmp ipv6 on page 1907
disable icmp redirects ipv6 fast-path on page 1908
disable icmp redirects on page 1909
disable icmp useredirects on page 1909
disable identity-management on page 1910
disable cli idletimeout on page 1911
disable igmp on page 1912
disable igmp snooping vlan fast-leave on page 1913
disable igmp snooping on page 1914
disable igmp ssm-map on page 1915
disable inline-power on page 1916
disable inline-power ports on page 1918
disable inline-power slot on page 1919
disable ip anycast on page 1920
disable ip nat on page 1921
disable ip nat rule on page 1922
disable iparp checking on page 1923
disable iparp gratuitous protect vlan on page 1923
disable iparp refresh on page 1924
disable ipforwarding broadcast on page 1925
disable ipforwarding broadcast on page 1926
disable ipforwarding ipv6 on page 1927
disable ipmcforwarding ipv6 on page 1928
disable ipmcforwarding on page 1929
disable ipmcforwarding tunnel on page 1930
disable ip option loose-source-route on page 1931
disable ip option strict-source-route on page 1931
disable iproute bfd on page 1932
disable iproute bfd strict on page 1933
disable iproute compression on page 1934
disable iproute ipv6 compression on page 1935

Switch Engine™ Command Reference Guide for version 32.7.1 55

 Commands

disable iproute ipv6 sharing on page 1936

disable iproute mpls-next-hop on page 1936
disable iproute protection ping on page 1937
disable iproute sharing on page 1938
disable ip-security anomaly-protection icmp on page 1939
disable ip-security anomaly-protection ip on page 1940
disable ip-security anomaly-protection l4port on page 1940
disable ip-security anomaly-protection notify on page 1941
disable ip-security anomaly-protection tcp flags on page 1942
disable ip-security anomaly-protection tcp fragment on page 1943
disable ip-security anomaly-protection on page 1944
disable ip-security arp gratuitous-protection on page 1945
disable ip-security arp learning learn-from-arp on page 1946
disable ip-security arp learning learn-from-dhcp on page 1947
disable ip-security arp validation on page 1948
disable ip-security dhcp-bindings restoration on page 1949
disable ip-security dhcp-snooping on page 1950
disable ip-security source-ip-lockdown ports on page 1951
disable iqagent on page 1951
disable irdp on page 1952
disable isis on page 1953
disable isis area adjacency-check on page 1954
disable isis area dynamic-hostname on page 1955
disable isis area export ipv6 on page 1956
disable isis area export on page 1957
disable isis area originate-default on page 1957
disable isis area overload-bit on page 1958
disable isis hello-padding on page 1959
disable isis restart-helper on page 1960
disable jumbo-frame ports on page 1961
disable l2vpn on page 1962
disable l2vpn health-check vccv on page 1963
disable l2vpn service on page 1964
disable l2vpn sharing on page 1965
disable l2vpn vpls peer fdb send-mac-withdrawal on page 1966
disable learning iparp sender-mac on page 1967
disable learning port on page 1967
disable learning vxlan ipaddress on page 1968
disable led locator on page 1969
disable lldp ports on page 1970
disable log debug-mode on page 1971
disable log display on page 1972

56 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

disable log target on page 1973

disable log target upm on page 1974
disable log target xml-notification on page 1975
disable loopback-mode vlan on page 1976
disable mac-lockdown-timeout ports on page 1977
disable mac-locking ports on page 1978
disable mac-locking on page 1978
disable mirror on page 1979
disable mirror control_index on page 1980
disable mlag port on page 1981
disable mlag port reload-delay on page 1982
disable mld on page 1982
disable mld snooping on page 1983
disable mld-ssm map on page 1984
disable mpls on page 1985
disable mpls bfd on page 1986
disable mpls exp examination on page 1987
disable mpls exp replacement on page 1988
disable mpls ldp bgp-routes on page 1989
disable mpls ldp loop-detection on page 1989
disable mpls ldp on page 1990
disable mpls php on page 1991
disable mpls protocol ldp on page 1992
disable mpls protocol rsvp-te on page 1993
disable mpls rsvp-te bundle-message on page 1994
disable mpls rsvp-te fast-reroute on page 1995
disable mpls rsvp-te lsp on page 1996
disable mpls rsvp-te summary-refresh on page 1996
disable mpls rsvp-te on page 1997
disable mpls static lsp on page 1998
disable mpls vlan on page 1999
disable msdp on page 2000
disable msdp data-encapsulation on page 2001
disable msdp export local-sa on page 2002
disable msdp peer on page 2002
disable msdp process-sa-request on page 2003
disable msrp on page 2005
disable mvr on page 2005
disable mvrp on page 2006
disable mvrp ports on page 2007
disable neighbor-discovery refresh on page 2008
disable netlogin authentication failure vlan ports on page 2008

Switch Engine™ Command Reference Guide for version 32.7.1 57

 Commands

disable netlogin authentication service-unavailable vlan ports on page 2009

disable netlogin dot1x guest-vlan ports on page 2010
disable netlogin logout-privilege on page 2011
disable netlogin ports on page 2012
disable netlogin reauthenticate-on-refresh on page 2013
disable netlogin redirect-page on page 2013
disable netlogin session-refresh on page 2014
disable netlogin on page 2015
disable network-clock gptp ports on page 2016
disable network-clock gptp on page 2016
disable nodealias ports on page 2017
disable nodealias protocol on page 2018
disable ntp on page 2019
disable ntp authentication on page 2020
disable ntp broadcast-client on page 2021
disable ntp broadcast-server on page 2022
disable ntp vlan on page 2023
disable ntp vr on page 2024
disable ospf on page 2024
disable ospf capability opaque-lsa on page 2025
disable ospf export on page 2026
disable ospf export vr on page 2027
disable ospf mpls-next-hop on page 2028
disable ospf originate-default on page 2029
disable ospf restart-helper-lsa-check on page 2029
disable ospf use-ip-router-alert on page 2030
disable ospf vxlan-extensions on page 2031
disable ospfv3 on page 2032
disable ospfv3 restart-helper-lsa-check on page 2033
disable ospfv3 export on page 2033
disable ospfv3 virtual-link restart-helper-lsa-check on page 2034
disable pim iproute sharing on page 2035
disable pim snooping on page 2036
disable pim ssm tunnel on page 2037
disable pim ssm vlan on page 2038
disable pim on page 2039
disable policy on page 2039
disable port on page 2040
disable ports mlag-id on page 2041
disable radius on page 2042
disable radius-accounting on page 2043
disable radius dynamic-authorization on page 2044

58 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

disable rip on page 2045

disable rip aggregation on page 2046
disable rip export on page 2047
disable rip originate-default on page 2048
disable rip poisonreverse on page 2049
disable rip splithorizon on page 2049
disable rip triggerupdates on page 2050
disable rip use-ip-router-alert on page 2051
disable ripng on page 2052
disable ripng export on page 2053
disable ripng originate-default on page 2054
disable ripng poisonreverse on page 2055
disable ripng splithorizon on page 2056
disable ripng triggerupdate on page 2056
disable rmon on page 2057
disable router-discovery on page 2058
disable sflow ports on page 2059
disable sflow on page 2060
disable sharing on page 2061
disable slpp guard on page 2062
disable smartredundancy on page 2063
disable snmp access vr on page 2064
disable snmp access on page 2065
disable snmp community on page 2066
disable snmp trap l3vpn on page 2067
disable snmp traps on page 2067
disable snmp traps bfd on page 2068
disable snmp traps configuration on page 2069
disable snmp traps fdb mac-tracking on page 2070
disable snmp traps identity-management on page 2071
disable snmp traps l2vpn on page 2071
disable snmp traps l3vpn on page 2072
disable snmp traps lldp on page 2073
disable snmp traps lldp-med on page 2073
disable snmp traps mpls on page 2074
disable snmp traps ospf on page 2075
disable snmp traps ospfv3 on page 2076
disable snmp traps port-up-down ports on page 2076
disable snmpv3 on page 2077
disable snmpv3 community on page 2078
disable sntp-client on page 2079
disable ssh2 on page 2080

Switch Engine™ Command Reference Guide for version 32.7.1 59

 Commands

disable stacking on page 2080

disable stacking-support on page 2082
disable stpd on page 2083
disable stpd auto-bind on page 2084
disable stpd ports on page 2085
disable stpd rapid-root-failover on page 2086
disable switch bluetooth on page 2086
disable switch locally-administered-address on page 2087
disable switch usb on page 2088
disable syslog on page 2089
disable subvlan-proxy-arp vlan on page 2090
disable tacacs on page 2091
disable tacacs-accounting on page 2091
disable tacacs-authorization on page 2092
disable tech-support collector on page 2093
disable telnet on page 2094
disable tunnel on page 2095
disable twamp reflector on page 2095
disable twamp server on page 2096
disable udp-echo-server on page 2097
disable upm profile on page 2097
disable virtual-network remote-endpoint vxlan on page 2098
disable virtual-router on page 2099
disable vlan on page 2100
disable vm autostart on page 2101
disable vm-tracking dynamic-vlan ports on page 2102
disable vm-tracking on page 2103
disable vm-tracking ports on page 2104
disable vman cep egress filtering ports on page 2104
disable vpex on page 2105
disable vpex auto-configuration on page 2106
disable vpex auto-upgrade on page 2107
disable vpls on page 2108
disable vpls fdb mac-withdrawal on page 2109
disable vpls health-check vccv on page 2110
disable vpls service on page 2111
disable vrrp group on page 2112
disable vrrp vrid on page 2113
disable watchdog on page 2114
disable web http on page 2115
disable web https on page 2115
disable cli xml-mode on page 2116

60 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

disable msrp ports on page 2117

download bootrom on page 2118
download image on page 2120
download ssl certificate on page 2127
download ssl privkey on page 2130
edit policy on page 2131
edit upm profile on page 2133
eject usb on page 2134
ELSE on page 2135
enable access-list permit to-cpu on page 2136
enable access-list refresh blackhole on page 2137
enable account on page 2138
enable auto-provision cloud-connector on page 2139
enable avb on page 2139
enable avb ports on page 2140
enable bgp on page 2141
enable bgp advertise-inactive-route on page 2142
enable bgp aggregation on page 2143
enable bgp always-compare-med on page 2144
enable bgp community format on page 2145
enable bgp export on page 2146
enable bgp export vr on page 2148
enable bgp export [static | direct] l2vpn-evpn on page 2150
enable bgp fast-external-fallover on page 2151
enable bgp mpls-next-hop on page 2152
enable bgp multipath-relax on page 2153
enable bgp neighbor on page 2153
enable bgp neighbor address-family l2vpn-evpn on page 2154
enable bgp neighbor capability on page 2156
enable bgp neighbor capability address-family vpnv4 on page 2158
enable bgp neighbor originate-default on page 2160
enable bgp neighbor remove-private-AS-numbers on page 2161
enable bgp neighbor soft-in-reset on page 2162
enable bgp peer-group on page 2164
enable bgp peer-group capability on page 2165
enable bgp peer-group capability on page 2167
enable bgp peer-group capability address-family vpnv4 on page 2168
enable bgp peer-group next-hop-unchanged on page 2170
enable bgp peer-group originate-default on page 2171
enable bgp peer-group remove-private-AS-numbers on page 2172
enable bgp peer-group soft-in-reset on page 2173
enable bootp vlan on page 2174

Switch Engine™ Command Reference Guide for version 32.7.1 61

 Commands

enable bootprelay ipv6 on page 2175

enable bootprelay on page 2177
enable cdp ports on page 2178
enable cfm segment frame-delay measurement on page 2179
enable cfm segment frame-loss measurement mep on page 2180
enable clear-flow on page 2181
enable cli history expansion on page 2182
enable cli prompting on page 2183
enable cli refresh on page 2184
enable cli scripting on page 2185
enable cli scripting output on page 2186
enable cli space-completion on page 2187
enable cli write-permission on page 2188
enable cli config-logging on page 2189
enable cli-config-logging expansion on page 2190
enable cli paging on page 2191
enable cpu-monitoring on page 2192
enable dhcp ports vlan on page 2193
enable dhcp vlan on page 2194
enable diffserv examination ports on page 2195
enable diffserv replacement ports on page 2196
enable dns cache on page 2197
enable dns cache dnssec on page 2198
enable dns cache analytics on page 2198
enable dos-protect simulated on page 2199
enable dos-protect on page 2200
enable dot1p examination inner-tag port on page 2201
enable dot1p examination ports on page 2202
enable dot1p replacement ports on page 2203
enable eaps on page 2204
enable edp ports on page 2206
enable elrp-client on page 2207
enable elsm ports on page 2208
enable elsm ports auto-restart on page 2210
enable erps on page 2211
enable erps block-vc-recovery on page 2212
enable erps ring-name on page 2213
enable erps topology-change on page 2213
enable esrp on page 2214
enable ethernet oam ports link-fault-management on page 2215
enable fdb static-mac-move on page 2216
enable flooding ports on page 2217

62 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

enable flow-control ports on page 2218

enable flowmon on page 2220
enable flowmon group on page 2221
enable icmp ipv6 on page 2222
enable icmp redirects ipv6 fast-path on page 2223
enable icmp redirects on page 2224
enable icmp useredirects on page 2224
enable identity-management on page 2225
enable cli idle-timeout on page 2226
enable igmp on page 2227
enable igmp snooping on page 2228
enable igmp snooping vlan fast-leave on page 2231
enable igmp snooping with-proxy on page 2231
enable igmp ssm-map on page 2232
enable inline-power on page 2233
enable inline-power ports on page 2235
enable inline-power slot on page 2236
enable ip anycast on page 2237
enable ip nat on page 2238
enable ip nat rule on page 2239
enable iparp checking on page 2240
enable iparp gratuitous protect on page 2241
enable iparp refresh on page 2242
enable ipforwarding ipv6 on page 2243
enable ipforwarding on page 2243
enable ipmcforwarding ipv6 on page 2245
enable ipmcforwarding on page 2246
enable ipmcforwarding tunnel on page 2246
enable ip option loose-source-route on page 2247
enable ip option strict-source-route on page 2248
enable iproute bfd on page 2249
enable iproute bfd strict on page 2250
enable iproute compression on page 2251
enable iproute ipv6 compression on page 2252
enable iproute mpls-next-hop on page 2253
enable iproute protection ping on page 2254
enable iproute sharing on page 2254
enable ip-security anomaly-protection icmp on page 2255
enable ip-security anomaly-protection ip on page 2256
enable ip-security anomaly-protection l4port on page 2257
enable ip-security anomaly-protection notify on page 2258
enable ip-security anomaly-protection tcp flags on page 2259

Switch Engine™ Command Reference Guide for version 32.7.1 63

 Commands

enable ip-security anomaly-protection tcp fragment on page 2260

enable ip-security anomaly-protection on page 2260
enable ip-security arp gratuitous-protection on page 2261
enable ip-security arp learning learn-from-arp on page 2263
enable ip-security arp learning learn-from-dhcp on page 2264
enable ip-security arp validation violation-action on page 2265
enable ip-security dhcp-bindings restoration on page 2267
enable ip-security dhcp-snooping on page 2268
enable ip-security source-ip-lockdown ports on page 2270
enable iqagent on page 2271
enable irdp on page 2272
enable isis on page 2273
enable isis area adjacency-check on page 2274
enable isis area dynamic-hostname on page 2275
enable isis area export on page 2276
enable isis area export ipv6 on page 2277
enable isis area originate-default on page 2278
enable isis area overload-bit on page 2280
enable isis hello-padding on page 2281
enable isis restart-helper on page 2281
enable jumbo-frame ports on page 2282
enable l2vpn on page 2283
enable l2vpn health-check vccv on page 2284
enable l2vpn service on page 2285
enable l2vpn sharing on page 2286
enable l2vpn vpls peer fdb send-mac-withdrawal on page 2287
enable learning iparp sender-mac on page 2288
enable learning port on page 2289
enable led locator on page 2290
enable license on page 2291
enable license file on page 2293
enable lldp ports on page 2294
enable log debug-mode on page 2295
enable log display on page 2296
enable log target on page 2297
enable log target upm on page 2299
enable log target xml-notification on page 2300
enable loopback-mode vlan on page 2300
enable mac-lockdown-timeout ports on page 2301
enable mac-locking ports on page 2302
enable mac-locking on page 2303
enable mirror on page 2304

64 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

enable mirror control_index on page 2304

enable mirror to port on page 2305
enable mirror to remote-ip on page 2309
enable mlag port peer id on page 2313
enable mlag port reload-delay on page 2314
enable mld on page 2315
enable mld snooping on page 2316
enable mld snooping with-proxy on page 2317
enable mld ssm-map on page 2318
enable mpls on page 2319
enable mpls bfd on page 2320
enable mpls exp examination on page 2321
enable mpls exp replacement on page 2322
enable mpls ldp bgp-routes on page 2322
enable mpls ldp loop-detection on page 2323
enable mpls ldp on page 2324
enable mpls php on page 2325
enable mpls protocol ldp on page 2326
enable mpls protocol rsvp-te on page 2327
enable mpls rsvp-te bundle-message on page 2328
enable mpls rsvp-te fast-reroute on page 2329
enable mpls rsvp-te lsp on page 2329
enable mpls rsvp-te summary-refresh on page 2330
enable mpls rsvp-te on page 2331
enable mpls static lsp on page 2332
enable mpls vlan on page 2333
enable msdp data-encapsulation on page 2334
enable msdp export local-sa on page 2335
enable msdp peer on page 2336
enable msdp process-sa-request on page 2337
enable msdp on page 2339
enable msrp ports on page 2339
enable msrp on page 2340
enable mvr on page 2341
enable mvrp on page 2342
enable mvrp ports on page 2343
enable neighbor-discovery refresh on page 2343
enable netlogin on page 2344
enable netlogin authentication failure vlan ports on page 2345
enable netlogin authentication service-unavailable vlan ports on page 2346
enable netlogin dot1x guest-vlan ports on page 2347
enable netlogin logout-privilege on page 2348

Switch Engine™ Command Reference Guide for version 32.7.1 65

 Commands

enable netlogin ports on page 2349

enable netlogin reauthentication-on-refresh on page 2350
enable netlogin redirect-page on page 2351
enable netlogin session-refresh on page 2351
enable network-clock gptp on page 2352
enable network-clock gptp ports on page 2353
enable network-clock ptp end-to-end transparent on page 2354
enable nodealias ports on page 2354
enable nodealias protocol on page 2355
enable ntp on page 2357
enable ntp authentication on page 2357
enable ntp broadcast-client on page 2358
enable ntp broadcast-server on page 2359
enable ntp vlan on page 2360
enable ntp vr on page 2361
enable ospf on page 2361
enable ospf capability opaque-lsa on page 2362
enable ospf export on page 2363
enable ospf export vr on page 2365
enable ospf mpls-next-hop on page 2366
enable ospf originate-default on page 2367
enable ospf restart-helper-lsa-check on page 2368
enable ospf use-ip-router-alert on page 2369
enable ospfv3 on page 2370
enable ospfv3 export on page 2371
enable ospfv3 restart-helper-lsa-check on page 2373
enable ospfv3 virtual-link restart-helper-lsa-check on page 2374
enable pim on page 2374
enable pim iproute sharing on page 2375
enable pim snooping on page 2376
enable pim ssm tunnel on page 2377
enable pim ssm vlan on page 2378
enable policy on page 2379
enable port on page 2380
enable ports mlag-id on page 2381
enable radius on page 2382
enable radius-accounting on page 2383
enable radius dynamic-authorization on page 2384
enable rip on page 2385
enable rip aggregation on page 2386
enable rip export on page 2387
enable rip originate-default cost on page 2389

66 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

enable rip poisonreverse on page 2390

enable rip splithorizon on page 2390
enable rip triggerupdates on page 2391
enable rip use-ip-router-alert on page 2392
enable ripng on page 2393
enable ripng export on page 2394
enable ripng originate-default on page 2396
enable ripng poisonreverse on page 2397
enable ripng splithorizon on page 2398
enable ripng triggerupdates on page 2399
enable rmon on page 2400
enable router-discovery on page 2402
enable sflow on page 2403
enable sflow ports on page 2404
enable sharing grouping on page 2405
enable slpp guard on page 2408
enable smartredundancy on page 2409
enable snmp access on page 2410
enable snmp access vr on page 2412
enable snmp community on page 2412
enable snmp trap l3vpn on page 2413
enable snmp traps on page 2414
enable snmp traps configuration on page 2415
enable snmp traps bfd on page 2416
enable snmp traps fdb mac-tracking on page 2417
enable snmp traps identity-management on page 2417
enable snmp traps l2vpn on page 2418
enable snmp traps l3vpn on page 2419
enable snmp traps lldp on page 2420
enable snmp traps lldp-med on page 2421
enable snmp traps mpls on page 2421
enable snmp traps ospf on page 2422
enable snmp traps ospfv3 on page 2423
enable snmp traps port-up-down ports on page 2424
enable snmpv3 on page 2424
enable snmpv3 community on page 2425
enable sntp-client on page 2426
enable ssh2 on page 2427
enable stacking on page 2429
enable stacking-support on page 2431
enable stpd on page 2431
enable stpd auto-bind on page 2432

Switch Engine™ Command Reference Guide for version 32.7.1 67

 Commands

enable stpd ports on page 2435

enable stpd rapid-root-failover on page 2436
enable subvlan-proxy-arp vlan on page 2437
enable switch bluetooth on page 2438
enable switch locally-administered-address on page 2439
enable switch usb on page 2440
enable syslog on page 2441
enable tacacs on page 2442
enable tacacs-accounting on page 2443
enable tacacs-authorization on page 2443
enable tech-support collector on page 2444
enable telnet on page 2445
enable tunnel on page 2446
enable twamp reflector on page 2447
enable twamp server on page 2448
enable udp-echo-server on page 2448
enable upm profile on page 2449
enable virtual-network remote-endpoint vxlan on page 2450
enable virtual-router on page 2451
enable vlan on page 2452
enable vman cep egress filtering ports on page 2453
enable vm autostart on page 2454
enable vm-tracking on page 2455
enable vm-tracking dynamic-vlan ports on page 2455
enable vm-tracking ports on page 2456
enable vpex on page 2457
enable vpex auto-configuration on page 2458
enable vpex auto-upgrade on page 2459
enable vpls on page 2460
enable vpls fdb mac-withdrawal on page 2461
enable vpls health-check vccv on page 2462
enable vpls service on page 2463
enable vrrp group on page 2464
enable vrrp vrid on page 2465
enable watchdog on page 2466
enable web http on page 2467
enable web https on page 2468
enable cli xml-mode on page 2468
enable/disable bfd vlan on page 2469
enable/disable xml-notification on page 2470
ENDIF on page 2471
ENDWHILE on page 2472

68 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

exit on page 2473

history on page 2474
IF ... THEN on page 2475
install bootrom on page 2477
install firmware on page 2479
install image on page 2481
install image inactive on page 2484
install license file on page 2485
load script on page 2486
load var key on page 2488
logout on page 2489
ls on page 2489
mkdir on page 2492
mrinfo on page 2493
mtrace on page 2494
mv on page 2497
nslookup on page 2500
open vm console on page 2501
ping on page 2502
ping mac port on page 2504
ping mpls lsp on page 2506
pwd on page 2508
quit on page 2509
reboot on page 2510
refresh access-list network-zone on page 2512
refresh identity-management role on page 2513
refresh igmp ssm-map on page 2514
refresh mld ssm-map on page 2515
refresh policy on page 2516
reset inline-power ports on page 2517
restart ports on page 2518
restart process on page 2519
restart process mpls on page 2521
restart vm on page 2521
resume vm on page 2522
return on page 2523
rm on page 2524
rmdir on page 2526
rtlookup rpf on page 2527
rtlookup on page 2528
run diagnostics on page 2529
run elrp on page 2531

Switch Engine™ Command Reference Guide for version 32.7.1 69

 Commands

run failover on page 2533

run script on page 2534
run provisioning on page 2536
run tech-support report on page 2538
run update on page 2539
run upm profile on page 2540
run vm-tracking repository on page 2541
save configuration on page 2542
save configuration as-script on page 2545
save configuration automatic on page 2546
save debug tracefiles on page 2548
save var key on page 2549
save vm image on page 2550
save vm state on page 2551
scp2 on page 2552
set var on page 2555
show access-list on page 2556
show access-list configuration on page 2558
show access-list counter on page 2560
show access-list counters process on page 2561
show access-list dynamic rule on page 2562
show access-list dynamic counter on page 2564
show access-list dynamic on page 2565
show access-list interface on page 2566
show access-list meter on page 2568
show access-list network-zone on page 2569
show access-list usage acl-mask port on page 2571
show access-list usage acl-range port on page 2571
show access-list usage acl-rule port on page 2572
show access-list usage acl-slice port on page 2573
show access-list width on page 2575
show accounts on page 2576
show accounts password-policy on page 2578
show auto-peering on page 2579
show auto-peering one-config on page 2581
show auto-provision on page 2583
show auto-provision cloud-connector on page 2584
show automation edge database on page 2585
show automation edge devices on page 2586
show avb on page 2587
show bandwidth pool on page 2588
show banner on page 2590

70 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

show banner netlogin on page 2591

show bfd on page 2592
show bfd counters on page 2593
show bfd session client on page 2594
show bfd session counters missed-hellos on page 2595
show bfd session counters vr all on page 2596
show bfd session detail vr all on page 2597
show bfd session vr all on page 2599
show bfd vlan counters on page 2600
show bfd vlan on page 2601
show bgp on page 2602
show bgp evpn on page 2606
show bpg evpn evi on page 2607
show bgp evpn ipv4 on page 2609
show bgp evpn ipv6 on page 2610
show bgp evpn l3vni on page 2611
show bgp evpn mac on page 2612
show bgp memory on page 2614
show bgp neighbor [flap-statistics | suppressed-routes] on page 2616
show bgp neighbor received orf on page 2619
show bgp neighbor on page 2620
show bgp peer-group on page 2627
show bgp routes summary on page 2630
show bgp routes on page 2632
show bootprelay on page 2638
show bootprelay configuration on page 2640
show bootprelay configuration ipv4 on page 2642
show bootprelay configuration ipv6 on page 2643
show bootprelay dhcp-agent information circuit-id port-information on page 2645
show bootprelay dhcp-agent information circuit-id vlan-information on page 2646
show bootprelay ipv6 on page 2647
show bootprelay ipv6 prefix-delegation snooping on page 2648
show cdp on page 2649
show cdp counters on page 2650
show cdp neighbor on page 2651
show cdp ports on page 2651
show cfm detail on page 2653
show cfm groups on page 2655
show cfm segment frame-delay statistics on page 2658
show cfm segment frame-delay on page 2659
show cfm segment frame-delay/frame-loss mep id on page 2660
show cfm segment frame-loss statistics on page 2663

Switch Engine™ Command Reference Guide for version 32.7.1 71

 Commands

show cfm segment frame-loss on page 2664

show cfm segment mep on page 2665
show cfm segment on page 2667
show cfm session counters missed-hellos on page 2669
show cfm on page 2670
show checkpoint-data on page 2673
show clear-flow on page 2675
show clear-flow acl-modified on page 2676
show clear-flow rule on page 2677
show clear-flow rule-all on page 2679
show clear-flow rule-triggered on page 2680
show cli journal on page 2681
show configuration on page 2682
show configuration difference on page 2685
show configuration “xmlc” on page 2687
show cos-index on page 2688
show counters vr on page 2689
show cpu-monitoring on page 2690
show database on page 2693
show debug on page 2695
show dhcp-client state on page 2696
show dhcp-server on page 2697
show diagnostics on page 2698
show diffserv examination on page 2699
show diffserv replacement on page 2700
show dns-client on page 2701
show dns cache analytics configuration on page 2702
show dns cache analytics protected-client on page 2703
show dns cache configuration on page 2704
show dns cache analytics statistics on page 2705
show dns cache on page 2708
show dns cache name-server on page 2709
show dos-protect on page 2710
show dot1p on page 2712
show dwdm channel-map on page 2713
show eaps on page 2714
show eaps cfm groups on page 2719
show eaps counters shared-port on page 2720
show eaps counters on page 2725
show eaps shared-port on page 2730
show eaps shared-port neighbor-info on page 2735
show edp on page 2736

72 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

show elrp on page 2738

show elrp disabled-ports on page 2740
show elrp dynamic-vlans on page 2742
show elsm ports on page 2744
show elsm on page 2748
show erps on page 2751
show erps ring-name on page 2752
show erps statistics on page 2753
show esrp on page 2754
show esrp aware on page 2756
show esrp counters on page 2758
show ethernet oam on page 2759
show fabric attach agent on page 2761
show fabric attach assignments on page 2762
show fabric attach elements on page 2763
show fabric attach port on page 2764
show fabric attach ports authentication on page 2765
show fabric attach statistics on page 2766
show fabric attach zero-touch-client on page 2767
show failsafe-account on page 2767
show fans on page 2768
show fdb on page 2770
show fdb mac-tracking configuration on page 2774
show fdb mac-tracking statistics on page 2774
show fdb static-mac-move configuration on page 2776
show fdb stats on page 2777
show flow-redirect on page 2779
show flowmon on page 2780
show flowmon collector on page 2781
show flowmon group on page 2782
show flowmon group statistics on page 2784
show flowmon group template on page 2785
show flowmon key on page 2786
show forwarding configuration on page 2787
show forwarding hardware-utilization on page 2789
show heartbeat process on page 2791
show identity-management blacklist on page 2793
show identity-management entries on page 2793
show identity-management greylist on page 2798
show identity-management list-precedence on page 2798
show identity-management role on page 2799
show identity-management statistics on page 2801

Switch Engine™ Command Reference Guide for version 32.7.1 73

 Commands

show identity-management whitelist on page 2802

show identity-management on page 2803
show igmp on page 2804
show igmp counters on page 2805
show igmp group on page 2806
show igmp snooping cache on page 2807
show igmp snooping vlan filter on page 2809
show igmp snooping vlan static on page 2809
show igmp snooping vlan on page 2810
show igmp snooping on page 2812
show igmp ssm-map on page 2813
show inlets on page 2814
show inline-power configuration ports on page 2815
show inline-power fast ports on page 2816
show inline-power info ports on page 2818
show inline-power slot on page 2822
show inline-power stats ports on page 2824
show inline-power stats slot on page 2826
show inline-power stats on page 2827
show inline-power on page 2828
show instant-port ports on page 2829
show instant-port profile on page 2831
show ip nat on page 2832
show ip nat rule on page 2833
show ip nat rule statistics on page 2835
show ip nat vlan on page 2836
show ip nat vlan counters on page 2837
show iparp on page 2838
show iparp proxy on page 2841
show iparp security on page 2842
show iparp stats on page 2843
show ipconfig on page 2845
show ipconfig ipv6 on page 2847
show ipmroute on page 2849
show iproute on page 2850
show iproute bfd on page 2853
show iproute direct-inter-vr on page 2854
show iproute ipv6 origin on page 2855
show iproute ipv6 on page 2857
show iproute mpls origin on page 2859
show iproute mpls on page 2860
show iproute multicast on page 2861

74 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

show iproute origin on page 2863

show iproute protection ping on page 2865
show iproute reserved-entries on page 2866
show iproute reserved-entries statistics on page 2867
show ip-security anomaly-protection notify cache ports on page 2869
show ip-security arp gratuitous-protection on page 2870
show ip-security arp learning on page 2871
show ip-security arp validation on page 2872
show ip-security arp validation violations on page 2873
show ip-security dhcp-snooping entries on page 2875
show ip-security dhcp-snooping information circuit-id port-
information on page 2876
show ip-security dhcp-snooping information-option on page 2877
show ip-security dhcp-snooping information-option circuit-id vlan-
information on page 2878
show ip-security dhcp-snooping information remote-id on page 2879
show ip-security dhcp-snooping on page 2880
show ip-security dhcp-snooping violations on page 2882
show ip-security source-ip-lockdown on page 2883
show ipstats ipv6 on page 2883
show ipstats on page 2884
show ipv6 dad on page 2886
show iqagent on page 2887
show iqagent discovery detail on page 2889
show isis on page 2891
show isis area summary-addresses on page 2892
show isis area on page 2893
show isis counters on page 2893
show isis lsdb on page 2894
show isis neighbors on page 2896
show isis topology on page 2897
show isis vlan on page 2898
show keychain on page 2899
show l2pt on page 2901
show l2pt profile on page 2901
show L2stats on page 2903
show l2vpn on page 2904
show lacp on page 2909
show lacp counters on page 2911
show lacp lag on page 2912
show lacp member-port on page 2916
show ldap domain on page 2919

Switch Engine™ Command Reference Guide for version 32.7.1 75

 Commands

show ldap statistics on page 2922

show licenses on page 2924
show lldp on page 2926
show lldp dcbx on page 2928
show lldp neighbors on page 2935
show lldp statistics on page 2938
show log on page 2939
show log components on page 2943
show log configuration filter on page 2947
show log configuration target on page 2948
show log configuration target upm on page 2952
show log configuration target xml-notification on page 2954
show log configuration on page 2956
show log counters on page 2959
show log events on page 2962
show mac-lockdown-timeout fdb ports on page 2964
show mac-lockdown-timeout ports on page 2965
show mac-locking stations on page 2966
show mac-locking on page 2967
show macsec on page 2969
show macsec connectivity-association on page 2971
show macsec encryption-engine monitor on page 2972
show macsec ports on page 2973
show macsec ports configuration on page 2976
show macsec ports detail on page 2977
show macsec ports usage on page 2981
show macsec usage on page 2983
show management on page 2984
show mcast cache on page 2987
show mcast ipv6 cache on page 2989
show memory on page 2990
show memory process on page 2994
show meter on page 2996
show meter out-of-profile on page 2998
show mirror on page 2999
show mlag peer on page 3003
show mlag ports on page 3005
show mld on page 3007
show mld counters on page 3008
show mld group on page 3009
show mld snooping on page 3010
show mld snooping vlan filter on page 3011

76 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

show mld snooping vlan static on page 3012

show mld ssm-map on page 3013
show mpls on page 3015
show mpls bfd on page 3016
show mpls exp examination on page 3017
show mpls exp replacement on page 3018
show mpls interface on page 3019
show mpls label on page 3020
show mpls label l3vpn on page 3023
show mpls label usage on page 3025
show mpls ldp on page 3027
show mpls ldp interface on page 3029
show mpls ldp label on page 3031
show mpls ldp label advertised on page 3032
show mpls ldp label l2vpn retained on page 3034
show mpls ldp label l2vpn on page 3035
show mpls ldp label lsp retained on page 3036
show mpls ldp label retained on page 3038
show mpls ldp lsp on page 3039
show mpls ldp peer on page 3041
show mpls rsvp-te bandwidth on page 3044
show mpls rsvp-te interface on page 3046
show mpls rsvp-te lsp on page 3048
show mpls rsvp-te lsp [egress | transit] on page 3051
show mpls rsvp-te lsp ingress on page 3053
show mpls rsvp-te neighbor on page 3055
show mpls rsvp-te path on page 3056
show mpls rsvp-te profile on page 3058
show mpls rsvp-te profile fast-reroute on page 3059
show mpls rsvp-te on page 3060
show mpls static lsp on page 3062
show mpls statistics l2vpn on page 3063
show mrp ports on page 3064
show msdp memory on page 3066
show msdp mesh-group on page 3067
show msdp peer on page 3068
show msdp sa-cache on page 3070
show msdp on page 3071
show msrp on page 3072
show msrp listeners on page 3073
show msrp ports on page 3075
show msrp ports bandwidth on page 3077

Switch Engine™ Command Reference Guide for version 32.7.1 77

 Commands

show msrp ports counters on page 3078

show msrp streams on page 3079
show msrp talkers on page 3081
show mvr on page 3083
show mvr cache on page 3084
show mvrp on page 3085
show mvrp ports counters on page 3085
show mvrp tag on page 3087
show netlogin on page 3088
show neighbor-discovery cache ipv6 on page 3093
show netlogin authentication failure vlan on page 3095
show netlogin authentication service-unavailable vlan on page 3096
show netlogin banner on page 3097
show netlogin guest-vlan on page 3097
show netlogin local-users on page 3098
show netlogin mac-list on page 3100
show netlogin session on page 3101
show netlogin timeout on page 3102
show netlogin trap on page 3103
show network-clock gptp on page 3104
show network-clock gptp ports on page 3106
show network-clock ptp on page 3110
show network-clock ptp end-to-end-transparent on page 3111
show node on page 3112
show nodealias on page 3114
show nodealias ip address on page 3115
show nodealias mac on page 3116
show nodealias ports on page 3117
show nodealias protocol on page 3118
show ntp on page 3119
show ntp association statistics on page 3120
show ntp association on page 3121
show ntp key on page 3123
show ntp restrict-list on page 3124
show ntp server on page 3125
show ntp sys-info on page 3125
show ntp vlan on page 3126
show ntp vr on page 3127
show odometers on page 3128
show ospf on page 3129
show ospf area on page 3131
show ospf ase-summary on page 3132

78 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

show ospf inter-vr-export on page 3132

show ospf inter-vr-export detail on page 3133
show ospf interfaces on page 3134
show ospf interfaces detail on page 3136
show ospf lsdb on page 3137
show ospf memory on page 3138
show ospf neighbor on page 3139
show ospf virtual-link on page 3140
show ospfv3 on page 3141
show ospfv3 area on page 3142
show ospfv3 interfaces on page 3144
show ospfv3 lsdb stats on page 3147
show ospfv3 lsdb on page 3148
show ospfv3 neighbor on page 3150
show ospfv3 virtual-link on page 3151
show pim anycast-rp on page 3153
show pim cache on page 3155
show pim on page 3157
show pim snooping on page 3162
show pim tunnel on page 3163
show policy on page 3164
show policy access-list on page 3165
show policy access-list action-set on page 3169
show policy allowed-type on page 3170
show policy app-signature on page 3171
show policy app-signature group on page 3172
show policy autoclear on page 3174
show policy capability on page 3175
show policy captive-portal on page 3177
show policy convergence-endpoint on page 3180
show policy convergence-endpoint connections on page 3181
show policy convergence-endpoint ports on page 3182
show policy dynamic on page 3182
show policy invalid on page 3183
show policy maptable on page 3184
show policy profile on page 3185
show policy resource-profile on page 3187
show policy rule on page 3189
show policy rule port-hit on page 3193
show policy slices on page 3194
show policy state on page 3195
show policy syslog on page 3196

Switch Engine™ Command Reference Guide for version 32.7.1 79

 Commands

show policy vlanauthorization on page 3197

show port forward-error-correction on page 3198
show port information on page 3199
show ports on page 3208
show ports advertised on page 3210
show ports anomaly on page 3211
show ports auto 1G-optics-in-10G-ports on page 3213
show ports buffer on page 3214
show ports collisions on page 3216
show ports configuration on page 3217
show ports congestion on page 3220
show ports eee on page 3223
show ports flow-control on page 3224
show ports group on page 3225
show ports link-flap-detection on page 3226
show ports link-scan on page 3227
show ports macsec-engines on page 3228
show ports packet on page 3229
show ports protocol filter on page 3231
show ports qosmonitor on page 3233
show ports qosmonitor {congestion} on page 3234
show ports rate-limit flood on page 3236
show ports redundant on page 3239
show ports rxerrors on page 3240
show ports sharing on page 3243
show ports stack-ports congestion on page 3245
show ports stack-ports qosmonitor on page 3246
show ports stack-ports qosmonitor congestion on page 3248
show ports statistics on page 3249
show ports transceiver information detail on page 3252
show ports transceiver information on page 3255
show ports txerrors on page 3257
show ports utilization on page 3259
show ports vlan statistics on page 3262
show ports wred on page 3263
show power on page 3266
show power (Stack Nodes Only) on page 3269
show private-vlan on page 3271
show private-vlan name on page 3272
show process on page 3273
show process group on page 3279
show protocol on page 3280

80 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

show qosprofile on page 3282

show qosscheduler on page 3283
show radius on page 3285
show radius-accounting on page 3287
show radius dynamic-authorization on page 3289
show rip on page 3290
show rip interface vlan on page 3291
show rip interface on page 3292
show rip memory on page 3294
show rip routes on page 3295
show ripng on page 3296
show ripng interface on page 3297
show ripng routes on page 3298
show rmon memory on page 3300
show router-discovery on page 3302
show rtep l2pt on page 3303
show script output autoexec on page 3305
show script output default on page 3306
show security on page 3307
show session on page 3312
show sflow configuration on page 3314
show sflow hardware-utilization on page 3316
show sflow statistics on page 3317
show sharing on page 3318
show sharing distribution port-based on page 3319
show sharing health-check on page 3320
show sharing port-based keys on page 3321
show slot on page 3322
show slpp guard on page 3327
show snmp on page 3329
show snmp notification-log on page 3330
show snmp traps bfd on page 3331
show snmp traps configuration on page 3332
show snmp vr_name on page 3332
show snmpv3 access on page 3334
show snmpv3 community on page 3336
show snmpv3 context on page 3337
show snmpv3 counters on page 3338
show snmpv3 engine-info on page 3339
show snmpv3 extreme-target-addr-ext on page 3340
show snmpv3 filter on page 3341
show snmpv3 filter-profile on page 3342

Switch Engine™ Command Reference Guide for version 32.7.1 81

 Commands

show snmpv3 group on page 3344

show snmpv3 mib-view on page 3346
show snmpv3 notify on page 3348
show snmpv3 target-addr on page 3349
show snmpv3 target-params on page 3350
show snmpv3 user on page 3351
show sntp-client on page 3353
show ssh2 on page 3354
show ssh2 ciphers macs on page 3357
show ssh2 private-key on page 3357
show sshd2 user-key on page 3358
show ssl on page 3359
show ssl csr on page 3360
show stack-ports debounce on page 3361
show stacking on page 3362
show stacking configuration on page 3365
show stacking detail on page 3367
show stacking stack-ports on page 3369
show stacking-support on page 3372
show stpd ports blocked-ports on page 3374
show stpd ports counters on page 3375
show stpd ports non-forwarding-reason on page 3377
show stpd on page 3378
show stpd ports on page 3382
show switch on page 3385
show switch bluetooth on page 3389
show switch management on page 3390
show switch mounts on page 3392
show switch usb on page 3393
show system on page 3394
show tacacs on page 3396
show tacacs-accounting on page 3399
show time on page 3400
show tech-support on page 3402
show tech-support collector on page 3405
show temperature on page 3406
show tunnel on page 3407
show twamp endpoint on page 3410
show twamp reflector on page 3411
Object Missing on page 3412
show upm event on page 3412
show upm history on page 3413

82 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

show upm history exec-id on page 3414

show upm profile on page 3415
show upm timers on page 3416
show var on page 3418
show version on page 3419
show virtual-network on page 3421
show virtual-network remote-endpoint vxlan on page 3423
show virtual-network statistics on page 3424
show virtual-router on page 3426
show vlan on page 3431
show vlan description on page 3436
show vlan dhcp-config on page 3437
show vlan dhcp-address-allocation on page 3438
show vlan dynamic-vlan on page 3439
show vlan eaps on page 3440
show vlan l2pt on page 3441
show vlan security on page 3443
show vlan statistics on page 3444
show vlan stpd on page 3445
show vm on page 3447
show vm guest interfaces on page 3448
show vm virtual-interface on page 3449
show vman on page 3450
show vman eaps on page 3453
show vman ethertype on page 3453
show vm-tracking on page 3454
show vm-tracking local-vm on page 3456
show vm-tracking network-vm on page 3457
show vm-tracking nms on page 3458
show vm-tracking port on page 3459
show vm-tracking repository on page 3460
show vm-tracking vpp on page 3461
show vpex on page 3462
show vpex auto-configuration on page 3464
show vpex bpe on page 3465
show vpex bpe cpu-utilization on page 3466
show vpex bpe environment on page 3467
show vpex bpe statistics on page 3468
show vpex bpe version detail on page 3471
show vpex ports on page 3472
show vpex ports ecp errors on page 3473
show vpex ports ecp statistics on page 3474

Switch Engine™ Command Reference Guide for version 32.7.1 83

 Commands

show vpex ports statistics on page 3475

show vpex stacking on page 3478
show vpex topology on page 3479
show vpls on page 3482
show vpls peer l2pt on page 3490
show vrrp on page 3491
show vrrp group on page 3494
show vrrp vlan on page 3495
show wredprofile on page 3497
show xml-notification configuration on page 3498
show xml-notification statistics on page 3500
ssh2 on page 3501
start orchestration mlag on page 3504
start process on page 3505
start vm on page 3506
stop orchestration on page 3507
stop vm on page 3508
suspend vm on page 3509
synchronize on page 3510
synchronize stacking on page 3513
telnet slot on page 3514
telnet on page 3515
terminate process on page 3517
terminate vpex ztp on page 3519
tftp on page 3520
tftp get on page 3523
tftp put on page 3526
top on page 3527
traceroute on page 3528
traceroute mac port on page 3530
traceroute mpls lsp on page 3532
unalias on page 3534
unconfigure access-list on page 3535
unconfigure avb on page 3536
unconfigure banner on page 3537
unconfigure bfd vlan on page 3538
unconfigure bootprelay dhcp-agent information check on page 3539
unconfigure bootprelay dhcp-agent information circuit‑id port-
information on page 3540
unconfigure bootprelay dhcp-agent information circuit‑id vlan-
information on page 3541
unconfigure bootprelay dhcp-agent information option on page 3542

84 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

unconfigure bootprelay dhcp-agent information policy on page 3542

unconfigure bootprelay dhcp-agent information remote-id on page 3543
unconfigure bootprelay dhcp-agent source-vlan on page 3544
unconfigure bootprelay include-secondary on page 3545
unconfigure cfm domain association end-point transmit-interval on page 3546
unconfigure cos-index on page 3547
unconfigure diffserv examination on page 3547
unconfigure diffserv replacement on page 3548
unconfigure eaps port on page 3549
unconfigure eaps shared-port link-id on page 3550
unconfigure eaps shared-port mode on page 3551
unconfigure elrp-client on page 3552
unconfigure elrp-client disable ports on page 3553
unconfigure erps cfm on page 3554
unconfigure erps neighbor-port on page 3555
unconfigure erps notify-topology-change on page 3555
unconfigure erps protection-port on page 3556
unconfigure erps ring-ports west on page 3557
unconfigure icmp on page 3558
unconfigure igmp on page 3559
unconfigure identity-management list-precedence on page 3559
unconfigure identity-management on page 3560
unconfigure igmp snooping vlan ports set join-limit on page 3561
unconfigure igmp ssm-map on page 3562
unconfigure inline-power classification on page 3563
unconfigure inline-power detection ports on page 3565
unconfigure inline-power disconnect-precedence on page 3566
unconfigure inline-power operator-limit ports on page 3566
unconfigure inline-power priority ports on page 3568
unconfigure inline-power usage-threshold on page 3568
unconfigure iparp on page 3569
unconfigure ip-fix on page 3570
unconfigure ip-fix flow-key on page 3571
unconfigure ip-fix ip-address on page 3572
unconfigure ip-fix ports on page 3573
unconfigure ip-fix ports flow-key mask on page 3573
unconfigure ip-fix source ip-address on page 3574
unconfigure iproute priority on page 3575
unconfigure iproute ipv6 priority on page 3577
unconfigure ip-security dhcp-bindings storage filename on page 3579
unconfigure ip-security dhcp-snooping information check on page 3580

Switch Engine™ Command Reference Guide for version 32.7.1 85

 Commands

unconfigure ip-security dhcp-snooping information circuit-id port-information

ports on page 3580
unconfigure ip-security dhcp-snooping information circuit-id vlan-
information on page 3581
unconfigure ip-security dhcp-snooping information option on page 3582
unconfigure ip-security dhcp-snooping information policy on page 3582
unconfigure ip-security dhcp-snooping information remote-id on page 3583
Object Missing on page 3584
unconfigure isis area on page 3584
unconfigure isis vlan on page 3585
unconfigure l2vpn dot1q ethertype on page 3586
unconfigure l2vpn vpls redundancy on page 3587
unconfigure ldap domains on page 3588
unconfigure lldp on page 3588
unconfigure log filter on page 3589
unconfigure log target format on page 3590
unconfigure meter on page 3592
unconfigure mlag peer interval on page 3593
unconfigure mlag peer ipaddress on page 3594
unconfigure mld on page 3594
unconfigure mld ssm-map on page 3595
unconfigure mpls exp examination on page 3596
unconfigure mpls exp replacement on page 3597
unconfigure mpls vlan on page 3598
unconfigure mpls on page 3598
unconfigure mrp ports timers on page 3599
unconfigure msdp sa-cache-server on page 3601
unconfigure msrp on page 3601
unconfigure mstp region on page 3602
unconfigure mvrp stpd on page 3603
unconfigure mvrp tag on page 3604
unconfigure mvrp on page 3605
unconfigure neighbor-discovery cache on page 3606
unconfigure netlogin on page 3607
unconfigure netlogin allowed-refresh-failures on page 3608
unconfigure netlogin authentication database-order on page 3608
unconfigure netlogin authentication failure vlan on page 3609
unconfigure netlogin authentication service-unavailable vlan on page 3610
unconfigure netlogin banner on page 3611
unconfigure netlogin dot1x guest-vlan on page 3611
unconfigure netlogin local-user security-profile on page 3612
unconfigure netlogin ports on page 3613

86 Switch Engine™ Command Reference Guide for version 32.7.1

Commands

unconfigure netlogin session-refresh on page 3614

unconfigure netlogin vlan on page 3614
unconfigure network-clock gptp ports on page 3615
unconfigure ospf on page 3616
unconfigure ospfv3 on page 3617
unconfigure pim on page 3619
unconfigure pim border on page 3620
unconfigure pim ssm range on page 3621
unconfigure pim tunnel on page 3622
unconfigure policy all-rules on page 3623
unconfigure policy app-signature group name on page 3623
unconfigure policy autoclear on page 3624
unconfigure policy captive-portal on page 3625
unconfigure policy captive-portal listening on page 3626
unconfigure policy convergence-endpoint all on page 3627
unconfigure policy convergence-endpoint index on page 3628
unconfigure policy invalid action on page 3628
unconfigure policy maptable on page 3629
unconfigure policy profile on page 3630
unconfigure policy rule on page 3630
unconfigure policy syslog on page 3631
unconfigure policy vlanauthorization on page 3633
unconfigure port description-string on page 3633
unconfigure ports display string on page 3634
unconfigure ports link-flap-detection on page 3635
unconfigure ports monitor vlan on page 3636
unconfigure ports redundant on page 3637
unconfigure process group on page 3637
unconfigure qosprofile on page 3638
unconfigure qosprofile wred on page 3639
unconfigure qosscheduler ports on page 3640
unconfigure radius on page 3641
unconfigure radius-accounting on page 3642
unconfigure radius-accounting server on page 3644
unconfigure radius server on page 3644
unconfigure rip on page 3645
unconfigure ripng on page 3646
unconfigure sflow on page 3647
unconfigure sflow agent on page 3648
unconfigure sflow collector on page 3648
unconfigure sflow ports on page 3649
unconfigure slot on page 3650

Switch Engine™ Command Reference Guide for version 32.7.1 87

 Commands

unconfigure ssl certificate on page 3651

unconfigure stacking on page 3652
unconfigure stacking alternate-ip-address on page 3653
unconfigure stacking license-level on page 3654
unconfigure stacking-support on page 3655
unconfigure stpd ports link-type on page 3656
unconfigure stpd on page 3657
unconfigure switch on page 3658
unconfigure tacacs on page 3660
unconfigure tacacs-accounting on page 3661
unconfigure timezone on page 3661
unconfigure trusted-ports trust-for dhcp-server on page 3662
unconfigure tunnel on page 3663
unconfigure upm event on page 3664
unconfigure upm timer on page 3665
unconfigure vlan description on page 3665
unconfigure vlan dhcp on page 3666
unconfigure vlan dhcp-address-range on page 3667
unconfigure vlan dhcp-options on page 3668
unconfigure vlan ipaddress on page 3669
unconfigure vlan router-discovery on page 3670
unconfigure vlan router-discovery default-lifetime on page 3671
unconfigure vlan router-discovery hop-limit on page 3671
unconfigure vlan router-discovery link-mtu on page 3672
unconfigure vlan router-discovery managed-config-flag on page 3673
unconfigure vlan router-discovery max-interval on page 3674
unconfigure vlan router-discovery min-interval on page 3674
unconfigure vlan router-discovery other-config-flag on page 3675
unconfigure vlan router-discovery reachable-time on page 3676
unconfigure vlan router-discovery retransmit-time on page 3677
unconfigure vlan subvlan-address-range on page 3678
unconfigure vlan udp-profile on page 3678
unconfigure vman ethertype on page 3679
unconfigure vm-tracking local-vm on page 3680
unconfigure vm-tracking nms on page 3681
unconfigure vm-tracking repository on page 3682
unconfigure vm-tracking vpp vlan-tag on page 3683
unconfigure vm-tracking vpp on page 3683
unconfigure vpex on page 3684
unconfigure vpex mlag-id peer on page 3685
unconfigure vpls dot1q ethertype on page 3686
unconfigure vpls snmp-vpn-identifier on page 3687

88 Switch Engine™ Command Reference Guide for version 32.7.1

Commands alias

unconfigure vr description on page 3688

unconfigure vr rd on page 3689
unconfigure vr vpn-id on page 3689
unconfigure xml-notification on page 3690
uninstall image on page 3691
uninstall license file on page 3693
uninstall license product on page 3694
upload configuration on page 3696
upload debug on page 3700
upload dhcp-bindings on page 3702
upload log on page 3703
use configuration on page 3705
use image on page 3707
virtual-router on page 3709
watch on page 3711
WHILE ... DO on page 3713

The following section explains the operating system commands.

alias
alias alias_name command

Description
Creates aliases to execute any ExtremeXOS command, including any options,
arguments, and redirection.

Syntax Description
alias_name Specifies an alias name for the command.
command ExtremeXOS command that you are creating an alias for.

Default
N/A

Usage Guidelines
To be recognized, the alias must be the first word in the string typed at the shell
prompt. Substitution does not occur if the alias name string occurs anywhere else.
Aliases are only recognized by the EXSH shell session in which they are created.

Switch Engine™ Command Reference Guide for version 32.7.1 89

Example Commands

Executing the command alias (with no other arguments) displays a list of current
aliases. Executing the command alias alias_name displays the command that will be
substituted for alias_name.

To delete aliases, use the command unalias on page 3534.

After an alias has been created, you can auto-complete the alias name or display
possible aliases along with regular commands by pressing the TAB key. You can tab-
complete arguments that follow commands corresponding to an alias.

Creating an alias using the name of an existing ExtremeXOS command overrides

the original meaning of that command. For example, executing alias download
"download image 102.3.10.5" allows you to simply type download image_name
to download your ExtremeXOS image from the 102.3.10.5 location . However, if
you then want to download a bootrom file, the command download bootrom
102.3.10.5filename no longer functions correctly. Such an alias can be disabled
temporarily and the original command behavior restored by preceding it directly (with
no spaces in between) with a backslash, \download bootrom 102.3.10.5filename
This temporarily overrides the alias definition and uses the original command.

To create an alias for a command that contains quoted strings within it, use a
backslash. For example, if creating an alias "cr" for the command configure vlan
default description "This is the default VLAN", use the command alias cr
"configure vlan default description \"This is the default VLAN\"".

The following limitations apply to aliases:

• Arguments cannot occur in the middle of alias commands. For example, you
cannot create an alias "set_vlan_ip" for the command configure vlan vlan_name
ipaddress ip_address where you specify the VLAN name as an argument. This is
because aliases work through direct textual substitution.
• Aliases cannot be chained together. For example, if you create an alias "sh" for show
version and another alias "ps" for process, then entering sh ps at the prompt is not
equivalent to entering “show version process”.
• You cannot tab-complete commands while trying to create an alias using the alias
command.
• Aliases cannot be created for the current shell session using UPM scripts or Python
scripts.

Aliases are only available in the shell session in which they are created. When you exit
the shell your aliases are lost. To create persistent aliases, you need to add the aliases
to the script exshrc.xsf that you must create using the VI editor and save in the /usr/
local/cfg folder.

Example
The following example creates an alias named "set" for configure commands:
alias set "configure"

90 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

You can now substitute the command set for all configure commands. For example,
you can type set vlan vlan_name tag tag instead of configure vlan vlan_name
tag tag.

The following example creates an alias named "mycmd" to substitute for the configure
policy profile command with the following arguments:
alias mycmd "configure policy profile 1 name Extreme pvid 1000 pvid-status enable tci-
overwrite enable auth-override enable forbidden-vlans 2 cos-status enable cos 2 untagged-
vlans 2 egress-vlans 200"

Typing mycmd now executes the command configure policy profile 1 name
Extreme pvid 1000 pvid-status enable tci-overwrite enable auth-override
enable forbidden-vlans 2 cos-status enable cos 2 untagged-vlans 2
egress-vlans 200

The following example lists all current aliases:

alias
alias mycmd='configure policy profile 1 name Extreme pvid 1000 pvid-status enable tci-
overwrite enable auth-override enable forbidden-vlans 2 cos-status enable cos 2 untagged-
vlans 2 egress-vlans 200'
alias set='configure'

History
This command was first available in ExtremeXOS 22.3

Platform Availability
This command is available on all Universal switches supported in this document.

cat
cat {--number | -n } {--number-nonblank | -b } {--show-ends | -E } {--
show-tabs | -T } {--show-nonprinting | -v }

Description
Displays the contents of various text files that may be created, edited, or otherwise
visible in the user-visible file system.

Syntax Description
--number Specifies that all output lines are numbered.
-n Specifies that all output lines are numbered (same as --
number).
--number-nonblank Specifies that nonempty lines be numbers (overrides --
number).

Switch Engine™ Command Reference Guide for version 32.7.1 91

Default Commands

-b Specifies that nonempty lines be numbers (same as --

number-nonblank).
--show-ends Displays $ at the end of each line.
-E Displays $ at the end of each line (same as --show-ends).
--show-nonprinting Specifies to use ^ and M- notation, except for LF and TAB.
-v Specifies to use ^ and M- notation, except for LF and TAB
(same as --show-nonprinting).
--show-tabs Displays TAB characters as ^I.
-T Displays TAB characters as ^I (same as --show-tabs).

Default
N/A

Usage Guidelines
Example files include ExtremeXOS shell script (.xsf), Python (.py), policy (.pol), license
(.lic), and logging (.log) files.

There is no restriction on the type of file to be displayed.

CLI paging is effective for this command, but output filtering is not.

Example
The following example displays all options and filetypes for this command:
# cat ?
--number Number all output lines
--number-nonblank Number nonempty output lines (overrides --number)
--show-ends Display $ at end of each line
--show-nonprinting Use ^ and M- notation, except for LF and TAB
--show-tabs Display TAB characters as ^I
-E Display $ at end of each line (same as --show-ends)
-T Display TAB characters as ^I (same as --show-tabs)
-b Number nonempty output lines (same as --number-nonblank)
-n Number all output lines (same as --number)
-v Use ^ and M- notation, except for LF and TAB (same as --show-
nonprinting)
<filename> File name
../ ./
VZbase.pol VZbase1.pol
VZbase2.pol cc_logs/
dhcp-reply.pcap dhcp-reply.pkt
dhcpreply.pkt dhcpresp.pkt
dhcpresp.py lost+found/
nsi.dmp nsi_last_req.dmp
nsi_new.dmp nsi_re.dmp
old_nsi_first_req_after_reboot.dmp old_nsi_last_req.dmp
primary.cfg rest.tar
rest/ ssl/
test.xsf vmt/

92 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 31.4.

Platform Availability
This command is available on all Universal switches supported in this document.

cd
cd directory_name

Description
Changes the current working directory to the directory of the specified file system or
relative to the current working directory.

Syntax Description
cd Change current working directory.
directory_name Pathname of a directory.

Default
N/A.

Usage Guidelines
Use this command to change the current working directory to the directory of the
specified file system.

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

check policy attribute

check policy attribute {attr}

Description
Displays the syntax of the specified policy attribute.

Switch Engine™ Command Reference Guide for version 32.7.1 93

Syntax Description Commands

Syntax Description
attr Specifies the attribute check.

Default
N/A.

Usage Guidelines
Use this command to display the syntax of policy attributes. The command displays any
additional keywords to use with this attribute, and the types of values expected.

Policy attributes are used in the rule entries that make up a policy file.

For each attribute, this command displays which applications use the attribute, and
whether the attribute is a match condition or a set (action, action modifier) condition.

The current applications are:

• ACL (Access Control List)—access-lists.
• RT—routing profiles, route maps.
• CLF—CLEAR-Flow.
The syntax display does not show the text synonyms for numeric entries. For example,
the icmp-type match condition allows you to specify either an integer or a text
synonym for the condition. Specifying icmp-type 8 or icmp-type echo-request are
equivalent, but the syntax display shows only the numeric option.

Note
The syntax displayed is used by the policy manager to verify the syntax of
policy files. The individual applications are responsible for implementing the
individual attributes. Inclusion of a particular policy attribute in this command
output does not imply that the attribute has been implemented by the
application. See the documentation of the particular application for detailed
lists of supported attributes.

Example
The following example displays the syntax of the policy attribute icmp-type:
check policy attribute icmp-type

The following is sample output for this command:

( match ) ( ACL )
icmp-type <uint32 val>

History
This command was first available in ExtremeXOS 11.1.

94 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

check policy
check policy policy-name {access-list}

Description
Checks the syntax of the specified policy.

Syntax Description
policy-name Specifies the policy to check.
access-list Specifies that an access list specific check is performed.

Default
N/A.

Usage Guidelines
Use this command to check the policy syntax before applying it. If any errors are found,
the line number and a description of the syntax error are displayed. A policy that
contains syntax errors will not be applied.

This command can only determine if the syntax of the policy file is correct and can
be loaded into the policy manager database. Since a policy can be used by multiple
applications, a particular application may have additional constraints on allowable
policies.

Example
The following example checks the syntax of the policy zone5:
check policy zone5

If no syntax errors are discovered, the following message is displayed:

Policy file check successful.

History
This command was available in ExtremeXOS 10.1.

The success message and the access-list keyword was added in ExtremeXOS 11.4.

Switch Engine™ Command Reference Guide for version 32.7.1 95

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

clear access-list counter

clear access-list {dynamic} counter {countername} {any | ports port_list
| vlan vlan_name} {ingress | egress}

Description
Clears the specified access list counters.

Syntax Description
dynamic Specifies that the counter is from a dynamic ACL.
countername Specifies the ACL counter to clear.
any Specifies the wildcard ACL.
port_list Specifies to clear the counters on these ports.
vlan_name Specifies to clear the counters on the VLAN (Virtual LAN).
ingress Clear the ACL counter for packets entering the switch on
this interface.
egress Clear the ACL counter for packets leaving the switch from
this interface.

Default
The default direction is ingress; the default ACL type is non-dynamic.

Usage Guidelines
Use this command to clear the ACL counters. If you do not specify an interface, or the
any option, you will clear all the counters.

Example
The following example clears all the counters of the ACL on port 2:1:
clear access-list counter port 2:1

The following example clears the counter counter2 of the ACL on port 2:1
clear access-list counter counter2 port 2:1

History
This command was first available in ExtremeXOS 10.1.

96 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

The vlan option was first available in ExtremeXOS 11.0.

The egress and dynamic options were first available in ExtremeXOS 11.3.

Platform Availability
This command is available on all Universal switches supported in this document.

clear access-list meter

clear access-list meter {meter_name} [any | ports [all | port_list ] |
vlan vlan_name]

Description
Clears the specified access list meters.

Syntax Description
meter_name Specifies the ACL meter to clear.
any Clear the meter applied to wildcard, including all VLANs
and all ports.
ports Clear the meter applied to a specific port list.
port_list Specifies to clear the counters on these ports.
vlan Clear the meter applied to a specific VLAN.
vlan_name Specifies to clear the counters on the VLAN.

Default
N/A.

Usage Guidelines
Use this command to clear the out-of-profile counters associated with the meter
configuration.

Example
The following example clears all the out-of-profile counters for the meters of the ACL on
port 2:1:
clear access-list meter port 2:1

The following example clears the out-of-profile counters for the meter meter2 of the
ACL on port 2:1:
clear access-list meter meter2 port 2:1

Switch Engine™ Command Reference Guide for version 32.7.1 97

History Commands

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear account lockout

clear account [all | name] lockout

Description
Re-enables an account that has been locked out (disabled) for exceeding the
permitted number failed login attempts. This was configured by using the configure
account [all | name] password-policy lockout-on-login-failures [on |
off] command.

Syntax Description
all Specifies all users.
name Specifies an account name.

Default
N/A.

Usage Guidelines
This command applies to sessions at the console port of the switch as well as all other
sessions.

You can re-enable both user and administrative accounts, once they have been
disabled for exceeding the 3 failed login attempts.

Note
The failsafe accounts are never locked out.

This command only clears the locked-out (or disabled) condition of the account.
The action of locking out accounts following the failed login attempts remains until
you turn it off by issuing the configure account [all | name] password-policy
lockout-on-login failures off command.

98 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command re-enables the account finance, which had been locked out
(disabled) for exceeding 3 consecutive failed login attempts:
clear account finance lockout

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

clear bgp flap-statistics

clear bgp {neighbor} remoteaddr {address-family [ipv4-unicast |
ipv4‑multicast |ipv6-unicast | ipv6-multicast |vpnv4]} flap-statistics
[all | rd rd_value |as-path path expression | community [no-advertise
| no‑export | no-export-subconfed | number community_num | AS_Num:Num]
| network [any / netMaskLen | networkPrefixFilter] {exact}]

Description
Clears flap statistics for routes to specified neighbors.

Syntax Description
all Specifies flap statistics for all routes.
remoteaddr Specifies the IPv4 or IPv6 address of a BGP
(Border Gateway Protocol) neighbor.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for
Layer 3 VPN support.
rd_value Specifies the Route Distinquisher (RD)
value for the Layer 3 VPN routes for which
you want to clear flap statistics.
no-advertise Specifies the no-advertise community
attribute.
no-export Specifies the no-export community
attribute.
no-export-subconfed Specifies the no-export-subconfed
community attribute.

Switch Engine™ Command Reference Guide for version 32.7.1 99

Default Commands

community_num Specifies a community number.

AS_Num Specifies an autonomous system ID
(0-65535).
Num Specifies a community number.
any Specifies all routes with a given or larger
mask length.
netMaskLen Specifies a subnet mask length (number
of bits).
networkPrefixFilter Specifies an IP address and netmask.
exact Specifies an exact match with the IP
address and subnet mask.

Default
If no address family is specified, IPv4 unicast is the default.

Note
You must specify an IPv6 address family for an IPv6 peer, because an IPv6
peer does not support the default IPv4 unicast address family. Similarly, if you
specify an IPv4 peer and an address family in the command, an IPv4 address
family must be specified.

Usage Guidelines
Use this command to clear flap statistics for a specified BGP neighbor.

The option network any / netMaskLen clears the statistics for all BGP routes whose
mask length is equal to or greater than maskLength, irrespective of their network
address.

The option network any / netMaskLen exact clears the statistics for all BGP routes
whose mask length is exactly equal to maskLength, irrespective of their network
address.

To clear flap statistics on Layer 3 VPNs, you must configure this feature in the context of
the MPLS (Multiprotocol Label Switching)-enabled VR; this feature is not supported for
BGP routes on the CE (VRF) side of the PE router.

This command applies to the current VR or VRF context.

Example
The following command clears the flap statistics for a specified neighbor:
clear bgp neighbor 10.10.10.10 flap-statistics all

100 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 10.1.

The netMaskLen options were added in ExtremeXOS 11.0.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 in BGP was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

clear bgp neighbor counters

clear bgp neighbor [remoteaddr | all] counters

Description
Resets the BGP counters for one or all BGP neighbor sessions to zero.

Syntax Description
remoteaddr Specifies the IPv4 or IPv6 address of a specific BGP
neighbor.
all Specifies that counters for all BGP neighbors should be
reset.

Default
N/A.

Usage Guidelines
This command resets the following counters:
• In-total-msgs
• Out-total-msgs
• In-updates
• Out-updates
• FsmTransitions

Switch Engine™ Command Reference Guide for version 32.7.1 101

Example Commands

The command clear counters also resets all counter for all BGP neighbors. For BGP, the
clearcounters command is equivalent to the following BGP command:
clear bgp neighbor all counters

This command applies to the current VR or VRF context.

Example
The following command resets the counters for the BGP neighbor at 10.20.30.55:

clear bgp neighbor 10.20.30.55 counters

History
This command was first available in ExtremeXOS 10.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

clear bootprelay ipv6 prefix-delegation snooping

clear bootprelay ipv6 prefix-delegation snooping [ {ipv6-prefix}
ipv6_prefix |ipv6-prefix all] [ {vlan} vlan_name |vlan all]

Description
Clears information about a snooped IPv6 delegate prefix on a VLAN or all VLANs.

Syntax Description
ipv6_prefix Specifies a snooped IPv6 prefix (/prefix length) delegated
via DHCP (Dynamic Host Configuration Protocol) to clear.
ipv6-prefix all Clears all snooped IPv6 prefixes delegated via DHCP.
vlan_name Specifies a VLAN.
vlan all Clears all snooped IPv6 prefixes delegated via DHCP on all
VLANs.

Default
N/A

102 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
You can clear a specific snooped IPv6 delegated prefix. You can also clear all snooped
IPv6 delegated prefixes on a specific VLAN or on all VLANs.

Example
The following example clears information about all snooped IPv6 delegat prefixes on all
VLANs.
clear bootprelay ipv6 prefix-delegation snooping ipv6-prefix all vlan all

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear cdp counters

configure cdp counters {ports ports_list}

Description
Clears the CDP counter statistics.

Syntax Description
ports Specifies the ports to clear.
ports_list Specifies the port list.

Default
N/A.

Usage Guidelines
Use this command to clear the CDP counter statistics.

Example
The following example clears the CDP ports counters:
clear cdp counters

Switch Engine™ Command Reference Guide for version 32.7.1 103

History Commands

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

clear cdp neighbor

clear cdp neighbor [device id device_id | all]

Description
Clears the CDP neighbor information.

Syntax Description
device id Specifies the Device Identifier to be used in CDP.
device_id Specifies the Device Identifier of neighbor.
all Specifies all CDP neighbors.

Default
N/A.

Usage Guidelines
Use this command to clear the CDP neighbor information.

Example
The following command clears all CDP neighbor associations:

clear cdp neighbor all

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters
clear counters

104 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Clears all switch statistics and port counters, including port packet statistics, bridging
statistics, IP statistics, and log event counters.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
You should view the switch statistics and port counters before you clear them. Use the
show ports command to view port statistics. Use the show log counters command to
show event statistics.

The CLI also provides a number of options that you can specify with the clear counters
command. If you specify an option, the switch only clears the statistics for that option.
For example, if you want to clear, reset only the STP (Spanning Tree Protocol) statistics
and counters, use the clear counters stp command. For more detailed information
about those commands, see the specific chapter in the Switch Engine 32.7.1 User Guide.

Viewing and maintaining statistics on a regular basis allows you to see how well your
network is performing. If you keep simple daily records, you will see trends emerging
and notice problems arising before they cause major network faults. By clearing the
counters, you can see fresh statistics for the time period you are monitoring.

Note
For the ENTERASYS-POLICY-PROFILE-MIB, the clear counters command
does not clear counter32.

Example
The following command clears all switch statistics and port counters:
clear counters

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 105

clear counters bfd Commands

clear counters bfd

clear counters bfd {session | interface}

Description
Clears the counters associated with BFD specific settings.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Use this command to clear the counters in the BFD session or interface (VLAN). If
neither session or interface are specified, the command clears all counters in BFD.

Example
The following command clears all counters in BFD:
# clear counters bfd

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters bfd missed-hellos

clear counters bfd missed-hellos {session-id first {- last} | neighbor
ipaddress {vr [vrname | all]} | vr [vrname | all]} {current | history
| both}

Description
This command clears the bfd missed hellos counters.

106 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
session-id Clear counters for sessions having session ID within the
given range.
first Only or first of range of session ID.
last Last of range of session ID .
neighbor Neighbor address.
ipaddress Specify IPv4 or IPv6 destination address.
vr Virtual router.
vrname Virtual router name.
all All virtual routers.
current Clear only current set of bins.
history Clear only historical set of bins.
both Clear both current set and historical set of bins.

Default
Current.

Usage Guidelines
Sessions can be cleared by specifying neighbor IP, by specifying range of session IDs
or by specifying VR name. In addition, current bins and historical bins can be cleared
separately. These options would help resetting one particular session/bin while tests
can run in other sessions/bins.

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters cfm segment all

clear counters cfm segment all

Description
This command clears both frame-delay and frame-loss information for all existing
segments.

Switch Engine™ Command Reference Guide for version 32.7.1 107

Syntax Description Commands

Syntax Description
N/A.

Default
N/A.

Usage Guidelines
Use this command to clear both frame-delay and frame-loss information for all existing
segments.

Example

# clear co cfm seg all

# sho cfm seg
CFM Segment Name : cs10
Domain Name : dom1
Association : a10
MD Level : 1
Destination MAC : 00:04:96:52:a7:38
Frame Delay:
DMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 0
Pending Frames : 42
Frames Received : 0
DMM Tx Interval : 10 secs
DMR Rx Timeout : 50 msec
Alarm Threshold : 10 %
Clear Threshold : 95 %
Measurement Window Size : 60
Class of Service : 6
Tx Start Time : None
Min Delay : None
Max Delay : None
Last Alarm Time : None
Alarm State : None
Lost Frames : 0
Frame Loss:
LMM Tx Interval : 10 secs
SES Threshold : 1.000000e-02
Consecutive Available Count : 4
Measurement Window Size : 1200
Class of Service : 6
Total Configured MEPs : 1
Total Active MEPs : 1
MEP ID : 10
LMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 0
Pending Frames : 42
Frames Received : 0
Availability Status : Idle
Unavailability Start Time : None
Unavailability End Time : None

108 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Tx Start Time : None

CFM Segment Name : cs11
Domain Name : dom1
Association : a11
MD Level : 1
Destination MAC : 00:04:96:52:a7:38
Frame Delay:
DMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 0
Pending Frames : 42
Frames Received : 0
DMM Tx Interval : 10 secs
DMR Rx Timeout : 50 msec
Alarm Threshold : 10 %
Clear Threshold : 95 %
Measurement Window Size : 60
Class of Service : 6
Tx Start Time : Mon Mar 12 10:26:39 2012
Min Delay : Mon Mar 12 10:26:49 2012
Max Delay : Mon Mar 12 10:26:49 2012
Last Alarm Time : None
Alarm State : None
Lost Frames : 0
Frame Loss:
LMM Tx Interval : 10 secs
SES Threshold : 1.000000e-02
Consecutive Available Count : 4
Measurement Window Size : 1200
Class of Service : 6
Total Configured MEPs : 1
Total Active MEPs : 1
MEP ID : 11
LMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 0
Pending Frames : 42
Frames Received : 0
Availability Status : Idle
Unavailability Start Time : None
Unavailability End Time : None
Tx Start Time : None
CFM Segment Name : cs12
Domain Name : dom1
Association : a12
MD Level : 1
Destination MAC : 00:04:96:52:a7:38
Frame Delay:
DMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 0
Pending Frames : 42
Frames Received : 0
DMM Tx Interval : 10 secs
DMR Rx Timeout : 50 msec
Alarm Threshold : 10 %
Clear Threshold : 95 %
Measurement Window Size : 60
Class of Service : 6
Tx Start Time : Mon Mar 12 10:26:39 2012
Min Delay : Mon Mar 12 10:26:49 2012

Switch Engine™ Command Reference Guide for version 32.7.1 109

History Commands

Max Delay : Mon Mar 12 10:26:39 2012

Last Alarm Time : None
Alarm State : None
Lost Frames : 0
Frame Loss:
LMM Tx Interval : 10 secs
SES Threshold : 1.000000e-02
Consecutive Available Count : 4
Measurement Window Size : 1200
Class of Service : 6
Total Configured MEPs : 1
Total Active MEPs : 1
MEP ID : 12
LMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 1
Pending Frames : 41
Frames Received : 1
Availability Status : Available
-----------------------------------------------------------
Total Configured Segments : 11
Total Active Segments : 11
#
#
#
#

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters cfm segment all frame-delay

clear counters cfm segment all frame-delay

Description
This command clears only frame-delay information for all existing segments.

Syntax Description
N/A.

Default
N/A.

110 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use this command to clear only frame-delay information for all existing segments.

Example

# clear co cfm seg all frame-delay

#
#
#
# sho cfm segment
CFM Segment Name : cs10
Domain Name : dom1
Association : a10
MD Level : 1
Destination MAC : 00:04:96:52:a7:38
Frame Delay:
DMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 1
Pending Frames : 30
Frames Received : 1
DMM Tx Interval : 10 secs
DMR Rx Timeout : 50 msec
Alarm Threshold : 10 %
Clear Threshold : 95 %
Measurement Window Size : 60
Class of Service : 6
Tx Start Time : Mon Mar 12 10:28:59 2012
Min Delay : Mon Mar 12 10:28:59 2012
Max Delay : Mon Mar 12 10:28:59 2012
Last Alarm Time : None
Alarm State : Not Set
Lost Frames : 0
Frame Loss:
LMM Tx Interval : 10 secs
SES Threshold : 1.000000e-02
Consecutive Available Count : 4
Measurement Window Size : 1200
Class of Service : 6
Total Configured MEPs : 1
Total Active MEPs : 1
MEP ID : 10
LMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 4
Pending Frames : 30
Frames Received : 4
Availability Status : Available
Unavailability Start Time : None
Unavailability End Time : None
Tx Start Time : Mon Mar 12 10:28:29 2012
CFM Segment Name : cs11
Domain Name : dom1
Association : a11
MD Level : 1
Destination MAC : 00:04:96:52:a7:38
Frame Delay:
DMM Transmission : In Progress
Transmission Mode : On Demand

Switch Engine™ Command Reference Guide for version 32.7.1 111

Example Commands

Total Frames to be sent : 45

Frames Transmitted : 1
Pending Frames : 30
Frames Received : 1
DMM Tx Interval : 10 secs
DMR Rx Timeout : 50 msec
Alarm Threshold : 10 %
Clear Threshold : 95 %
Measurement Window Size : 60
Class of Service : 6
Tx Start Time : Mon Mar 12 10:28:59 2012
Min Delay : Mon Mar 12 10:28:59 2012
Max Delay : Mon Mar 12 10:28:59 2012
Last Alarm Time : None
Alarm State : Not Set
Lost Frames : 0
Frame Loss:
LMM Tx Interval : 10 secs
SES Threshold : 1.000000e-02
Consecutive Available Count : 4
Measurement Window Size : 1200
Class of Service : 6
Total Configured MEPs : 1
Total Active MEPs : 1
MEP ID : 11
LMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 12
Pending Frames : 30
Frames Received : 12
Availability Status : Available
Unavailability Start Time : None
Unavailability End Time : None
Tx Start Time : Mon Mar 12 10:27:09 2012
CFM Segment Name : cs12
Domain Name : dom1
Association : a12
MD Level : 1
Destination MAC : 00:04:96:52:a7:38
Frame Delay:
DMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 1
Pending Frames : 30
Frames Received : 1
DMM Tx Interval : 10 secs
DMR Rx Timeout : 50 msec
Alarm Threshold : 10 %
Clear Threshold : 95 %
Measurement Window Size : 60
Class of Service : 6
Tx Start Time : Mon Mar 12 10:28:59 2012
-----------------------------------------------------------
Total Configured Segments : 11
Total Active Segments : 11
#
#
#

112 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters cfm segment all frame-loss

clear counters cfm segment all frame-loss

Description
This command clears only frame-loss information for all existing segments.

Syntax Description
N/A.

Default
N/A.

Usage Guidelines
Use this command to clear only frame-loss information for all existing segments.

Example

# clear co cfm seg all frame-loss

#
#
#
# sho cfm segment
CFM Segment Name : cs10
Domain Name : dom1
Association : a10
MD Level : 1
Destination MAC : 00:04:96:52:a7:38
Frame Delay:
DMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 2
Pending Frames : 29
Frames Received : 2
DMM Tx Interval : 10 secs
DMR Rx Timeout : 50 msec
Alarm Threshold : 10 %
Clear Threshold : 95 %
Measurement Window Size : 60
Class of Service : 6

Switch Engine™ Command Reference Guide for version 32.7.1 113

Example Commands

Tx Start Time : Mon Mar 12 10:28:59 2012

Min Delay : Mon Mar 12 10:29:09 2012
Max Delay : Mon Mar 12 10:29:09 2012
Last Alarm Time : None
Alarm State : Not Set
Lost Frames : 0
Frame Loss:
LMM Tx Interval : 10 secs
SES Threshold : 1.000000e-02
Consecutive Available Count : 4
Measurement Window Size : 1200
Class of Service : 6
Total Configured MEPs : 1
Total Active MEPs : 1
MEP ID : 10
LMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 0
Pending Frames : 29
Frames Received : 0
Availability Status : Idle
Unavailability Start Time : None
Unavailability End Time : None
Tx Start Time : None
CFM Segment Name : cs11
Domain Name : dom1
Association : a11
MD Level : 1
Destination MAC : 00:04:96:52:a7:38
Frame Delay:
DMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 2
Pending Frames : 29
Frames Received : 2
DMM Tx Interval : 10 secs
DMR Rx Timeout : 50 msec
Alarm Threshold : 10 %
Clear Threshold : 95 %
Measurement Window Size : 60
Class of Service : 6
Tx Start Time : Mon Mar 12 10:28:59 2012
Min Delay : Mon Mar 12 10:29:09 2012
Max Delay : Mon Mar 12 10:28:59 2012
Last Alarm Time : None
Alarm State : Not Set
Lost Frames : 0
Frame Loss:
LMM Tx Interval : 10 secs
SES Threshold : 1.000000e-02
Consecutive Available Count : 4
Measurement Window Size : 1200
Class of Service : 6
Total Configured MEPs : 1
Total Active MEPs : 1
MEP ID : 11
LMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 0
Pending Frames : 28
Frames Received : 0

114 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

Availability Status : Idle

Unavailability Start Time : None
Unavailability End Time : None
Tx Start Time : Mon Mar 12 10:29:19 2012
CFM Segment Name : cs12
Domain Name : dom1
Association : a12
MD Level : 1
Destination MAC : 00:04:96:52:a7:38
Frame Delay:
DMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 2
Pending Frames : 29
Frames Received : 2
DMM Tx Interval : 10 secs
DMR Rx Timeout : 50 msec
Alarm Threshold : 10 %
Clear Threshold : 95 %
Measurement Window Size : 60
Class of Service : 6
Tx Start Time : Mon Mar 12 10:28:59 2012
-----------------------------------------------------------
Total Configured Segments : 11
Total Active Segments : 11
#
#
#

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters cfm segment frame-delay

clear counters cfm segment segment_name frame-delay

Description
This command clears only frame-delay information for segment with given segment
name.

Syntax Description
segment_name An alpha numeric string identifying the segment name.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 115

Usage Guidelines Commands

Usage Guidelines
Use this command to clear only frame-delay information for segment with given
segment name.

Example

# clear co cfm seg cs10 frame-delay

#
#
#
# sho cfm seg cs10
CFM Segment Name : cs10
Domain Name : dom1
Association : a10
MD Level : 1
Destination MAC : 00:04:96:52:a7:38
Frame Delay:
DMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 1
Pending Frames : 34
Frames Received : 1
DMM Tx Interval : 10 secs
DMR Rx Timeout : 50 msec
Alarm Threshold : 10 %
Clear Threshold : 95 %
Measurement Window Size : 60
Class of Service : 6
Tx Start Time : Mon Mar 12 10:28:19 2012
Min Delay : Mon Mar 12 10:28:19 2012
Max Delay : Mon Mar 12 10:28:19 2012
Last Alarm Time : None
Alarm State : Not Set
Lost Frames : 0
Frame Loss:
LMM Tx Interval : 10 secs
SES Threshold : 1.000000e-02
Consecutive Available Count : 4
Measurement Window Size : 1200
Class of Service : 6
Total Configured MEPs : 1
Total Active MEPs : 1
MEP ID : 10
LMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 8
Pending Frames : 34
Frames Received : 8
Availability Status : Available
Unavailability Start Time : None
Unavailability End Time : None
Tx Start Time : Mon Mar 12 10:27:09 2012
-----------------------------------------------------------
Total Configured Segments : 11
Total Active Segments : 11
#

116 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters cfm segment frame-loss mep

clear counters cfm segment segment_name frame-loss mep mep_id

Description
This command clears only frame-loss information for the given MEP in segment with
given segment name.

Syntax Description
segment_name An alpha numeric string identifying the segment name.

Default
N/A.

Usage Guidelines
Use this command to clear only frame-loss information for the given MEP in segment
with given segment name.

Example

# clear counters cfm segment "cs2" frame-loss mep 3

#
#
#
# sho cfm segment
CFM Segment Name : cs2
Domain Name : dom2
Association : a2
MD Level : 2
Destination MAC : 00:04:96:52:a7:64
Frame Delay:
DMM Transmission : Disabled
Frames Transmitted : 0
Frames Received : 0
DMM Tx Interval : 10 secs
DMR Rx Timeout : 50 msec
Alarm Threshold : 10 %
Clear Threshold : 95 %
Measurement Window Size : 60
Class of Service : 6

Switch Engine™ Command Reference Guide for version 32.7.1 117

History Commands

Tx Start Time : None

Min Delay : None
Max Delay : None
Last Alarm Time : None
Alarm State : None
Lost Frames : 0
Frame Loss:
LMM Tx Interval : 10 secs
SES Threshold : 1.000000e-02
Consecutive Available Count : 4
Measurement Window Size : 1200
Class of Service : 6
Total Configured MEPs : 1
Total Active MEPs : 1
MEP ID : 3
LMM Transmission : In Progress
Transmission Mode : Continuous
Frames Transmitted : 0
Frames Received : 0
Availability Status : Idle
Unavailability Start Time : None
Unavailability End Time : None
Tx Start Time : None
-----------------------------------------------------------
Total Configured Segments : 1
Total Active Segments : 1
#
#

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters cfm segment frame-loss

clear counters cfm segment segment_name frame-loss

Description
This command clears only frame-loss information for segment with given segment
name for all associated MEPs.

Syntax Description
segment_name An alpha numeric string identifying the segment name.

Default
N/A.

118 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use this command to clear only frame-loss information for segment with given
segment name for all associated MEPs.

Example

# clear co cfm seg cs10 frame-loss

#
#
#
# sho cfm seg cs10
CFM Segment Name : cs10
Domain Name : dom1
Association : a10
MD Level : 1
Destination MAC : 00:04:96:52:a7:38
Frame Delay:
DMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 1
Pending Frames : 34
Frames Received : 1
DMM Tx Interval : 10 secs
DMR Rx Timeout : 50 msec
Alarm Threshold : 10 %
Clear Threshold : 95 %
Measurement Window Size : 60
Class of Service : 6
Tx Start Time : Mon Mar 12 10:28:19 2012
Min Delay : Mon Mar 12 10:28:19 2012
Max Delay : Mon Mar 12 10:28:19 2012
Last Alarm Time : None
Alarm State : Not Set
Lost Frames : 0
Frame Loss:
LMM Tx Interval : 10 secs
SES Threshold : 1.000000e-02
Consecutive Available Count : 4
Measurement Window Size : 1200
Class of Service : 6
Total Configured MEPs : 1
Total Active MEPs : 1
MEP ID : 10
LMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 1
Pending Frames : 33
Frames Received : 1
Availability Status : Available
Unavailability Start Time : None
Unavailability End Time : None
Tx Start Time : Mon Mar 12 10:28:29 2012
-----------------------------------------------------------
Total Configured Segments : 11
Total Active Segments : 11
#
#
#

Switch Engine™ Command Reference Guide for version 32.7.1 119

History Commands

#
#

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters cfm segment

clear counters cfm segment segment_name

Description
This command clears both frame-delay and frame-loss information for segment with
given segment name.

Syntax Description
segment_name An alpha numeric string identifying the segment name.

Default
N/A.

Usage Guidelines
Use this command to clear both frame-delay and frame-loss information for segment
with given segment name.

Example

# clear co cfm seg cs2

#
# sho cfm seg cs2
CFM Segment Name : cs2
Domain Name : dom1
Association : a2
MD Level : 1
Destination MAC : 00:04:96:52:a7:38
Frame Delay:
DMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 0
Pending Frames : 40
Frames Received : 0
DMM Tx Interval : 10 secs

120 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

DMR Rx Timeout : 50 msec

Alarm Threshold : 10 %
Clear Threshold : 95 %
Measurement Window Size : 60
Class of Service : 6
Tx Start Time : None
Min Delay : None
Max Delay : None
Last Alarm Time : None
Alarm State : None
Lost Frames : 0
Frame Loss:
LMM Tx Interval : 10 secs
SES Threshold : 1.000000e-02
Consecutive Available Count : 4
Measurement Window Size : 1200
Class of Service : 6
Total Configured MEPs : 1
Total Active MEPs : 1
MEP ID : 2
LMM Transmission : In Progress
Transmission Mode : On Demand
Total Frames to be sent : 45
Frames Transmitted : 0
Pending Frames : 40
Frames Received : 0
Availability Status : Idle
Unavailability Start Time : None
Unavailability End Time : None
Press <SPACE> to continue or <Q> to quit:
Tx Start Time : None
-----------------------------------------------------------
Total Configured Segments : 11
Total Active Segments : 11
#
#
#
#
#
#
#
#

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters cfm session missed-hellos

clear counters cfm session missed-hellos { domain_name
{ association_name { {ports port_list} { end-point [up|down] } } } }
{current | history | both}

Switch Engine™ Command Reference Guide for version 32.7.1 121

Description Commands

Description
This command clears counters for current or historical cfm session missed-hellos.

Syntax Description
domain_name IEEE 802.1ag Domain name
association_name IEEE 802.1ag or ITU-T Y.1731 Association name
ports Specify ports to clear counters.
port_list List of ports to clear counters.
end-point Specify MEPs (Maintenance association End Point) to clear
counters.
up End point is up.
down End point is down.
current Clear only current set of bins.
history Clear only historical set of bins.
both Clear both current and historical set of bins.

Default
Current.

Usage Guidelines
None.

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters edp

clear counters edp {ports ports}

Description
Clears the counters associated with EDP (Extreme Discovery Protocol).

Syntax Description
ports Specifies one or more ports or slots and ports.

122 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
If you do not specify a port, the EDP counters will be cleared for all ports.

Usage Guidelines
This command clears the following counters for EDP protocol data units (PDUs) sent
and received per EDP port:
• Switch PDUs transmitted.
• VLAN PDUs transmitted.
• Transmit PDUs with errors.
• Switch PDUs received.
• VLAN PDUs received.
• Received PDUs with errors.

Example
The following command clears the EDP counters on all ports:

clear counters edp

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters erps

clear counters erps ring-name

Description
Clear statistics on the specified ERPS (Ethernet Ring Protection Switching) ring.

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 123

Usage Guidelines Commands

Usage Guidelines
Use this command to clear statistics on the specified ERPS ring.

Example
The following command clears statistics on the ERPS ring named “ring1”:

clear counters erps ring1

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

clear counters mpls

clear counters mpls {[lsp all | [{vlan} vlan_name | vlan all]]}

Description
Clears all packet and byte counters for all MPLS LSPs and all MPLS protocol counters for
all MPLS interfaces.

Syntax Description
lsp all Clears all MPLS protocol counters for all MPLS LSPs.
vlan_name Clears all MPLS protocol counters for the MPLS interface on
the specified VLAN.
vlan all Clears all MPLS protocol counters for all MPLS interfaces.

Default
N/A.

Usage Guidelines
This command clears all packet and byte counters for all MPLS LSPs and all MPLS
protocol counters for all MPLS interfaces. If the lsp all keywords are specified, all packet
and byte counters for all MPLS LSPs are cleared. If the vlan all keywords are specified, all
MPLS protocol counters for all MPLS interfaces are cleared. If a VLAN name is specified,
all MPLS protocol counters for the MPLS interface on that VLAN are cleared.

124 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
This example clears all MPLS counters associated with VLAN 1:
clear counters mpls vlan vlan_1

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support this feature as described
in the Switch Engine 32.7.1 Feature License Requirements document.

clear counters fdb mac-tracking

clear counters fdb mac-tracking [mac_addr | all]

Description
Clears the event counters for the FDB (forwarding database) MAC-tracking feature.

Syntax Description
mac_addr Specifies a MAC address, using colon-separated bytes.
all Clears the counters for all tracked MAC addresses.

Default
N/A.

Usage Guidelines
The clear counters command also clears the counters for all tracked MAC addresses.

Example
The following example clears the counters for all entries in the MAC address tracking
table:
Switch.1 # clear counters fdb mac-tracking all

History
This command was first available in ExtremeXOS 12.3.

Switch Engine™ Command Reference Guide for version 32.7.1 125

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters flowmon

clear counters flowmon

Description
This command clears all groups.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
N/A.

Example
The following example clears statistics on all Flow Monitor groups:
clear counters flowmon

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on ExtremeSwitching 5420, 5520, and 5720 series switches.

clear counters identity-management

clear counters identity-management

Description
Clears the identity management feature counters.

Syntax Description
This command has no arguments or variables.

126 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
This command clears the following identity management statistics counters:
• High memory usage level reached count
• Critical memory usage level reached count
• Max memory usage level reached count
• Normal memory usage level trap sent
• High memory usage level trap sent
• Critical memory usage level trap sent
• Max memory usage level trap sent
• Event notification sent

You can view these counters with the show identity-management statistics
command.

Note
The clear counters command also clears these counters. The following
counters relate to active entries and are not cleared: Total number of users
logged in, Total number of login instances, and Total memory used.

Example
The following command clears the identity management feature counters:

Switch.4 # clear counters identity-management

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters iparp

clear counters iparp

Description
Clears all the IPARP counters.

Switch Engine™ Command Reference Guide for version 32.7.1 127

Syntax Description Commands

Syntax Description
This command has no arguments or variables.

Default
N/A.

Example
This example clears all IPARP counters:
clear counters iparp

History
This command was first available in ExtremeXOS 11.6.

Per virtual router capability was deprecated in ExtremeXOS 30.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters l2vpn

clear counters l2vpn [vpls [vpls_name | all] | vpws [vpws_name | all]]

Description
Clears all the specified VPLS or VPWS counters.

Syntax Description
vpls_name Identifies the VPLS within the switch (character string).
vpws_name Identifies the VPWS within the switch (character string).
all Specifies all VPLS or VPWS VPNs.

Default
N/A.

Usage Guidelines
The l2vpn keyword was introduced in ExtremeXOS Release 12.4 and is required when
clearing counters for a VPWS. For backward compatibility, the l2vpn keyword is optional
when clearing counters for a VPLS. However, this keyword will be required in a future

128 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

release, so we recommend that you use this keyword for new configurations and
scripts.

Example
This example clears all VPLS counters for the specified VPLS:
clear counters vpls myvpls

This example clears all VPWS counters for the specified VPWS:
clear counters l2vpn vpws myvpws

History
This command was first available in ExtremeXOS 11.6.

The l2vpn and vpws keywords were first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support this feature as described
in the Switch Engine 32.7.1 Feature License Requirements document.

clear counters mpls ldp

clear counters mpls ldp {{{vlan} vlan_name} | lsp all}

Description
Clears LDP control protocol counters and packet and byte counters associated with
LDP LSPs.

Syntax Description
vlan_name Clears LDP control protocol counters on the specified
VLAN.
vlan all Clears LDP control protocol counters on all MPLS
interfaces.
lsp all Clears all LDP LSP packet and byte counters.

Default
N/A.

Usage Guidelines
By default, all LDP control protocol counters are cleared for all LDP interfaces and all
byte counters. Specifying the vlan keyword clears only the protocol counters associated

Switch Engine™ Command Reference Guide for version 32.7.1 129

Example Commands

with a specified LDP interface. Specifying the lsp keyword clears only the packet and
byte counters associated with LDP LSPs.

Example
This example clears all LDP control protocol counters and all packet and byte counters
for all LDP LSPs:
clear counters mpls ldp

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support this feature as described
in the Switch Engine 32.7.1 Feature License Requirements document.

clear counters mpls rsvp-te

clear counters mpls rsvp-te {[lsp all | [{vlan} vlan_name | vlan all]]}

Description
Clears all packet and byte counters for all RSVP-TE LSPs and all RSVP-TE protocol
counters for all MPLS interfaces.

Syntax Description
lsp all Clears all packet and byte counters for all RSVP-TE LSPs.
vlan_name Clears all RSVP-TE protocol counters for the MPLS interface
on the specified VLAN.
vlan all Clears all RSVP-TE protocol counters on all MPLS interfaces.

Default
By default, all RSVP-TE control protocol counters are cleared for all RSVP-TE interfaces.

Usage Guidelines
This command clears all packet and byte counters for all RSVP-TE LSPs and all RSVP-
TE protocol counters for all MPLS interfaces. If the lsp all keywords are specified, all
packet and byte counters for all RSVP-TE LSPs are cleared. If the vlan all keywords are
specified, all RSVP-TE protocol counters for all MPLS interfaces are cleared. If a VLAN
name is specified, all RSVP-TE protocol counters for the MPLS interface on that VLAN
are cleared.

130 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
This example clears the RSVP-TE protocol counters on VLAN 1 only:
clear counters mpls rsvp-te vlan vlan_1

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support this feature as described
in the Switch Engine 32.7.1 Feature License Requirements document.

clear counters mpls static lsp

clear counters mpls static lsp {lsp_name | all }

Description
Clears the packet and byte counters for one or all static LSPs.

Syntax Description
lsp_name Identifies the LSP for which counters are to be cleared.
all Specifies that counters are to be cleared for all static LSPs on this
LSR.

Default
N/A.

Usage Guidelines
None.

Example
The following command clears the counters for a static LSP:
clear counters mpls static lsp lsp598

History
This command was first available in ExtremeXOS 12.1.

Switch Engine™ Command Reference Guide for version 32.7.1 131

Platform Availability Commands

Platform Availability
This command is available only on the platforms that support this feature as described
in the Switch Engine 32.7.1 Feature License Requirements document.

clear counters policy

clear counters policy

Description
Clears policy rule usage statistics.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
This command resets the counters on each rule to zero and clears the rule usage.

To see a list of used rules, use the port-hit option with the command show policy
rule port-hit {data} {detail} {wide}.

Example
The following example clears policy rule usage statistics:
# clear counters policy
# show policy rule port-hit
No entries found.

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters ports

clear counters ports {port_list | all}

132 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Clears the counters associated with the ports.

Syntax Description
ports Clears port-related statistics on specified ports or all ports
in the system.
port_list Port list for clear operation.
all All ports in the system.

Default
All ports.

Usage Guidelines
This command clears the counters for the ports, including the following:
• Statistics.
• Transmit errors.
• Receive errors.
• Collisions.
• Packets.

Note
If you use the clear counters command with no keyword, the system clears the
counters for all applications.

Example
The following example clears the counters on all ports:
clear counters ports all

History
This command was first available in ExtremeXOS 11.3.

This command was updated in ExtremeXOS 15.5 to include the port_list variable and
the all keyword.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 133

clear counters ports protocol filter Commands

clear counters ports protocol filter

clear counters ports {port_list | all} protocol filter

Description
Clears protocol filtering counters.

Syntax Description
port_list Specifies the port list is separated by a comma ( , ) or dash
( - ).
all Specifies all ports

Default
Disabled.

Usage Guidelines
Use this command to clear protocol filtering counters.

Example
The following example clears all protocol filtering counters:
clear counters ports protocol filter

The following example clears protocol filtering counters on ports 1-5:

clear counters ports 1-5 protocol filter

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters stp

clear counters stp {[all | diagnostics | domains | ports]}

Description
Clears, resets all STP statistics and counters.

134 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
all Specifies all STP domain, port, and diagnostics counters.
diagnostics Specifies STP diagnostics counters.
domains Specifies STP domain counters.
ports Specifies STP port counters.

Default
N/A.

Usage Guidelines
If you do not enter a parameter, the result is the same as specifying the all parameter:
the counters for all domains, ports, and diagnostics are reset.

Enter one of the following parameters to reset the STP counters on the switch:
• all—Specifies the counters for all STPDs and ports, and clears all STP counters.
• diagnostics—Clears the internal diagnostic counters.
• domains—Clears the domain level counters.
• ports—Clears the counters for all ports and leaves the domain level counters.

Viewing and maintaining statistics on a regular basis allows you to see how well your
network is performing. If you keep simple daily records, you will see trends emerging
and notice problems arising before they cause major network faults. By clearing the
counters, you can see fresh statistics for the time period that you are monitoring.

Example
The following command clears all of the STP domain, port, and diagnostic counters:

clear counters stp

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters virtual-network

clear counters virtual-network [ all | vn_name ]

Switch Engine™ Command Reference Guide for version 32.7.1 135

Description Commands

Description
This command clears statistics (byte/packet counters) on a Virtual Network.

Syntax Description
all Clear all Virtual Network counters.
vn_name Clear counters only for the specified Virtual Network string.

Default
N/A.

Usage Guidelines
N/A.

Example
To clear statistics on an existing Virtual Network:
clear counters virtual-network vnet44

To clear statistics on all Virtual Networks:

clear counters virtual-network all

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

clear counters virtual-network remote-endpoint

clear counters virtual-network remote-endpoint vxlan [ all | ipaddress
ipaddress]

Description
Use this command to clear statistics (byte/packet counters) on a Virtual Network
remote endpoint.

136 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
all Clear all remote endpoint counters.
ipaddress Clear counters for the specified remote endpoint IP
address.
ipaddress A remote endpoint IP address.

Default
N/A.

Usage Guidelines
N/A.

Example
To clear statistics on an existing Virtual Network remote endpoint:
clear counters virtual-network remote-endpoint ipaddress vxlan 10.10.10.146

To clear statistics on all Virtual Network remote endpoints:

clear counters virtual-network remote-endpoint vxlan all

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

clear counters vpls

clear counters vpls [vpls_name | all]

Description
Clears all VPLS counters for the specified vpls_name.

Syntax Description
vpls_name Identifies the VPLS within the switch (character string)
all Specifies all VPLS VPNs.

Switch Engine™ Command Reference Guide for version 32.7.1 137

Default Commands

Default
N/A.

Usage Guidelines
This command clears all VPLS counters for the specified vpls_name. If the optional all
keyword is specified, all packet and byte counters for all VPLS VPNs are cleared.

Example
This example clears all VPLS counters for the specified VPLS:
clear counters vpls myvpls

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support this feature as described
in in the Switch Engine 32.7.1 Feature License Requirements document.

clear counters vr
clear counters {vr} vpn-vrf-name

Description
Clears statistics information for a VPN Virtual Routing and Forwarding instance (VPN
VRF).

Syntax Description
vpn-vrf-name Specifies the name of a VPN VRF.

Default
N/A.

Usage Guidelines
This command can help to debug control path issues for a VPN VRF. Issuing a global
XOS “clear counter” command will also clear VRF counters. This command clears the
following counters:
• Route add operation count.
• Route delete operation count.

138 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

• Routes dropped count.

This command is supported only on VPN VRFs.

Example
The following command clears the counters for VPN VRF red:

Switch.19 # clear counters vr red

History
This command was first introduced in XOS Release 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters vrrp

clear counters vrrp {{vlan vlan_name} {vrid vridval}}

Description
Clears, resets all VRRP (Virtual Router Redundancy Protocol) statistics and counters.

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vridval Specifies the VRRP Router ID (VRID) for a VRRP instance.
To display the configured VRRP router instances, enter the
show vrrp command.

Default
N/A.

Usage Guidelines
Use this command to reset the VRRP statistics on the switch. Statistics are not reset
when you disable and re-enable VRRP.

If you do not enter a parameter, statistics for all VRRP VLANs are cleared.

If you specify only VLAN name, statistics for all VRRP VRIDs on that VLAN are cleared.

If you specify VLAN name and VRRP VRID, only statistics for that particular VRID are
cleared.

Switch Engine™ Command Reference Guide for version 32.7.1 139

Example Commands

Example
The following command clears the VRRP statistics on VRRP VLAN v1:

clear counters vrrp vlan v1

The following command clears the VRRP statistics for VRID 1 on VRRP VLAN v1:

clear counters vrrp vlan v1 vrid 1

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature,see the Switch Engine 32.7.1
Feature License Requirements document.

clear counters wred ecn

clear counters wred ecn

Description
Clears Explicit Congestion Notification (ECN) counters statistics for all ports.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Example
The following example clears ECN counter statistics for all ports:
# clear counters wred ecn

History
This command was first available in ExtremeXOS 22.3.

140 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

clear counters xml-notification

clear counters xml-notification {all | target}

Description
Clears the statistics counters.

Syntax Description
target Specifies an alpha numeric string that identifies the
configured target.

Default
N/A.

Usage Guidelines
Use this command to unconfigure and reset all statistics counters.

Example
The following command clears all of the xml-notification statistics counters:

clear counters xml-notification all

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

clear cpu-monitoring
clear cpu-monitoring {process name}

Description
Clears, resets the CPU utilization history and statistics stored in the switch.

Switch Engine™ Command Reference Guide for version 32.7.1 141

Syntax Description Commands

Syntax Description
name Specifies the name of the process.

Default
N/A.

Usage Guidelines
When you do not specify any keywords, this command clears the CPU utilization
history for the entire switch, including processes, and resets the statistics to zero (0).

When you specify process, the switch clears and resets the CPU utilization history for
the specified process.

Example
The following command resets the CPU history and resets statistics to 0 for the TFTP
process running on a switch:
# clear cpu-monitoring process tftpd

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

clear dns cache

clear dns cache

Description
Clears the Domain Name System (DNS) cache entries.

Syntax Description
dns Domain Name System.
cache Specifies clearing the DNS cache.

Default
N/A.

142 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
None.

Example
The following example clears the DNS cache:
# clear dns cache

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

clear dns cache analytics entries

clear dns cache analytics entries {{vr} vr_name}

Description
Clears the Domain Name System (DNS) cache analytics entries for a virtual router (VR).

Syntax Description
dns Domain Name System.
cache Specifies the DNS cache.
analytics Specifies the DNS cache analytics.
entries Specifies clearing the analyzed DNS queries.
vr Specifies a VR on which to clear entries.
vr_name Specifies the VR name. If not specified, the VR of the
current command context is used.

Default
If not specified, by default the VR of the current command context is used.

Usage Guidelines
This command clears already analyzed DNS queries for a VR. If you do not clear entries
with this command, the entries are timed out based on the configured value in the
command configure dns cache analytics [{timeout minutes} {max-entries
max_entries}]

Switch Engine™ Command Reference Guide for version 32.7.1 143

Example Commands

Example
The following example clears the DNS cache analytics entries for the current VR:
# clear dns cache analytics entries

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

clear eaps counters

clear eaps counters

Description
Clears, resets the counters gathered by EAPS (Extreme Automatic Protection
Switching) for all of the EAPS domains and any EAPS shared ports configured on the
switch.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Use this command to clear, reset the EAPS counters.

The counters continue to increment until you clear the information. By clearing the
counters, you can see fresh statistics for the time period you are monitoring.

To display information about the EAPS counters, use the following commands:
• show eaps counters —This command displays summary EAPS counter
information.
• show eaps counters shared-port —If configured for EAPS shared ports, this
command displays summary EAPS shared port counter information.

144 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command clears, resets all of the counters for EAPS:

clear eaps counters

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

clear elrp counters

clear elrp counters

Description
Clears and resets the ELRP counters.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
You should view the switch statistics before you delete the ELRP counters. Use the show
log counters command to display event statistics.

Viewing and maintaining statistics on a regular basis allows you to see how well your
network is performing. If you keep simple daily records, you will see trends emerging
and notice problems arising before they cause major network faults. By clearing the
counters, you can see fresh statistics for the time period that you are monitoring.

With hard-assisted ELRP, the request to clear ACL counters is sent from ELRP to the
ACL manager, and then to hardware one at a time. Since there is one ACL counter per
VLAN port, it may take some time for all of the counters to be cleared in hardware
when multiple ACL counters are used. If you run the clear elrp counters command
before all counters are reset, the Pkts-Xmit statistics for some VLANs might temporarily
show the sum of partially cleared counters.

Switch Engine™ Command Reference Guide for version 32.7.1 145

Example Commands

Example
The following command clears all switch statistics related to ELRP:
# clear elrp counters

History
This command was first available in ExtremeXOS 11.1.

Hardware-assisted information was added in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

clear elsm ports auto-restart

clear elsm ports port_list auto-restart

Description
Clears one or more ELSM-enabled ports that are in the Down-Stuck state.

Syntax Description
port_list Specifies the ELSM-enabled ports that are permanently in
the Down-Stuck state.

Default
N/A.

Usage Guidelines
If you do not have automatic restart enabled, use this command to transition ELSM-
enabled ports that are permanently in the Down-Stuck state to the Down state.
You can also use the enable elsm ports port_list auto-restart command to
transition a port from the Down-Stuck state to the Down state.

For information about the ELSM-enabled ports states, see the command show elsm
ports.

If automatic restart is enabled (this is the default behavior), automatic restart

automatically transitions the ports from the Down-Stuck state to the Down state. For
more information, see the command enable elsm ports auto-restart.

146 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command transitions the ports from the Down-Stuck state to the Down
state:

clear elsm ports 2:1-2:2 auto-restart

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

clear elsm ports counters

clear elsm {ports port_list} counters

Description
Clears the statistics gathered by ELSM for the specified ports or for all ports.

Syntax Description
port_list Specifies the ELSM-enabled ports for which ELSM statistics
are being cleared.

Default
N/A.

Usage Guidelines
You should view the ELSM statistics and counters before you clear them. To view ELSM-
specific counter information, use the show elsm ports all | port_list command.
To view summary ELSM information, including the ports configured for ELSM, use the
show elsm command.

Use this command to clear only the ELSM-related counters. To clear all of the counters
on the switch, including those related to ELSM, use the clear counters command.

Viewing and maintaining statistics on a regular basis allows you to see how well your
network is performing. If you keep simple daily records, you will see trends emerging
and notice problems arising before they cause major network faults. By clearing the
counter, you can see fresh statistics for the time period you are monitoring.

Switch Engine™ Command Reference Guide for version 32.7.1 147

Example Commands

Example
The following command clears the statistics gathered by ELSM for slot 2, ports 1-2:

clear elsm ports 2:1-2:2 counters

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

clear esrp counters

clear esrp counters

Description
Clears the statistics gathered by ESRP (Extreme Standby Router Protocol) for all ESRP
domains on the switch.

Syntax Description
This command has no arguments or variables.

Default
None.

Usage Guidelines
Use this command to clear the state transition and the protocol packet counters
gathered by ESRP.

The state transition count displays the number of times the ESRP domain entered the
following states:
• Aware—An Extreme switch that does not participate in ESRP elections but is
capable of listening to ESRP Bridge Protocol Data Units (BPDUs).
• Master—The master switch is the device with the highest priority based on the
election algorithm. The master is responsible for responding to clients for Layer 3
routing and Layer 2 switching for the ESRP domain.
• Neutral—The neutral state is the initial state entered by the switch. In a neutral state,
the switch waits for ESRP to initialize and run. A neutral switch does not participate
in ESRP elections.

148 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

• PreMaster—The pre-master state is an ESRP switch that is ready to be master but is

going through possible loop detection prior to transitioning to master.
• Slave—The slave switch participates in ESRP but is not elected or configured the
master and does not respond to ARP requests but does exchange ESRP packets
with other switches on the same VLAN. The slave switch is available to assume the
responsibilities of the master switch if the master becomes unavailable or criteria for
ESRP changes.

If the slave is in extended mode, it does not send ESRP hello messages; however, it
sends PDUs that can trigger a change in the master switch.

For more information about configuring the ESRP mode of operation on the switch,
see the configure esrp mode [extended | standard] command. By default,
ESRP operates in extended mode.

To display information about the ESRP domain, including the previously described
states, use the show esrp { {name} | {type [vpls-redundancy | standard]} }
command.

The protocol packet count displays the number of times ESRP, ESRP-aware, and ESRP
error packets were transmitted and received.

To display information about the ESRP counters, use the show esrp {name} counters
command.

Example
The following command clears the statistics gathered by ESRP:

clear esrp counters

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

clear esrp neighbor

clear esrp esrpDomain neighbor

Description
Clears the neighbor information for the specified ESRP domain.

Switch Engine™ Command Reference Guide for version 32.7.1 149

Syntax Description Commands

Syntax Description
esrpDomain Specifies the name of an ESRP domain.

Default
N/A.

Usage Guidelines
If you add a new switch to your ESRP domain, use this command to clear the existing
neighbor information for the ESRP domain. After the switch is up, running, and
configured as an ESRP-aware or ESRP-enabled device, new neighbor information is
learned.

Before using this command, schedule a downtime for your network. Use this command
for maintenance purposes only.

Example
The following example clears the existing neighbor information on the ESRP domain
esrp1 after adding a new switch to the ESRP domain:
clear esrp esrp1 neighbor

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

clear esrp sticky

clear esrp esrpDomain sticky

Description
Clears the stickiness in the ESRP domain and forces the election of the ESRP master
switch.

Syntax Description
esrpDomain Specifies the name of an ESRP domain.

150 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
Use the clear esrp sticky command to force the election of the ESRP master switch.
Before using this command, schedule a downtime for your network.

For example, without stickiness configured, if an event causes the ESRP master to
failover to the backup, the previous backup becomes the new master. If another
event causes the new master to return to backup, you have experienced two network
interruptions. To prevent this, use the configure esrp election-policy command
and select stickiness as an election algorithm.

If you use sticky as an election metric, and an event causes the ESRP master to failover,
ESRP assigns the new master with the highest sticky election metric of 1. Therefore,
regardless of changes to the neighbor’s election algorithm, the new master retains its
position. Sticky is set on the master switch only.

ESRP re-election can occur if sticky is set on the master and a local event occurs.
During this time, if the current master has lower election parameters, the backup can
become the new master.

If you use clear esrp esrpDomain sticky command, it only affects the current
master and can trigger ESRP re-election.

Example
The following command clears the stickiness on the ESRP domain esrp1:

clear esrp esrp1 sticky

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

clear ethernet oam counters

clear ethernet oam {ports [port_list} counters

Description
Clears Ethernet OAM counters.

Switch Engine™ Command Reference Guide for version 32.7.1 151

Syntax Description Commands

Syntax Description
port_list Specifies the particular port(s).

Default
N/A.

Usage Guidelines
Use this command to clear the Ethernet OAM counters on one or more specified ports.
If you do not specify the port(s), counters for all ports are cleared.

Example
The following command clears Ethernet OAM counters on port 2:

clear ethernet oam ports 2 counters

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is supported on all platforms.

clear fdb
clear fdb mac_addr | ports port_list | vlan vlan_name | blackhole| vxlan
ipaddress remote_ipaddress vr vr_name virtual-network vn_name

Description
Clears dynamic FDB entries that match the filter.

Syntax Description
mac_addr Specifies a MAC address, using colon-separated bytes.
port_list Specifies one or more ports or slots and ports.
vlan_name Specifies a VLAN name.
blackhole Specifies the blackhole entries.
vxlan Specifies VXLAN.
ipaddress IP address of the remote endpoint.
remote_ipaddress IPv4 address of the remote tunnel endpoint whose
associated FDB entries need to be cleared.

152 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

vr VR/VRF instance the IPv4 address is configured on.

vr_name An existing VR/VRF name. If not specified, the VR context
from where this command is executed is used.
virtual-network MAC addresses associated with a Virtual Overlay Network
learning domain.
vn_name Name of virtual network whose associated FDB entries
need to be cleared.

Default
All dynamic FDB entries are cleared by default.

Usage Guidelines
To clear FDB entries on a given remote endpoint (added to any virtual network):

clear fdb vxlan ipaddress remote_ipaddress {vr vr_name}

To clear FDB entries on a given remote endpoint added to given virtual network:

clear fdb vxlan ipaddress remote_ipaddress {vr vr_name} virtual-network

vn_name

To clear all VXLAN FDB entries (clear all entries learned on the access ports and VXLAN
tunnels):

clear fdb vxlan

Example
The following example clears any FDB entries associated with VLAN corporate:
clear fdb vlan corporate

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear fdb vpls

clear fdb vpls {vpls_name {peer_ip_address}}

Description
Clears the FDB information learned for VPLS.

Switch Engine™ Command Reference Guide for version 32.7.1 153

Syntax Description Commands

Syntax Description
vpls_name Clears all FDB entries for the specified VPLS and its
associated VLAN.
peer_ip_address Clears all FDB entries for the pseudowire (PW) associated
with the specified VPLS and LDP peer.

Default
N/A.

Usage Guidelines
If the command is used without keywords, every FDB entry learned from any PW is
cleared. Using the keywords vpls_name clears every FDB entry, (both PW and front
panel Ethernet port for the service VLAN) associated with the specified VPLS and the
associated VLAN. If the specified VPLS is not bound to a VLAN, the following error
message appears:
Error: vpls VPLS_NAME not bound to a vlan

Using the keywords vpls_name and peer_ip_address clears all FDB entries from the PW
associated with the specified VPLS and LDP peer.

Once the information is cleared from the FDB, any packet destined to a MAC address
that has been flushed from the hardware is flooded until the MAC address has been
re-learned.

Example
This example clears the FDB information for VPLS 1:
clear fdb vpls vpls1

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support this feature as described
in the Switch Engine 32.7.1 Feature License Requirements document.

clear igmp counters

clear igmp counters

Description
Clears Internet Group Management Protocol (IGMP) counters.

154 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
This command has no arguments or variables.

Default
N/A.

Example
The following example clears IGMP counters:
# clear igmp counters

History
This command was first available in ExtremeXOS 30.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

clear igmp group

clear igmp group {grpipaddress} {{vlan} name}

Description
Removes one or all IGMP (Internet Group Management Protocol) groups.

Syntax Description
grpipaddress Specifies the group IP address.
name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
This command can be used by network operations to manually remove learned IGMP
group entries instantly. Traffic is impacted until the IGMP groups are relearned. Use this
command for diagnostic purposes only.

Switch Engine™ Command Reference Guide for version 32.7.1 155

Example Commands

Example
The following command clears all IGMP groups from VLAN accounting:
clear igmp group accounting

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

clear igmp snooping

clear igmp snooping {{vlan} name}

Description
Removes one or all IGMP snooping entries.

Syntax Description
name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
This command can be used by network operations to manually remove IGMP snooping
entries instantly. However, removing an IGMP snooping entry can disrupt the normal
forwarding of multicast traffic until the snooping entries are learned again.

The dynamic IGMP snooping entries are removed, and then recreated upon the next
general query. The static router entry and static group entries are removed and
recreated immediately.

This command clears both the IGMPv2 and IGMPv3 snooping entries.

Example
The following command clears IGMP snooping from VLAN accounting:
clear igmp snooping accounting

156 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IGMP snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

clear inline-power stats ports

clear inline-power stats ports [all | port_list]

Description
Clears the inline statistics for the selected port to zero.

Syntax Description
all Specifies all ports.
port_list Specifies one or more ports or slots and ports.

Default
N/A.

Usage Guidelines
Use this command to clear all the information displayed by the show inline-power
stats ports port_list command.

Example
The following command clears the inline statistics for ports 1–8 on a switch:

clear inline-power stats ports 1-8

The following command displays cleared inline power configuration information for
ports 1–8:

show inline-power stats ports 1-8

Following is sample output from this command:

STATISTICS COUNTERS
Port State Class Absent InvSig Denied OverCurrent Short

Switch Engine™ Command Reference Guide for version 32.7.1 157

History Commands

1 delivering class3 0 0 0 0 0
2 delivering class3 0 0 0 0 0
3 searching class0 0 0 0 0 0
4 searching class0 0 0 0 0 0
5 searching class0 0 0 0 0 0
6 searching class0 0 0 0 0 0
7 searching class0 0 0 0 0 0
8 searching class0 0 0 0 0 0

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on the PoE (Power over Ethernet) devices listed in PoE
section of the Switch Engine 32.7.1 User Guide.

clear ip nat counters vlan

clear ip nat counters vlan {vlan_name}

Description
Clears the Network Address Translation (NAT) VLAN counters.

Syntax Description
ip Specifies Internet Protocol (IP).
nat Specifies NAT.
vlan Specifies VLAN NAT.
counters Specifies NAT VLAN counters.
vlan_name Specifies which VLAN to clear NAT counters for. If no VLAN
name is specified, all counters are cleared.

Default
N/A.

Usage Guidelines
To view counter information, run the command show ip nat vlan counters
{vlan_name}.

158 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example clears all NAT VLAN counters:
# clear ip nat counters vlan

History
This command was first available in ExtremeXOS 31.2.

Platform Availability
This command is available on the switches that support the IP NAT feature.
For information about which switches support this and other features, see the
Switch Engine 32.7.1 Feature License Requirements document.

clear iparp
clear iparp {ip_addr {vr vr_name} | vlan vlan_name | vr vr_name}
{refresh}

Description
Removes dynamic entries in the IP ARP table.

Syntax Description
ip_addr Specifies an IP address.
vlan_name Specifies a VLAN name.
vr_name Specifies a Virtual Router (VR) or Virtual Router Forwarding
instance (VRF) name.
refresh Refreshes the ARP cache and deletes the inactive entries.

Default
If you do not specify a VR or VRF, the current VR context is used.

Usage Guidelines
Permanent IP ARP entries are not affected.

This command is specific to a single VR or VRF, and it applies to the current VR context
if you do not specify a VR or VRF.

Switch Engine™ Command Reference Guide for version 32.7.1 159

Example Commands

Based on the attributes you specify, the refresh attribute refreshes and deletes the
corresponding ARP entries as follows:
• clear iparp refresh—Refreshes the entire ARP table and deletes all inactive
entries.
• clear iparp ip_addr refresh—Refreshes the specified IP address and deletes the
IP ARP entry if the ARP request for IP address fails.
• clear iparp vlan vlan_name refresh—Refreshes all IP ARP entries associated
with the VLAN and deletes all inactive entries for the VLAN.
• clear iparp vr vr_name refresh—Refreshes all IP ARP entries associated with
the VR and deletes all inactive entries for the VR.

Example
The following example removes a dynamically created entry from the IP ARP table:
clear iparp 10.1.1.5

The following example refreshes the ARP entry by sending an ARP request for the IP
address 10.1.1.5. If the ARP response is received, the dynamic entry is retained; otherwise,
the dynamic entry is removed from the IP ARP table if the ARP response is not
received.
clear iparp 10.1.1.5 refresh

History
This command was first available in ExtremeXOS 10.1.

The refresh keyword was added in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear ip-security anomaly-protection notify cache

clear ip-security anomaly-protection notify cache {slot [slot | all ]}

Description
Clear the local protocol anomaly event cache.

Syntax Description
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

160 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
This command clears the local protocol anomaly event cache.

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

clear ip-security arp validation violations

clear ip-security arp validation violations

Description
Clears the violation counters.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
This command clears the ARP validation violation counters.

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear ip-security dhcp-snooping entries

clear ip-security dhcp-snooping entries { vlan } vlan_name

Switch Engine™ Command Reference Guide for version 32.7.1 161

Description Commands

Description
Clears the DHCP binding entries present on a VLAN.

Syntax Description
vlan_name Specifies the VLAN of the DHCP server.

Default
N/A.

Usage Guidelines
Use this command to clear the DHCP binding entries present on a VLAN. When an
entry is deleted, all its associated entries (such as source IP lockdown, secured ARP, and
so on) and their associated ACLs, if any, are also deleted.

Example
The following command clears the DCHP binding entry temporary from the VLAN:

clear ip-security dhcp-snooping entries temporary

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

clear ip-security source-ip-lockdown entries ports

clear ip-security source-ip-lockdown entries ports [ ports | all ]

Description
Clears locked-down source IP addresses on a per-port basis.

Syntax Description
ports Specifies the port or ports to be cleared.
all Specifies that all ports are to be cleared.

162 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
Use this command to clear locked-down source IP addresses on a per port basis. This
command deletes the entries on the indicated ports and clears the associated ACLs.

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

clear ipv6 dad

clear ipv6 dad {{vr} vr_name {ipaddress} | vr all | {vlan} vlan_name}
{counters}

Description
Clears the counters for the DAD feature.

Syntax Description
vr_name Specifies a VR for which to clear the counters.
ipaddress Specifies an IPv6 address for which to clear the counters.
vlan_name Specifies a VLAN for which to clear the counters.

Default
If you do not specify a VR or VRF, the command applies to the current VR context.

Usage Guidelines
The vr all option clears the DAD counters for all IPv6 interfaces on the switch.

This command clears the DAD failure counters and removes the MAC for the conflicting
IPv6 address after the duplicate address condition has been resolved. The DAD
counters and saved MAC addresses are not automatically cleared; they must be cleared
with this command.

Switch Engine™ Command Reference Guide for version 32.7.1 163

Example Commands

Example
The following command clears the DAD counters for all IPv6 interfaces in all VRs:

clear ipv6 dad vr all

History
This command was first available in ExtremeXOS 12.6.

Platform Availability
This command is available on all Universal switches supported in this document.

clear isis counters

clear isis counters

Description
This command clears all IS-IS-related counters in the current virtual router.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
This command clears all area and VLAN counters.

The following area counters are cleared: corrupted LSPs, LSPDB overloads, manual
address from area count, LSP sequence number wraps, LSP sequence number skips,
LSP purges, partition changes, and SPF calculations.

The following VLAN counters are cleared: adjacency changes, adjacency initialization
failures, rejected adjacencies, ID field length mismatches, maximum area address
mismatches, authentication type failures, authentication failures, DIS changes, hello
PDU TX and RX count, LSP TX and RX count, CSNP TX and RX count, PSNP TX and RX
count, unknown PDU type TX and RX count.

Example
The following command clears all IS-IS counters:
clear isis counters

164 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

clear isis counters area

clear isis counters area [area_name | all]

Description
This command clears all IS-IS counters for the specified router process or all router
processes.

Syntax Description
area_name Specifies the router process for which counters are cleared.
all Clears IS-IS counters for all router processes.

Default
N/A.

Usage Guidelines
The following counters are cleared: corrupted LSPs, LSPDB overloads, manual address
from area count, LSP sequence number wraps, LSP sequence number skips, LSP
purges, partition changes, SPF calculations, authentication type failures, authentication
failures, and ID field length mismatches.

Example
The following command clears the IS-IS counters for areax:

clear isis counters area areax

History
This command was first available in ExtremeXOS 12.1.

Switch Engine™ Command Reference Guide for version 32.7.1 165

Platform Availability Commands

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

clear isis counters vlan

clear isis counters [vlan all | {vlan} vlan_name]

Description
This command clears all IS-IS counters for one or all VLANs.

Syntax Description
vlan all Clears the counters for all VLANs.
vlan_name Specifies a single VLAN for which counters are cleared.

Default
N/A.

Usage Guidelines
This command only affects VLANs that have been added to IS-IS router processes.
The following counters are cleared: adjacency changes, adjacency initialization failures,
rejected adjacencies, ID field length mismatches, maximum area address mismatches,
authentication type failures, authentication failures, DIS changes, hello PDU TX and RX
count, LSP TX and RX count, CSNP TX and RX count, PSNP TX and RX count, unknown
PDU type TX and RX count.

Example
The following command clears the IS-IS counters for all VLANs:

clear isis counters vlan all

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

166 Switch Engine™ Command Reference Guide for version 32.7.1

Commands clear l2pt counters rtep

clear l2pt counters rtep

clear l2pt counters {[vlan vlan_name {{vxlan{vr vr_name} rtep
rtep_ipv4}}}

Description
Clears L2PT RTEP counters.

Syntax Description
vlan Optionally clears counters only on a specific VLAN.
vlan_name Specifies the VLAN name.
vxlan Specifies Virtual eXtensible LAN.
vr Specifies Virtual Router.
vr_name Specifies the Virtual Router Name. If not specified, the VR
of the current command context is used.
rtep Specifies Remote Tunnel End Point.
rtep_ipv4 Specifies the Remote Tunnel End Point IPv4 address.

Default
N/A.

Usage Guidelines
Use this command to clear L2PT RTEP counters.

Example
The following example clears L2PT counters on RTEP 2.2.2.2 of VxLAN interface:
clear l2pt counters vlan tenant vxlan rtep 2.2.2.2

History
This command was first available in ExtremeXOS 31.3.

Platform Availability
This command is supported on the ExtremeSwitching 5420 and 5520 series switches,
and stacks with 5420 and 5520 slots only.

clear l2pt counters vlan

clear l2pt counters {vlan vlan_name {ports port_list}}

Switch Engine™ Command Reference Guide for version 32.7.1 167

Description Commands

Description
Clears L2PT VLAN counters.

Syntax Description
vlan Optionally clears counters only on a specific VLAN.
vman Optionally clears counters only on a specific VMAN.
vlan_name Specifies the VLAN name.
ports port_list Optionally clears counters only on specific ports of the
VLAN/VMAN. The port list is separated by a comma ( , ) or
dash ( - ).

Default
Disabled.

Usage Guidelines
Use this command to clear L2PT VLAN counters.

Example
The following example clears all L2PT counters:
clear l2pt counters

The following example clears L2PT counters on VLAN vlan1:

clear l2pt counters vlan vlan1

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

clear l2pt counters vman

clear l2pt counters {vman vman_name {ports port_list}}

Description
Clears L2PT VMAN counters.

168 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan Optionally clears counters only on a specific VLAN.
vman Optionally clears counters only on a specific VMAN.
vlan_name Specifies the VLAN name.
ports port_list Optionally clears counters only on specific ports of the
VLAN/VMAN. The port list is separated by a comma ( , ) or
dash ( - ).

Default
Disabled.

Usage Guidelines
Use this command to clear L2PT VMAN counters.

Example
The following example clears all L2PT counters:
clear l2pt counters

The following example clears L2PT counters on VMAN vlan2:

clear l2pt counters vman vlan2

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

clear l2pt counters vpls

clear l2pt counters {[vpls vpls_name {peer ipaddress} | vpws vpws_name]}

Description
Clears L2PT counters.

Syntax Description
vpls Optionally clears counters only on a specific VPLS.
vpls_name Alpha numeric string identifying VPLS VPN.

Switch Engine™ Command Reference Guide for version 32.7.1 169

Default Commands

peer ipaddress Optionally clears counters only on a specific peer of the

VPLS. The variable specifies an IPv4 address.
vpws vpws_name Optionally clears counters only on a specific VPWS. The
variable is an alphanumeric string identifying the VPWS
VPN.

Default
Disabled.

Usage Guidelines
Use this command to clear L2PT counters.

Example
The following example clears L2PT counters on peer 1.1.1.1 of VPLS vpls1:
clear l2pt counters vpls vpls1 peer 1.1.1.1

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

clear lacp counters

clear lacp counters

Description
Clears the counters associated with Link Aggregations Control Protocol (LACP).

Syntax Description
This command has no parameters or variables.

Default
N/A.

170 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This command clears the following counters for LACP; it sets these counters back to 0
for every LACP port on the device:
• LACP PDUs dropped on non_LACP ports.
• Stats:
◦ Rx - Accepted.
◦ Rx - Dropped due to error in verifying PDU.
◦ Rx - Dropped due to LACP not being up on this port.
◦ Rx - Dropped due to matching own MAC.
◦ Tx - Sent Successfully.
◦ Tx - Transmit error.

Example
The following command clears the LACP counters on all ports:
clear lacp counters

History
This command was first available in ExtremeXOS 11.3.

Platform Availability
This command is available on all Universal switches supported in this document.

clear lldp neighbors

clear lldp neighbors [all | port port_list]

Description
Clears the LLDP (Link Layer Discovery Protocol) neighbor information collected for one
or all ports on the switch.

Syntax Description
port_list Specifies one or more ports or slots and ports.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 171

Usage Guidelines Commands

Usage Guidelines
LLDP neighbor information for each port is automatically cleared after the period
defined by the TTL TLV if no update LLDP protocol data unit (LLDPDU) is received. This
command immediately clears the LLDP neighbor information for the specified ports.

Example
The following command clears the LLDP information collected for all ports on the
switch:

clear lldp neighbors all

History
This command was first available in ExtremeXOS 12.4.4.

Platform Availability
This command is available on all Universal switches supported in this document.

clear log
clear log { static | messages [memory-buffer | nvram]}

Description
Clears the log messages in memory and NVRAM.

Syntax Description
static Specifies that the messages in the NVRAM and memory-
buffer targets are cleared.
memory-buffer Clears entries from the memory buffer.
nvram Clears entries from NVRAM.

Default
N/A.

Usage Guidelines
The switch log tracks configuration and fault information pertaining to the device.

By default, log entries that are sent to the NVRAM remain in the log after a switch
reboot. The clear log and clear log messages memory-buffer commands remove
entries in the memory buffer target; the clear log static and clear log messages nvram

172 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

commands remove messages from the NVRAM target. In addition, the clear log static
command will also clear the memory buffer target.

Execution of these commands on a backup or standby node results in the clearing of

that node’s information only. Execution of these commands on the master node results
in the clearing of information on all nodes in the system.

Example
The following command clears all log messages, from the NVRAM:
# clear log static

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear log counters

clear log counters [event-condition | [all | event-component] {severity
severity {only}}]

Description
Clears the incident counters for events.

Syntax Description
event-condition Specifies the event condition counter to clear.
all Specifies that all events counters are to be cleared.
event-component Specifies that all the event counters associated with a
particular component should be cleared.
severity Specifies the minimum severity level of event counters to
clear (if the keyword only is omitted).
only Specifies that only event counters of the specified severity
level are to be cleared.

Default
If severity is not specified, then the event counters of any severity are cleared in the
specified component.

Switch Engine™ Command Reference Guide for version 32.7.1 173

Usage Guidelines Commands

Usage Guidelines
This command sets the incident counters to zero for each event specified. To display
event counters, use the following command: show log counters

See the command show log for more information about severity levels.

To get a listing of the event conditions in the system, use the following command: show
log events {details}

To get a listing of the components present in the system, use the following command:
show log components

In a SummitStack, execution of these commands on a backup or standby node results

in the clearing of that node’s information only. Execution of these commands on the
master node results in the clearing of information on all nodes in the system.

Example
The following example clears the event counters for event conditions of severity error or
greater in the component BGP:
clear log counters "BGP" severity error

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear mac-locking station

clear mac-locking station [all | {mac station_mac_address} {first-
arrival | static} {ports port_list}]

Description
Clears MAC lock station information.

Syntax Description
all Clears all MAC locking station information for end stations
connected to this switch.
station_mac_address Specifies a MAC address.
first-arrival Clears first-arrival MAC locking station information.

174 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

static Clears static MAC locking station information.

port_list Specifies one or more ports or slots and ports.

Default
N/A

Usage Guidelines
None.

Example
The following example clears all MAC locking information:
clear mac-locking station all

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear macsec counters

clear macsec counters {ports [port_list]}

Description
Clears counters for MAC Security (MACsec) encryption and authentication.

Syntax Description
ports Specifies port to configure.
port_list Lists ports to clear MACsec counters on.

Default
Counters for all MACsec ports are cleared unless you choose specific MACsec ports.

Switch Engine™ Command Reference Guide for version 32.7.1 175

Usage Guidelines Commands

Usage Guidelines
This command clears the 4 packet/octet values of the show macsec ports port-list
usage command, as well as all the statistics shown under the heading “SecY Interface
Statistics” of the show macsec ports port-list detail command.

Additionally, all MACsec port statistics are cleared by the clear counters ports
{port_list | all} command.

Example
The following example clears all MACsec counters on port 44:
# clear macsec counters ports 44

History
This command was first available in ExtremeXOS 30.1.

Platform Availability
This command is available on the following platforms.

Note
The MACsec feature requires the installation of the MAC Security feature pack
license.

Platform Ports
ExtremeSwitching 5320 All ports of all models, except 5320-24T-4X-XT,
and except stacking ports.
ExtremeSwitching 5420 All ports of all models except stacking ports.
ExtremeSwitching 5520 All ports, except 5520-VIM-4X and 5520-24X 10G
ports
ExtremeSwitching 5720 All ports of all models except stacking ports.
Extreme 7520-48YE-8CE All front-panel ports.

clear meter out-of-profile

clear meter {metername} out-of-profile {disabled-ports} {status |
counters} {ports [ all | portlist | port_group ]}

Description
This command allows the clearing of the out-of-profile status and rate-limit counter
for meters that have been exceeded. For an input meter and the entered ports, the
status option will remove the ports from the disabled port out-of-profile list for the
entered meter, re-enable ports that may have been disabled due to the out-of-profile

176 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

meter, and re-enable the syslog and traps for those ports as well. For an input meter
and the entered ports, the counter option will reset the counters. If the neither the
status nor counter option is specified, both will be cleared. If the disabled-ports options
is specified, only the out-of-profile meters that have disabled ports will be cleared.
If no options are specified, all the out-of-profile status and counters will be cleared.
If no ports are specified, the command clears the out-of-profile counter for a global
meter. Note that the effected counter and status are the aggregates of the rule based
counters for both ACL and dot1p rules.

Syntax Description
metername Meter name.
disabled-ports Clear only the meter out-of-profile status that resulted in
disabled-port action.
status Clear only the meter out-of-profile status.
counters Clear only the meter counters.
ports Clear the meter applied to a specified port-list.
all Clear meter out-of-profile status on all ports.
portlist Port list separated by a comma or -.
port_group Port group name.

Default
N/A.

Usage Guidelines
None.

Examples
clear meter out-of-profile

clear meter inmeter1 out-of-profile ports 1-5

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is availabe on all platforms.

Switch Engine™ Command Reference Guide for version 32.7.1 177

clear mld counters Commands

clear mld counters

clear mld counters {{vlan} vlan_name}

Description
Clears MLD statistics counters.

Syntax Description
vlan_name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
Use this command to manually clear MLD statistics counters.

Example
The following example clears all MLD counters for all VLANs:
clear mld counters

If a VLAN is specified, only the counters on the specific VLAN is cleared.

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

clear mld group

clear mld group {v6grpipaddress} {{vlan} name}

Description
Removes one or all MLD groups.

178 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
v6grpipaddress Specifies the group IP address.
name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
This command is used to manually remove learned MLD group entries instantly.

Example
The following command clears all MLD groups from VLAN accounting:
clear mld group accounting

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

clear mld snooping

clear mld snooping {{vlan} name}

Description
Removes one or all MLD snooping entries.

Syntax Description
name Specifies a VLAN name.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 179

Usage Guidelines Commands

Usage Guidelines
This command can be used by network operations to manually remove MLD snooping
entries instantly. However, removing an MLD snooping entry can disrupt the normal
forwarding of multicast traffic until the snooping entries are learned again.

The static and dynamic MLD snooping entries are removed, and then recreated upon
the next general query. The static router entry is removed and recreated immediately.

Example
The following command clears MLD snooping from VLAN accounting:
clear mld snooping accounting

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

clear msdp counters

clear msdp counters {peer remoteaddr | peer all | system} {vr vrname}

Description
This command resets the MSDP (Multicast Source Discovery Protocol) counters to zero.

Syntax Description
peer all Specifies all MSDP peers.
remoteaddr Specifies the IP address of the MSDP peer.
system Clears the global MSDP counters.
vrname Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current
CLI context.

Default
N/A.

180 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
The clear msdp counters command clears the following MSDP counters:
• Per peer counters:
◦ Number of SA messages received.
◦ Number of SA messages transmitted.
◦ Number of SA request messages received.
◦ Number of SA request messages transmitted.
◦ Number of SA response messages received.
◦ Number of SA response messages transmitted.
◦ Number of SA messages received without encapsulated data.
◦ Number of SA messages transmitted without encapsulated data.
◦ Number of SA messages received with encapsulated data.
◦ Number of SA messages transmitted with encapsulated data.
◦ Number of times the MSDP peer attained an “ESTABLISHED” state.
◦ Number of times the peer-RPF check failed.
◦ Number of times the TCP connection attempt failed.
◦ Total number of received messages.
◦ Total number of transmitted messages.
• Global counters:
◦ None defined.

The clear counters command will also clear all MSDP counters, but it clears the
counters for all other applications too.

Example
The following command clears the counters for an MSDP peer with the IP address
192.168.45.43:
clear msdp counters peer 192.168.45.43

The following command clears the all peer and global counters:
clear msdp counters

The following command clears all counters for a particular peer:

clear msdp counters peer 192.168.32.45

The following command clears the counters of all MSDP peers:

clear msdp counters peer all

The following command clears the global counters:

clear msdp counters system

Switch Engine™ Command Reference Guide for version 32.7.1 181

History Commands

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

clear msdp sa-cache

clear msdp sa-cache {{peer} remoteaddr | peer all} {group-address grp-
addr} {vr vrname}

Description
This command purges all SA cache entries and notifies the PIM that the SA cache is
empty.

Syntax Description
peer all Specifies all MSDP peers. All matching SA cache entries from all
peers are removed from the database.
grp-addr Specifies the IP address and subnet mask of the multicast group
you want to clear. All SA cache entries that match the specified
group address are removed from the database.
remoteaddr Specifies the IP address of the MSDP peer. All matching SA cache
entries learned from the specified peer are removed from the
database.
vrname Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current CLI
context.

Default
N/A.

Usage Guidelines
MSDP receives SA messages periodically. After clearing SA cache entries from the local
database, MSDP relearns those entries during the next advertisement from its peer.

182 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example clears SA cache records for an MSDP peer with the IP address
192.168.45.43:
clear msdp sa-cache peer 192.168.45.43

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

clear neighbor-discovery cache

clear neighbor-discovery cache ipv6 {ipv6address {vr vr_name} | vlan
vlan_name | vr vr_name} refresh

Description
Deletes a dynamic entry from the neighbor cache.

Syntax Description
vr_name Specifies a VR or VRF.
ipv6address Specifies an IPv6 address.
vlan_name Specifies an IPv6 configured VLAN.
refresh Refreshes the IPv6 neighbor discovery cache and deletes
the inactive entries.

Default
N/A.

Usage Guidelines
This command clears dynamic entries from the neighbor cache. The vr option is used
to specify the VR or VRF on which the operation is performed. When this option is
omitted, it applies to current VR context.

When the ipv6address or vlan options are specified, only the entries with matching
IPv6 addresses or that correspond to that VLAN are cleared.

Switch Engine™ Command Reference Guide for version 32.7.1 183

Example Commands

Based on the attributes you specify, the refresh attribute refreshes and deletes the
corresponding IPv6 neighbor discovery entries as follows:
• clear neighbor-discovery cache refresh—Refreshes the entire IPv6 neighbor
discovery cache and deletes all inactive entries.
• clear neighbor-discovery cache ipv6address refresh—Refreshes the
specified neighbor-discovery entry and deletes the neighbor-discovery entry if the
neighbor solicitation for the IP address fails.
• clear neighbor-discovery cache vlan vlan_name refresh—Refreshes all
neighbor-discovery entries associated with the VLAN and deletes all inactive entries
for the VLAN.
• clear neighbor-discovery cache vr vr_name refresh—Refreshes all neighbor-
discovery entries associated with the VR and deletes all inactive entries for the VR.

Example
The following example clears all entries from the neighbor cache:
clear neighbor-discovery cache

The following example refreshes all entries in the neighbor discovery cache and delete
inactive entries if the neighbor solicitation fails:
clear neighbor-discovery cache refresh

History
This command was first available in ExtremeXOS 11.2.

The refresh option was added in ExtremeXOS 15.7.1.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

clear netlogin state

clear netlogin state {port port_list}

Description
Clears and initializes the network login sessions on a VLAN port.

Syntax Description
port_list Specifies the ports to clear.

184 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
None.

Usage Guidelines
Clear the states of every MAC learned on this VLAN port and put the port back to
unauthenticated state. The port will be moved to its original VLAN if configured in
campus mode.

Example
The following command clears the Network Login state of port 2:9:

clear netlogin state port 2:9

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear netlogin state agent

clear netlogin state agent portportlist [dot1x |mac |web-based]

Description
Clears the NetLogin authentication state.

Syntax Description
port portlist Clears only for the specified ports.
dot1x Clears only the 802.1x authentication state.
mac Clears only the MAC authentication state.
web-based Clears only web-based authentication state.

Default
N/A

Switch Engine™ Command Reference Guide for version 32.7.1 185

Example Commands

Example
The following example clears the dot1x authentication state on port 1:
clear netlogin state agent port 1 dot1x

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear netlogin state mac-address

clear netlogin state mac-address mac

Description
Initialize/reset the network login sessions for a specified supplicant.

Syntax Description
mac Specifies the MAC address of the supplicant.

Default
N/A.

Usage Guidelines
This command is essentially equivalent to a particular supplicant logging out. The
MAC address will be cleared from the FDB, the port is put back to its original VLAN
(for campus mode), and the port state is set to unauthenticated, if this was the last
authenticated MAC on this port.

Example
The following command resets the Network Login session for the supplicant with the
MAC address of 00:e0:18:01:32:1f:

clear netlogin state mac-address 00:e0:18:01:32:1f

History
This command was first available in ExtremeXOS 11.1.

186 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

clear network-clock gptp counters

clear network-clock gptp ports counters {ports [port_list | all]}

Description
Clears gPTP port counters.

Syntax Description
gptp IEEE 802.1AS Generalized Precision Time Protocol.
counters gPTP port counters.
port_list Specifies one or more of the switch's physical ports.
all Specifies all of the switch's physical ports.

Default
N/A.

Usage Guidelines
Use this command to clear gPTP port counters. The command clear counters also
clears the gPTP port counters (along with all other counters).

Example
clear network-clock gptp counters
clear network-clock gptp counters ports 2-4
clear network-clock gptp counters ports all

History
This command was first available in ExtremeXOS 15.3

Platform Availability
This command is available on all platforms if the AVB feature pack license is installed on
the switch.

clear nodealias
clear nodealias { ports [port_list | all] | alias-id alias_id }

Switch Engine™ Command Reference Guide for version 32.7.1 187

Description Commands

Description
This command clears alias entries out of the Node Alias feature database. You can clear
information by specified port(s) or alias ID. Node Alias discovers information about the
end systems on a per-port basis. Information from packets from end systems, such
as VLANID, source MAC address, source IP address, protocol, etc. are captured in a
database that can be queried.

Syntax Description
nodealias Node Alias feature that maps source IP address, MAC
address, host name, and protocol on a per port basis.
ports Designates that you want to clear node alias information
for the selected ports.
port_list Specifies from which ports to clear node alias information.
Designated as a port list separated by comma (,) or dash (-).
all Clears node alias information from all ports.
alias-id Designates that you want to clear node alias information
for the specified alias ID from all ports.
alias_id Specifies the alias ID that you want information cleared for
from the database.

Default
None.

Usage Guidelines
If the port is part of a LAG (Link Aggregation Group), this command is only allowed on
the master port.

Example
The following example clears all node alias entries on port 7:
clear nodealias ports 7

The following example clear node alias entries for alias ID 716168949 from all ports:
clear nodealias alias-id 716168949

History
This command was first available in ExtremeXOS 22.2.

Platform Availability
This command is available on all Universal switches supported in this document.

188 Switch Engine™ Command Reference Guide for version 32.7.1

Commands clear ospf counters

clear ospf counters

clear ospf counters { interfaces [all | vlan vlan_name | area area-
identifier] | area [all | area-identifier] | virtual-link [all |
router-identifier area-identifier] | neighbor [all | routerid [ip-
address {ip-mask} | ipNetmask] | vlan vlan_name]| system}

Description
Clears the OSPF (Open Shortest Path First) counters (statistics).

Syntax Description
vlan_name Specifies a VLAN name.
router-identifier Specifies a router interface number.
area-identifier Specifies an OSPF area.
ip-address Specifies an IP address
ip-mask Specifies a subnet mask.
ipNetmask Specifies IP address / Netmask.
system Specifies the OSPF system counters.

Default
N/A.

Usage Guidelines
The global command clear counters also clears all OSPF counters. This global
command is the equivalent of clear ospf counters for OSPF.

Example
The following command clears the OSPF counters for area 1.1.1.1:

clear ospf counters area 1.1.1.1

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 189

clear ospfv3 counters Commands

clear ospfv3 counters

clear ospfv3 counters {interfaces [[vlan | tunnel] all | {vlan} vlan-
name | {tunnel} tunnel-name | area area-identifier] | virtual-link
[all | {routerid} router-identifier {area} area-identifier]}

Description
Clears the OSPFv3 (Open Shortest Path First version 3) counters (statistics).

Syntax Description
all Specifies all VLANs, tunnels, areas, neighbors, or virtual-
links.
vlan_name Specifies an IPv6 configured VLAN.
tunnel_name Specifies an IPv6 tunnel.
router-identifier Specifies a router identifier, a four-byte, dotted decimal
number.
area_identifier Specifies an OSPFv3 area, a four-byte, dotted decimal
number.

Default
N/A.

Usage Guidelines
The global command clear counters also clears all OSPFv3 counters. This global
command is the equivalent of clear ospfv3 counters for OSPFv3.

This command can be used to clear various OSPFv3 counters (Interface, Area, Virtual-
Link, System etc.). The following is the list of various counters that would be reset to
zero by this command:
• Neighbor specific counters:
◦ Number of state changes.
◦ Number of events.
• Interface/VLAN/Virtual-link/Tunnel specific counters:
◦ Hellos Rxed
◦ Hellos Txed
◦ DB Description Rxed
◦ DB Description Txed
◦ LSA Request Rxed
◦ LSA Request Txed
◦ LSA Update Rxed
◦ LSA Update Txed

190 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

◦ LSA Ack Rxed

◦ LSA Ack Txed
◦ In Discards

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

clear pim cache

clear pim {ipv4 | ipv6} cache {group_addr {source_addr}}

Description
Clears PIM multicast cache table.

Syntax Description
ipv4 Specifies an IPv4 address.
ipv6 Specifies an IPv6 address.
group_addr Specifies a group address.
source_addr Specifies a source IP address.

Default
If no options are specified, all PIM cache entries are flushed.

Usage Guidelines
This command can be used by network operators to manually remove IPMC software
and hardware forwarding cache entries instantly. If the stream is available, caches are
re-created; otherwise, caches are removed permanently. This command can disrupt the
normal forwarding of multicast traffic.

Example
The following example resets the IP multicast table for group 224.1.2.3:
clear pim cache 224.1.2.3

Switch Engine™ Command Reference Guide for version 32.7.1 191

History Commands

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

clear pim snooping

clear pim snooping {vlan} name

Description
Clears all PIM snooping neighbors, joins received on the VLAN, and the VLAN
forwarding entries.

Syntax Description
name Specifies the VLAN to which this command applies.

Default
N/A.

Usage Guidelines
None.

Example
The following command clears the PIM snooping database for the Default VLAN:
clear pim snooping "Default"

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the PIM snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

192 Switch Engine™ Command Reference Guide for version 32.7.1

Commands clear port rate-limit flood

clear port rate-limit flood

clear port [all | port_list | port_group ] rate-limit flood out-of-
profile {disabled-ports} {status | counter}

Description
This command clears the counter and/or status of ports of a flood rate-limiter that may
have had their limit exceeded.

Syntax Description
port_list Clears a port list.
port_group Clears a port group.
all Clears all ports.
out-of-profile Clears only out-of-profile rate-limiters.
disabled-ports Clears only ports that have been disabled due to out-of-
profile status.
both Clears out-of-profile status and counter for rate-limiter.
status Clears only out-of-profile status for rate-limiter.
counter Clear only out-of-profile counter for rate-limiter.

Default
All.

Usage Guidelines
The clear ports rate-limit flood out-of-profile command allows the clearing
of the counter and/or status of ports of a flood rate-limiter that may have had their
limit exceeded. For the entered ports, the status option removes the ports from the
disabled port out-of-profile list, re-enables ports that may have been disabled due to
out-of-profile rate-limit, and re-enables the syslog and traps for those ports as well. For
the entered ports, the counter option resets the counters. If neither option is specified,
both the status and counter will be cleared. If the disabled-ports option is specified,
only the out-of-profile statuses that have disabled ports will be cleared. If no options are
specified, all out-of-profile statuses will be cleared.

Example
clear ports all rate-limit flood out-of-profile
clear ports all rate-limit flood out-of-profile disabled-ports
clear ports fldGroupA rate-limit flood out-of-profile status
clear ports 1-24 rate-limit flood out-of-profile counter

Switch Engine™ Command Reference Guide for version 32.7.1 193

History Commands

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear ports link-flap-detection counters

clear ports [port_list | all] link-flap-detection counters

Description
Clears the counters related to port link-flapping.

Syntax Description
ports Physical ports.
port_list List of ports that you want to clear the link flap counters on.
all Selects all ports in the system to have their link-flap
counters cleared.
counters Counters related to link flapping.

Default
N/A

Example
The following example clears the link flap counters for ports 4 through 12:
clear ports 4-12 link-flap-detection counters

History
This command was first available in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear ports link-flap-detection status

clear ports [port_list | all] link-flap-detection status

194 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Manually enables ports that have been disabled due to excessive link-flapping.

Syntax Description
ports Physical ports.
port_list List of ports that you want to enable that were disabled
due to excessive link flapping.
all Enables all ports in the system that were disabled due to
excessive link flapping.
status Enable ports currently in disabled state due to excessive
link flapping.

Default
N/A

Usage
Ports that have been disabled due to excessive link flapping cannot be enabled using
the enable port command. They must be enabled using the clear ports link-
flap-detection status command.

Example
The following example re-enables all ports on the switch that were disabled due to
excessive link flapping:
clear ports all link-flap-detection status

History
This command was first available in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear port rate-limit flood

clear port [all | port_list | port_group ] rate-limit flood out-of-
profile {disabled-ports} {status | counter}

Description
This command clears the counter and/or status of ports of a flood rate-limiter that may
have had their limit exceeded.

Switch Engine™ Command Reference Guide for version 32.7.1 195

Syntax Description Commands

Syntax Description
port_list Clears a port list.
port_group Clears a port group.
all Clears all ports.
out-of-profile Clears only out-of-profile rate-limiters.
disabled-ports Clears only ports that have been disabled due to out-of-
profile status.
both Clears out-of-profile status and counter for rate-limiter.
status Clears only out-of-profile status for rate-limiter.
counter Clear only out-of-profile counter for rate-limiter.

Default
All.

Usage Guidelines
The clear ports rate-limit flood out-of-profile command allows the clearing
of the counter and/or status of ports of a flood rate-limiter that may have had their
limit exceeded. For the entered ports, the status option removes the ports from the
disabled port out-of-profile list, re-enables ports that may have been disabled due to
out-of-profile rate-limit, and re-enables the syslog and traps for those ports as well. For
the entered ports, the counter option resets the counters. If neither option is specified,
both the status and counter will be cleared. If the disabled-ports option is specified,
only the out-of-profile statuses that have disabled ports will be cleared. If no options are
specified, all out-of-profile statuses will be cleared.

Example
clear ports all rate-limit flood out-of-profile
clear ports all rate-limit flood out-of-profile disabled-ports
clear ports fldGroupA rate-limit flood out-of-profile status
clear ports 1-24 rate-limit flood out-of-profile counter

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear process group statistics

clear process group statistics {vital | other}

196 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
This command clears the memory- and CPU-related statistics of "Vital" and/or “Other"
(non-vital) groups.

Syntax Description
statistics Designates clearing statistics for the process groups.
vital Selects clearing statistics for the "vital" process group.
If you make no selection, statistics for both groups are
cleared.
other Selects clearing statistics for the "non-vital" process group.
If you make no selection, statistics for both groups are
cleared.

Default
If you make no selection, statistics for both groups are cleared.

Example
The following example clears statistics for the "vital" group:
clear process group statistics vital

History
This command was first available in ExtremeXOS 22.2.

The exos option was removed in ExtremeXOS 31.5.

The vital option was first available in ExtremeXOS 31.5

Platform Availability
This command is available on all Universal switches supported in this document.

clear rip counters

clear rip counters

Description
Clears the RIP (Routing Information Protocol) counters (statistics).

Syntax Description
This command has no arguments or variables.

Switch Engine™ Command Reference Guide for version 32.7.1 197

Default Commands

Default
N/A.

Usage Guidelines
None.

Example
The following command clears the RIP statistics counters:
# clear rip counters

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

clear ripng counters

clear ripng counters {vlan vlan-name | tunnel tunnel-name}

Description
Clears the RIPng (Routing Information Protocol Next Generation) global or interface-
specific counters (statistics).

Syntax Description
vlan-name Specifies an IPv6 configured VLAN.
tunnel-name Specifies an IPv6 tunnel.

Default
N/A.

Usage Guidelines
None.

198 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command clears the RIPng statistics counters:

clear ripng counters

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.ature-link-22.1"/>

clear screen
clear screen

Description
This command clears the screen of a login session with the termcaps-defined capability
and returns the prompt to the top.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear session
clear session [history | sessId | all]

Switch Engine™ Command Reference Guide for version 32.7.1 199

Description Commands

Description
Terminates a Telnet and/or SSH2 sessions from the switch.

Syntax Description
history Clears the chronology of sessions that were opened.
sessId Specifies a session number from show session output to
terminate.
all Terminates all sessions.

Default
N/A.

Usage Guidelines
An administrator-level account can disconnect a management session that has been
established by way of a Telnet connection.

You can determine the session number of the session you want to terminate by using
the show session command. The output of this command displays information about
current Telnet and/or SSH2 sessions including:
• The session number.
• The login date and time.
• The user name.
• The type of Telnet session.
• Authentication information.

Depending on the software version running on your switch, additional session

information may be displayed. The session number is the first number displayed in
the show session output.

When invoked to the clear the session history, the command clears the information
about all the previous sessions that were logged. The information about the active
sessions remains intact.

Example
The following example terminates session 4 from the system:
clear session 4

History
This command was first available in ExtremeXOS 10.1.

200 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

clear slot
clear slot slot

Description
Clears a slot of a previously assigned module type.

Syntax Description
slot Specifies the slot number.

Default
N/A.

Usage Guidelines
All configuration information related to the node and the ports on the switch is erased.
If a node is present when you issue this command, the switch is reset to default
settings.

If a node is configured for one type of switch, and a different type of switch is inserted in
the stack, the inserted node is put into a mismatch state (where the inserted node does
not match the configured node), and is not brought online. To use the new switch type
in a node, the node configuration must be cleared or configured for the new switch
type. Use the enable mirroring to port tagged command to configure the node.

Example
The following command clears node 2 of a previously assigned switch type:

clear slot 2

The following command clears slot 4 of a previously assigned switch type in a stack:

clear slot 4

History
This command was first available in ExtremeXOS 10.1.

Switch Engine™ Command Reference Guide for version 32.7.1 201

Platform Availability Commands

Platform Availability
This command is available on SummitStacks.

clear stpd ports

clear stpd stpd_name ports port_list protocol-migration

Description
Resets the partner Spanning Tree Protocol version to the configured version.

Syntax Description
stpd_name Specifies an STPD (Spanning Tree Domain) name on the
switch.
port_list Specifies the port list, which can be separated with a
comma or a dash.
protocol-migration Resets the partner protocol mode to configured mode.

Default
N/A

Usage Guidelines
STP detects the spanning tree version on a network and sends out the equivalent
BPDU. If this switch receives a legacy IEEE 802.1D configuration BPDU (a BPDU
with the protocol version set to 0), Protocol Migration feature supports the forcefully
allowing the user to choose the version, where a switch supporting MSTP (Multiple
Spanning Tree Protocol) is forced to behave as STP or RSTP.

For example, three bridges on shared media, two of are configured dot1w (RSTP) and
one is dot1d (legacy STP) mode

These bridges will transmit STP BPDUs on their connected ports since one of the peers
is in dot1d mode. If the dot1d mode configured bridge leaves this shared media the
remaining two bridges will keep sending STP BPDUs even though they should use RTP
BPDUs normally. By using this feature we can clear the STP BPDU transmission and
starts sending the RSTP BPDUs.

Example
The following example resets the protocol migration for the port 1:10 in STP domain r1:
clear stpd r1 ports 1:10 protocol-migration

202 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

clear switch bluetooth

clear switch bluetooth device [all | address]

Description
Clears either all paired Bluetooth devices or a particular paired device.

Syntax Description
switch Designates clearing switch information.
bluetooth Designates clearing Bluetooth information.
device Designates clearing Bluetooth devices.
all Clears all Bluetooth devices.
address Clears only the Bluetooth device at the specified MAC
address.

Default
N/A.

Usage Guidelines
To clear all paired Bluetooth devices, use the all option.

To clear only a specific device, use the address option. To find the address of a specific
Bluetooth device, use the show switch bluetooth [statistics | inventory]
command without the statistics option.

To enable Bluetooth capabilites, use the enable switch bluetooth {discovery |

pairing } command.

Example
The following example clears all Bluetooth devices:
# clear switch bluetooth device all

Switch Engine™ Command Reference Guide for version 32.7.1 203

History Commands

The following example clears the Bluetooth device at address 00:04:96:9a:46:48:

# clear switch bluetooth device 00:04:96:9a:46:48

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

clear vm storage
clear vm storage

Description
Formats the virtual machine (VM) storage module (SSD) for use.

Syntax Description
vm Designates a virtual machine.
storage Specifies formatting disk storage (VM storage module) for
use by VMs.

Default
N/A.

Usage Guidelines
None.

Example
The following example formats VM storage:
# clear vm storage

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all platforms that support the Integrated Application
Hosting (IAH) feature and have a Core or Premier license installed. For a list of platforms

204 Switch Engine™ Command Reference Guide for version 32.7.1

Commands clear vlan dhcp-address-allocation

that support the IAH feature and for information about licenses, see the Switch Engine
32.7.1 Feature License Requirements.

clear vlan dhcp-address-allocation

clear vlan vlan_name dhcp-address-allocation [[all {offered | assigned |
declined | expired}] | ipaddress]

Description
Removes addresses from the DHCP allocation table.

Syntax Description
vlan_name Specifies the VLAN of the DHCP server.
all Specifies all IP addresses, or all IP addresses in a particular
state.
offered Specifies IP addresses offered to clients.
assigned Specifies IP addresses offered to and accepted by clients.
declined Specifies IP addresses declined by clients.
expired Specifies IP addresses whose lease has expired and not
renewed by the DHCP server.
ipaddress Specifies a particular IP address.

Default
N/A.

Usage Guidelines
You can delete either a single entry, using the IP address, or all entries. If you use the all
option, you can additionally delete entries in a specific state.

Example
The following command removes all the declined IP addresses by hosts on the VLAN
temporary:

clear vlan temporary dhcp-address-allocation all declined

History
This command was first available in ExtremeXOS 11.0.

Switch Engine™ Command Reference Guide for version 32.7.1 205

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure access-list
configure access-list aclname [any | ports port_list | vlan vlan_name]
{ingress}

Description
Configures an access list to the specified interface.

Syntax Description
aclname Specifies the ACL policy file name.
any Specifies that this ACL is applied to all interfaces as the
lowest precedence ACL.
port_list Specifies the ingress or egress port list on which the ACL is
applied.
vlan_name Specifies the VLAN on which the ACL is applied.
ingress Apply the ACL to packets entering the switch on this
interface.

Default
The default direction is ingress.

Usage Guidelines
The access list applied in this command is contained in a text file created either
externally to the switch or using the edit policy command. The file is transferred to
the switch using TFTP before it is applied to the ports. The ACL name is the file name
without its “.pol” extension. For example, the ACL blocknetfour would be in the file
blocknetfour.pol.

Specifying the keyword any applies the ACL to all the ports, and is referred to as the
wildcard ACL. This ACL is evaluated for ports without a specific ACL applied to it, and is
also applied to packets that do not match the ACL applied to the interface.

Example
The following command configures the ACL policy test to port 1:2 at ingress:

configure access-list test ports 1:2

206 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The following command configures the ACL mydefault as the wildcard ACL:

configure access-list mydefault any

The following command configures the ACL policy border as the wildcard egress ACL:

configure access-list border any egress

History
This command was first available in ExtremeXOS 10.1.

The VLAN option was first available in ExtremeXOS 11.0.

The egress option was first available in ExtremeXOS 11.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure access-list action-resolution highest-priority

configure access-list action-resolution highest-priority

Description
This command puts user ACLs into "highest priority only" action resolution mode.

Syntax Description
This command has no arguments or variables.

Default
Multiple.

Usage Guidelines
Use this command to put user ACLs into "highest priority only" action resolution
mode. All of the static policies and dynamic ACL rules that are installed after this
command has been executed execute only the actions of the highest priority rule
that has being matched, even if there are matches in the lower priority virtual slices
with non-conflicting actions. This behavior is achieved by putting all virtual slices used
by user ACLs into the same virtual group. However, all the policies and dynamic ACL
rules that were installed prior to the execution of this command would stay in their
separate virtual groups. As a result of this, the rules installed prior to the execution of
this command will execute non- conflicting actions from the matches in lower priority
virtual slices in addition to executing all the actions of the highest priority match. If a

Switch Engine™ Command Reference Guide for version 32.7.1 207

History Commands

save and reboot was done after this command has being executed, all static policies
and dynamic ACL rules will operate in "highest priority only" action resolution mode.

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure access-list action-resolution multiple

configure access-list action-resolution multiple

Description
This command puts user ACLs into "multiple matches" action resolution mode. All the
static policies and dynamic ACL rules that are installed after this command is entered
would execute all the actions of the highest priority rule that has being matched as well
as all non conflicting actions from the matches in the lower priority virtual slices.

Syntax Description
This command has no arguments or variables.

Default
Multiple.

Usage Guidelines
Use this command to put user ACLs into "multiple matches" action resolution mode.
All the static policies and dynamic ACL rules that are installed after this command
is entered would execute all the actions of the highest priority rule that has been
matched as well as all non-conflicting actions from the matches in the lower priority
virtual slices.

This behavior is achieved by putting all virtual slices used by user ACLs into separate
virtual groups. However, all the policies and dynamic ACL rules that were installed
prior to the execution of this command would stay in their old single virtual group. As
a result, the rules installed prior to the execution of this command will execute only
the actions of the highest priority match. If the save and reboot was done after this
command has being executed, all static policies and dynamic ACL rules will operate in
"multiple matches" action resolution mode. "Multiple matches" is the default mode on
the switch, and if none of action-resolution commands has being executed the switch
will operate in "multiple matches" resolution mode.

208 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure access-list add

configure access-list add dynamic_rule [ [[first | last] {priority
p_number} {zone zone} ] | [[before | after] rule] | [ priority
p_number {zone zone} ]] [ any | vlan vlan_name | ports port_list ]
{ingress | egress}

Description
Configures a dynamic ACL rule to the specified interface and sets the priority and zone
for the ACL.

Syntax Description
dynamic_rule Specifies a dynamic ACL rule.
first Specifies that the new dynamic rule is to be added as the
first rule.
last Specifies that the new dynamic rule is to be added as the
last rule.
priority Priority of rule within a zone.
p_number Specifies the priority number of the rule within a zone. The
range is from 0 (highest priority) to 7 (lowest priority).
zone Specifies the ACL zone for the rule.
before rule Specifies that the new dynamic rule is to be added before
an existing dynamic rule.
after rule Specifies that the new dynamic rule is to be added after
an existing dynamic rule.
any Specifies that this ACL is applied to all interfaces.
vlan_name Specifies the VLAN on which this ACL is applied.
port_list Specifies the ports on which this ACL is applied.
ingress Apply the ACL to packets entering the switch on this
interface.
egress Apply the ACL to packets leaving the switch from this
interface.

Default
The default direction is ingress.

Switch Engine™ Command Reference Guide for version 32.7.1 209

Usage Guidelines Commands

Usage Guidelines
The dynamic rule must first be created before it can be applied to an interface. Use the
following command to create a dynamic rule:
create access-list dynamic-rule conditions actions {non-permanent}

When a dynamic ACL rule is applied to an interface, you will specify its precedence
among any previously applied dynamic ACLs. All dynamic ACLs have a higher
precedence than any ACLs applied through ACL policy files.

Specifying the keyword any applies the ACL to all the ports, and is referred to as the
wildcard ACL. This ACL is evaluated for ports without a specific ACL applied to them,
and is also applied to packets that do not match the ACL applied to the interface.

The priority keyword can be used to specify a sub-zone within an application’s space.
For example, to place ACLs into three sub-zones within the CLI application, you can use
three priority numbers, such as 2, 4, and 7.

Configuring priority number 1 is the same as configuring first priority. Configuring

priority number 8 is the same as configuring last priority.

Example
The following command applies the dynamic ACL icmp-echo as the first (highest
precedence) dynamic ACL to port 1:2 at ingress:

configure access-list add icmp-echo first ports 1:2

The following command applies the dynamic ACL udpdacl to port 1:2, with a higher
precedence than rule icmp-echo:

configure access-list add udpacl before icmp-echo ports 1:2

History
This command was first available in ExtremeXOS 11.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure access-list delete

configure access-list delete ruleName [ any | vlan vlan_name | ports
port_list | all] {ingress | egress}

Description
Removes a dynamic ACL rule from the specified interface.

210 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
ruleName Specifies a dynamic ACL rule name.
any Deletes this ACL as the wildcard ACL.
vlan_name Specifies the VLAN on which this ACL is deleted.
port_list Specifies the ports on which this ACL is deleted.
all Deletes this ACL from all interfaces.
ingress Deletes the ACL for packets entering the switch on this
interface.
egress Deletes the ACL for packets leaving the switch from this
interface.

Default
The default direction is ingress.

Usage Guidelines
Specifying the keyword all removes the ACL from all interfaces it is used on.

Example
The following command removes the dynamic ACL icmp-echo from the port 1:2:

configure access-list delete icmp-echo ports 1:2

History
This command was first available in ExtremeXOS 11.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure access-list network-zone

configure access-list network-zone zone_name [add | delete] [mac-address
macaddress {macmask} | ipaddress [ipaddress {netmask} | ipNetmask |
ipv6_address_mask]]

Description
Adds or removes IP and MAC addresses to and from the network-zone.

Switch Engine™ Command Reference Guide for version 32.7.1 211

Syntax Description Commands

Syntax Description
network-zone Logical group of remote devices.
zone_name Specifies the network-zone name.
add Adds a logical group of entities to the network-zone.
delete Deletes a logical group of entities to the network-zone.
mac-address MAC address.
macaddress Specifies the MAC address to be added/removed to/from
the network-zone.
macmask Specifies the MAC Mask. Example FF:FF:FF:00:00:00.
ipaddress Specifies IPv4 address.
ipaddress Specifies the IP address.
netmask Specifies IP netmask.
ipNetmask Specifies the IP address/Netmask.
ipv6_address_mask Specifies IPv6 address/IPv6 prefix length.

Default
N/A.

Usage Guidelines
Use this command to to add or remove IP/MAC addresses to/from the network-zone.

Example
The following command adds an IPv6 IP address to network-zone “zone1”:

Switch# configure access-list network-zone zone1 add ipaddress

11.1.1.1/32

If you try to add the same IP/MAC with the same or narrow mask, the configuration is
rejected, with the following error message.

Switch #configure access-list network-zone "zone1" add ipaddress 11.1.1.1/24

Error: Network Zone "zone1" - Zone already has the same entity value with same or wider
mask.

If you try to add more than eight attributes to a network-zone, the following error
message is printed.

Switch #configure access-list network-zone "zone1" add ipaddress 11.1.1.1/24

Error: Network Zone "zone1" - Reached maximum number of attributes. Unable to add more.

212 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure access-list rule-compression port-counters

configure access-list rule-compression port-counters [shared |
dedicated]

Description
Switches between ACL configuration modes.

Syntax Description
shared Sharing is “on” for counter rules.
dedicated Sharing is “off” for counter rules.

Default
Dedicated.

Usage Guidelines
Use this command to switch between two ACL configuration modes. In the first mode,
“port-counters shared”, similar port-based ACL rules with counters are allowed to share
the same hardware entry. This uses less space but provides an inaccurate counter
value. In the second mode, “port-counters dedicated”, similar port-based ACL rules with
counters are not allowed to share the same hardware entry, thereby consuming more
entries but providing a precise count.

Only ACLs that are entered after this command is entered are affected. The command
does not affect any ACLs that are already configured.

To configure all ACLs in shared mode, configure access-list rule-compression port-

counters shared must be entered before any ACLs are configured or have been saved in
the configuration when a switch is booted.

This is a global setting for the switch; that is, the option does not support setting some
ACL rules with shared counters and some with dedicated counters.

To view the results of the configuration use the show access-list configuration
command.

Switch Engine™ Command Reference Guide for version 32.7.1 213

Example Commands

Example
The following command configures ACL rules with counters to share the same
hardware entry:

configure access-list rule-compression port-counters shared

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure access-list vlan-acl-precedence

configure access-list vlan-acl-precedence [dedicated | shared]

Description
Configures precedence mode for policy-file based ACLs that are applied on a VLAN.

Syntax Description
dedicated Allocates exclusive precedence for VLAN-based ACLs.
shared VLAN-based ACLs share the precedence with other ACLs.

Default
Dedicated.

Usage Guidelines
The following feature applies to only policy-file based ACLs that are applied on a
VLAN. Use this command to switch between two VLAN-based ACL configuration
modes. In the shared vlan-aclprecedence mode, VLAN-based ACL rules share the
same precedence with other types of ACL rules and provides the same behavior
as in the previous software releases. In the dedicated vlan-acl-precedence mode,
VLAN-based ACL rules have different precedence compared to other types of ACL
rules and this is the default mode. The dedicated mode yields improved installation
performance for VLAN based access-lists but may affect hardware rule utilization in
some configurations.

After configuring, you are prompted to reboot the system for the changes to take
effect.

214 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command allocates exclusive precedence for VLAN-based static ACL
rules:

configure access-list vlan-acl-precedence dedicated

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure access-list width

configure access-list width [double | single] [slot slotNo | all]

Description
Configures the TCAM width of a switch.

Syntax Description
double Specifies a double wide ACL TCAM. Provides double wide
ACL key with additional qualifiers.
single Specifies a single wide ACL TCAM.
slotNo Specifies the slot to configure.
all Specifies all slots.

Default
Single.

Usage Guidelines
Note
This command is not applicable to the ExtremeSwitching X870 series switches.
Key width is applied automatically on X870 switches.

Use this feature to configure the width of the ACL TCAM key of a slot or switch to be
either double wide or single wide.

The switch must be rebooted for the configuration change to take effect.

Switch Engine™ Command Reference Guide for version 32.7.1 215

Example Commands

If you attempt to configure a double wide mode on a slot or switch that does not
support it, an error message is displayed.

To display the configured mode, use the show access-list width command.

Example
The following command configures slot 1 to use double wide mode:
# configure access-list width double slot 1

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure access-list zone

configure access-list zone name zone-priority number
configure access-list zone name move-application appl_name to-zone name
application-priority number
configure access-list zone name {add} application appl_name
application_priority number
configure access-list zone name delete application appl_name

Description
Configures the priority of a zone; moves an application from one zone to another at a
specified priority; adds an application to a zone with a specified priority, or changes the
priority of an application within a zone; deletes an application from a zone.

Syntax Description
name Specifies a a zone name.
zone-priority number Sets the priority of the zone.
move-application Specifies the name of an application to be moved.
appl_name
to-zone name Specifies the zone to which the application is moved.
application-priority Sets the priority of the application within the zone. The
number range is from 0 (highest priority) to 7 (lowest priority).
add Adds an application to a zone at a specified priority.

216 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

application appl_name Specifies the application to be added to the zone.

application_priority Sets the priority of a new or existing application within a
number number zone. The range is from 0 (highest priority) to 7 (lowest
priority).

Default
N/A.

Usage Guidelines
To configure the priority of a specific zone, use the syntax:
configure access-list zone name zone-priority number

To move an application from one zone to another, and set its priority in the new zone,
use the syntax:
configure access-list zone name move-application appl-name to-zone name
application-priority number

To add an application to a zone and specify its priority or to change the priority of an
application within a zone, use the syntax:
configure access-list zone name {add} application appl-name
application_priority number

To delete an application from a zone, use the syntax:

configure access-list zone name delete application appl-name

Example
The following command adds the CLI application to the zone myzone at a priority of 6:

configure access-list zone myzone add cli application-priority 6

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure account
configure account [all | name]

Switch Engine™ Command Reference Guide for version 32.7.1 217

Description Commands

Description
Configures a password for the specified account, either user account or administrative
account.

Syntax Description
all Specifies all accounts (and future users).
name Specifies an account name.

Default
N/A.

Usage Guidelines
You must create a user or administrative account before you can configure that
account with a password.

Use the create account command to create a user account.

The system prompts you to specify a password after you enter this command. You must
enter a password for this command; passwords cannot be null and cannot include the
following characters: “<“, “>”, and “?”.

Note
Once you issue this command, you cannot have a null password. However,
if you want to have a null password (that is, no password on the specified
account), use the create account command.

Passwords can have a minimum of 0 character and can have a maximum of 32

characters. Passwords are case-sensitive. User names are not case-sensitive.

Note
If the account is configured to require a specific password format, the
minimum is 8 characters. See configure account password-policy char-
validation for more information.

You must have administrator privileges to change passwords for accounts other than
your own.

Example
The following example defines a new password green for the account marketing:
configure account marketing

The switch responds with a password prompt:

password: green

218 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

Your keystrokes will not be echoed as you enter the new password. After you enter the
password, the switch will then prompt you to reenter it:
Reenter password: green

Assuming you enter it successfully a second time, the password is now changed.

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure account encrypted

configure account [all | name] encrypted e-password

Description
Encrypts the password that is entered in plain text for the specified account, either user
account or administrative account.

Syntax Description
all Specifies all accounts (and future users).
name Specifies an account name.
e-password Enter in plain text the string you for an encrypted
password. See Usage Guidelines for more information.

Default
N/A.

Usage Guidelines
You must create a user or administrative account before you can configure that
account with a password.

Use the create account account command to create a user account.

When you use this command, the following password that you specify in plain text
is entered and displayed by the switch in an encrypted format. Administrators should
enter the password in plain text. The encrypted password is then used by the switch
once it encrypts the plain text password. The encrypted command should be used by
the switch only to show, store, and load a system-generated encrypted password in

Switch Engine™ Command Reference Guide for version 32.7.1 219

Example Commands

configuration; this applies with the following commands: save configuration, show
configuration, and use configuration.

Note
Once you issue this command, you cannot have a null password. However,
if you want to have a null password (that is, no password on the specified
account), use the create account command.

Passwords can have a minimum of 0 character and can have a maximum of 32

characters. Passwords are case-sensitive. User names are not case-sensitive.

Note
If the account is configured to require a specific password format, the
minimum is 8 characters. See configure account password-policy char-
validation for more information.

You must have administrator privileges to change passwords for accounts other than
your own.

Example
The following command encrypts the password red for the account marketing:

configure account marketing encrypted red

History
This command was first available in ExtremeXOS 11.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure account password-policy char-validation

configure account [all | name] password-policy char-validation [none |
all-char-groups]

Description
Requires that the user include an upper-case letter, a lower-case letter, a digit, and a
symbol in the password.

Syntax Description
all Specifies all users (and future users).
name Specifies an account name.

220 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

none Resets password to accept all formats.

all-char-groups Specifies that the password must contain at least two
characters from each of the four groups.

Note: The password minimum length will be eight

characters if you specify this option.

Default
N/A.

Usage Guidelines
This feature is disabled by default.

Once you issue this command, each password must include at least two characters of
each of the following four types:
• Upper-case A-Z.
• Lower-case a-z.
• 0-9.
• !, @, #, $, %, ^, *, (, ).

The minimum number of characters for these specifically formatted passwords is 8

characters and the maximum is 32 characters.

Use the none option to reset the password to accept all formats.

Example
The following example requires all users to use this specified format for all passwords:
configure account all password-policy char-validation all-char-groups

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure account password-policy history

configure account [all | name] password-policy history [num_passwords |
none]

Switch Engine™ Command Reference Guide for version 32.7.1 221

Description Commands

Description
Configures the switch to verify the specified number of previous passwords for the
account. The user is prevented from changing the password on a user or administrative
account to any of these previously saved passwords.

Syntax Description
all Specifies all accounts (and future users).
name Specifies an account name.
num_passwords Specifies the number of previous passwords the system
verifies for each account. The range is 1 to 10 passwords.
none Resets the system to not remember any previous
passwords.

Default
N/A.

Usage Guidelines
Use this command to instruct the system to verify new passwords against a list of all
previously used passwords, once an account successfully changes a password.

The limit is the number of previous passwords that the system checks against in the
record to verify the new password.

If this parameter is configured, the system returns an error message if a user attempts
to change the password to one that is saved by the system (up to the configured limit)
for that account; this applies to both user and administrative accounts. This also applies
to a configured password on the default admin account on the switch.

The limit of previous passwords that the system checks for previous use is configurable
from 1 to 10. Using the none option disables previous password tracking and returns the
system to the default state of no record of previous passwords.

Example
The following command instructs the system to verify that the new password has not
been used as a password in the previous 5 passwords for the account engineering:

configure account engineering password-policy history 5

History
This command was first available in ExtremeXOS 11.2.

222 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure account password-policy lockout-on-login-failures

configure account [all | name] password-policy lockout-on-login-failures
[on | off]

Description
Disables an account after the user has three consecutive failed login attempts.

Syntax Description
all Specifies all users (and future users).
name Specifies an account name.
on Specifies an account name.
off Resets the password to never lockout the user.

Default
N/A.

Usage Guidelines
If you are not working on SSH, you can configure the number of failed logins
that trigger lockout, using the configure cli max-failed-logins num-of-logins
command.

This command applies to sessions at the console port of the switch as well as all
other sessions and to user-level and administrator-level accounts. This command locks
out the user after 3 consecutive failed login attempts; the user’s account must be
specifically re-enabled by an administrator.

Using the off option resets the account to allow innumerable consecutive failed
login attempts, which is the system default. The system default is that three failed
consecutive login attempts terminate the particular session, but the user may launch
another session; there is no lockout feature by default.

Note
The switch does not allow to lock out of at least one administrator account.

Example
The following command enables the account finance for lockout.

Switch Engine™ Command Reference Guide for version 32.7.1 223

History Commands

After three consecutive failed login attempts, the account is subsequently locked out:
configure account finance password-policy lockout-on-login-failures on

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure account password-policy lockout-time-period

configure account [all | name] password-policy lockout-time-period
[num_mins | until-cleared]

Description
This command allows you to configure the lockout time period (ranging from one
minute to one hour).

Syntax Description
all Configure all accounts.
name Configure a specific account name.
num_min Number of minutes (1-60) account is locked after max-
failed-logins, unless unlocked via clear account name
lockout.
until-cleared Account is locked after max-failed-logins until unlocked via
clear account name lockout.

Default
Until-cleared.

Usage Guidelines
Use this command to configure the lockout time period (ranging from one minute to
one hour. Note that fail safe and admin accounts will also be locked out if lockout time
period is specified. If there is more than one admin account, admin will be locked out
even if the lockout time period is set to indefinite.

History
This command was first available in ExtremeXOS 16.1.

224 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure account password-policy max-age

configure account [all | name] password-policy max-age [num_days | none]

Description
Configures a time limit for the passwords for specified accounts. The passwords for the
default admin account and the failsafe account do not age out.

Syntax Description
all Specifies all accounts (and future users).
name Specifies an account name.
num_days Specifies the length of time that a password can be used.
The range is 1 to 365 days.
none Resets the password to never expire.

Default
N/A.

Usage Guidelines
The passwords for the default admin account and the failsafe account never expire.

The time limit is specified in days, from 1 to 365 days. Existing sessions are not closed
when the time limit expires; it will not open the next time the user attempts to log in.

When a user logs into an account with an expired password, the system first verifies
that the entered password had been valid prior to expiring, and then prompts the user
to change the password.

Note
This is the sole time that a user with a user-level (opposed to an administrator-
level) account can make any changes to the user-level account.

Using the none option prevents the password for the specified account from ever
expiring (it resets the password to the system default of no time limit).

To set a minimum lifespan for passwords, use the configure account [all | name]
password-policy min-age [num_days | none] command.

In the case of conflicting settings between these two commands, a setting requiring a
password change overrides a setting that prohibits a password change. For example, if

Switch Engine™ Command Reference Guide for version 32.7.1 225

Example Commands

max-age is set to 10 days, thus requiring a password change in 10 days, and a min-age is
set to 20 days, attempting to forbid a password change until 20 days, the configuration
to change the password after 10 days takes precedence over the configuration to not
change the password for 20 days.

To view the current selection for the maximum lifespan for passwords, use the show
accounts password-policy command.

Example
The following command sets a 3-month time limit for the password for the account
marketing:
# configure account marketing password-policy max-age 90

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure account password-policy min-age

configure account [all | name] password-policy min-age [num_days | none]

Description
Configures a minimum password lifespan.

Syntax Description
all Applies the configuration to all accounts.
name Applies the configuration to the account of the specified
name.
password-policy Specifies configuring the account password policy.
min-age Specifies the minimum lifespan of passwords.
num_days Specifies a minimum lifespan of passwords in days. Range
is 1 to 365 days.
none Specifies no limitation on the minimum lifespan for
passwords (default).

Default
The default is no minimum lifespan for passwords.

226 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Similar to the configure account [all | name] password-policy max-age
[num_days | none] command, which requires a password change after a
configurable number of days, this command configures a lifespan, or minimum age.
Having a minimum lifespan ensures that multiple password changes are not made in
quick succession.

In the case of conflicting settings between these two commands, a setting requiring a
password change overrides a setting that prohibits a password change. For example, if
max-age is set to 10 days, thus requiring a password change in 10 days, and a min-age is
set to 20 days, attempting to forbid a password change until 20 days, the configuration
to change the password after 10 days takes precedence over the configuration to not
change the password for 20 days.

To view the current selection for the minimum lifespan for passwords, use the show
accounts password-policy command.

Example
The following example sets a minimum lifespan of 10 days for all accounts:
# configure account all password-policy min-age 10

History
This command was first available in ExtremeXOS 30.7.

Platform Availability
This command is available on all Universal switches supported in this document.

configure account password-policy min-different-characters

configure account [all |name] password-policy min-different-characters
[count]

Description
When changing a password, configures the number of characters in the revised
password that must be changed from the existing password.

Syntax Description
all Applies the configuration to all accounts.
name Applies the configuration to the account of the specified
name.
password-policy Specifies configuring the account password policy.

Switch Engine™ Command Reference Guide for version 32.7.1 227

Default Commands

min-different- Specifies the minimum number of different characters

characters between a previous and new password.
count Specifies the number of characters required to be different
between the previous and new password. The range is 0–
16. The default is 0.

Default
The default for the minimum number of different characters is 0.

Usage Guidelines
This command allows you to configure a variable number of characters that must
be changed from the existing password when a new password is created. If the new
password is longer than the original password, the “extended” characters of the new
password are counted as different from the prior password. If the new password is
shorter than the existing password, only the new password characters determine the
number of characters that are different.

For example, if you specify 8 for the number of characters that must be different:

This combination would count as 9 different characters, and would pass:

• Current password: MyChoice
• New password: MyChoiceButLonger

This combination would count as zero different characters, and would fail:
• Current Password: MyChoiceButLonger
• New password: MyChoice

To view the current selection for the minimum number of different characters for
changed passwords, use the show accounts password-policy command.

Example
The following example configures the minimum number of different characters for
changed passwords to be "3" for all accounts:
# configure account all password-policy min-different-characters 3

History
This command was first available in ExtremeXOS 30.7.

Platform Availability
This command is available on all Universal switches supported in this document.

228 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure account password-policy min-length

configure account password-policy min-length

configure account [all | name] password-policy min-length
[num_characters | none]

Description
Requires a minimum number of characters for passwords.

Syntax Description
all Specifies all accounts (and future users).
name Specifies an account name.
num_characters Specifies the minimum number of characters required for
the password. The range is 1–32 characters.

Note: If you configure the configure account password-

policy char-validation parameter, the minimum
length is eight characters.

none Resets password to accept a minimum of 0 characters.

Note: If you configure the configure account encrypted

parameter, the minimum length is eight characters.

Default
N/A.

Usage Guidelines
Use this command to configure a minimum length restriction for all passwords for
specified accounts.

This command affects the minimum allowed length for the next password; the current
password is unaffected.

The minimum password length is configurable from 1–32 characters. Using the none
option disables the requirement of minimum password length and returns the system
to the default state (password minimum is 0 by default).

Note
If the account is configured to require a specific password format, the
minimum is 8 characters. See configure account password-policy char-
validation for more information.

Switch Engine™ Command Reference Guide for version 32.7.1 229

Example Commands

Example
The following command requires a minimum of 8 letters for the password for the
account management:
configure account management password-policy min-length 8

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure account privilege

configure account [all | name] privilege [admin | user]

Description
Changes the privileges of an existing user account.

Syntax Description
account Login account.
all Specifies all accounts.
name Specifies a specific user account.
privilege Change the account privilege.
admin Administrative privilege.
user User (non-administrative) privilege.

Default
None.

Usage Guidelines
If an account is changed, any sessions that are currently logged in with that account
are cleared, and therefore forced to login again with the new privilege. If the specified
account is logged in to a session that cannot be cleared, an error message appears. If
the account privilege is not changed by the option selected in the command for the
specified acount(s) (account already has that privilege), the request is ignored and any
sessions logged in with the account are not cleared.

If you attempt to remove administrative privileges from the sole account having
administrative privilege, you receive an error message.

230 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example adds administrative privilege to an account called "my_name":
configure account my_name privilege admin

History
This command was first available in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure auto-peering oneconfig bootprelay

configure auto-peering one-config bootprelay [add | delete] [ip_address
| ipv6_address] vr vrname

Description
For Auto-peering, adds dynamic BOOTP relay servers that the DHCP relay agent uses
to forward DHCP traffic received from host attachments.

Syntax Description
auto-peering Specifies Auto-peering.
one-config Specifies changing the BGP Auto-peering OneConfig
configuration.
bootprelay Specifies configuring dynamic BOOTP relay service applied
to dynamically created VRFs.
add Adds dynamic BOOTP relay server.
delete Deletes dynamic BOOTP relay server.
ip_address Specifies the IPv4 address of the BOOTP relay server.
ipv6_address Specifies the IPv6 address of the BOOTP relay server.
vr Specifies selecting the virtual router (VR) If you do not
specify a VR or VRF, the current VR context is used.
vrname Specifies the VR name.

Default
If you do not specify a VR or VRF, the current VR context is used.

Usage Guidelines
Dynamic BOOTP relay services are configured after the dynamic VRF is installed on the
device.

Switch Engine™ Command Reference Guide for version 32.7.1 231

Example Commands

Example
The following example adds dynamic BOOTP relay server at "50.1.101.105" for VR "red":
# configure auto-peering oneconfig bootprelay add 50.1.101.105 vr red

History
This command was first available in ExtremeXOS 31.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure auto-peering oneconfig id

configure auto-peering one-config id [none | id]

Description
Configures the ID used by each device when automatically forming an adjacency with
an BGP Auto-peering neighbor.

Syntax Description
auto-peering Specifies Auto-peering.
one-config Specifies changing the BGP Auto-peering OneConfig
configuration.
id Specifies configuring the BPG Auto-peering ID that devices
advertise to neighbors.
none Removes the current ID.
id Specifies the ID.

Default
N/A.

Usage Guidelines
All devices in an Auto-peering cluster have the same ID. Neighbors with different IDs
must match the Remote ID table.

Example
The following example configures the ID as "123":
# configure auto-peering one-config id 123

232 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 31.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure auto-peering one-config iproute

configure auto-peering one-config iproute [add | delete] [host | hostv6]
[[ipaddress {netmask} | ipNetmask] gateway | ipNetmaskv6 gatewayv6]
{vr vrname }

Description
Configures a list of OneConfig dynamic Auto-peering static routes.

Syntax Description
auto-peering Specifies Auto-peering.
one-config Specifies changing the BGP Auto-peering OneConfig
configuration.
iproute Specifies configuring the dynamic IP route configured
when the host IP address attaches to the device.
add Adds route.
delete Deletes routes.
host Specifies the IPv4 host address.
hostv6 Specifies the IPv6 host address.
ipaddress Specifies the IPv4 address.
netmask Specifies the IPv4 netmask.
ipNetmask Specifies the IPv4 netmask/mask.
gateway Specifies the IPv4 gateway address.
ipNetmaskv6 Specifies the IPv6 address/netmask.
\gatewayv6 Specifies the IPv6 gateway address.
vr Specifies selecting the virtual router (VR) If you do not
specify a VR or VRF, the current VR context is used.
vrname Specifies the VR name.

Default
If you do not specify a VR or VRF, the current VR context is used.

Switch Engine™ Command Reference Guide for version 32.7.1 233

Usage Guidelines Commands

Usage Guidelines
The switch holds the static route in the dynamic database until the host attaches to the
switch. The routes are applied in the route table when the host IP address is discovered
on a local access port. They are removed when the host is no longer connected to the
device. To see if the host routes are properly installed, use the show iproute {ipv4}
{priority | vlan vlan_name | permanent | ip_address netmask | summary}
{multicast | unicast} {vr vrname}} command.

Example
The following example adds the static IP route for host 50.1.102.101, IP/netmask
60.1.1.0/24, gateway 50.1.102.101 on VR "red":
# configure auto-peering oneconfig iproute add 50.1.102.101 60.1.1.0/24 50.1.102.101 vr
red

History
This command was first available in ExtremeXOS 31.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure auto-peering one-config nsi-id

configure auto-peering one-config nsi-id id type [nsi | vrf] [add
| delete] [[ipaddress {netmask} | ipNetmask ] | ipNetmaskv6] {vr
vrname }

Description
Specifies a list of OneConfig dynamic auto-peering services.

Syntax Description
auto-peering Specifies Auto-peering.
one-config Specifies changing the BGP Auto-peering OneConfig
configuration.
nsi-id Specifies setting the Network Service (NSI) ID for dynamic
L3 configuration
id Specifies the NSI ID.
type Specifies configuring the NSI ID type.
nsi Specifies NSI ID type as NSI.
vrf Specifies NSI ID type as VRF.
add Adds subnet.

234 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

delete Deletes subnet.

ipaddress Specifies the IP address.
netmask Specifies the IP netmask.
ipNetmask Specifies the IPv4 address/netmask.
ipNetmaskv6 Specifies IPv6 address/netmask
vr Specifies selecting the virtual router (VR) If you do not
specify a VR or VRF, the current VR context is used.
vrname Specifies the VR name.

Default
If you do not specify a VR or VRF, the current VR context is used.

Usage Guidelines
The configuration is held on each node and is inactive until a VLAN/NSI binding is
made to a dynamic VLAN. After the NSI is discovered, the configuration associated
with the NSI on the VLAN is applied. This consists of creating the VRF as needed,
applying IPv4 and IPv6 prefixes, enabling Anycast IP, and enabling IP Forwarding
on the mapped VLAN. The mechanism to assign VLAN to NSI mapping is done by
following methods: policy by RADIS, and Fabric Attach; the VXLAN virtual network and
VNI/NSI is dynamically created by the VXLAN service.

Example
The following example configures an NSI ID "1000" for type "VRF" on VR "red":
# configure auto-peering one-config nsi 1000 type VRF add vr red

History
This command was first available in ExtremeXOS 31.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure auto-peering oneconfig overlay

configure auto-peering one-config overlay [add | delete] server [address
| addressv6] {type bgp-rr } {id id} {password [none | {encrypted}
password]}

Description
Configures the Auto-peering overlay service database entries.

Switch Engine™ Command Reference Guide for version 32.7.1 235

Syntax Description Commands

Syntax Description
auto-peering Specifies Auto-peering.
one-config Specifies changing the BGP Auto-peering OneConfig
configuration.
overlay Specifies overlay database containing centralized EVPN
information.
add Overlay add server.
delete Overlay delete server.
server Specifies the server.
address Specifies the IPv4 server address/
addressv6 Specifies the IPv6 server address/
type Specifies the overlay database type.
bgp-rr Specifies overlay database type BGP route reflector.
id Specifies the configuring the overlay database ID.
id Specifies the overlay database ID.
• For BGP-RR—AS number.
• For Redis—port number.

password Specifies configuring the password for the overlay

database.
none Removes the current password.
encrypted Specifies encrypted format for the password.
password Specifies the password/secret key.

Default
N/A.

Usage Guidelines
The overlay database allows the VXLAN edge technologies to dynamically span across
brown field networks. For BGP-RR the ID represents the AS number, and for Redis, it
represents the port to connect to.

Example
The following example configures the overlay database of type BGP-RR at "50.1.133.105"
with ID "2000":
# configure auto-peering oneconfig overlay add server 50.1.133.105 type BGP-RR id 2000

History
This command was first available in ExtremeXOS 31.1.

236 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure auto-peering one-config password

configure auto-peering one-config password [none | {encrypted}
tcpPassword]

Description
Configures the auto-peering TCP MD5 password devices will configure in the TCP MD5.

Syntax Description
auto-peering Specifies Auto-peering.
one-config Specifies changing the BGP Auto-peering OneConfig
configuration.
password Configures the password for Auto peering neighbors.
none Removes the current password
encrypted Specifies that the password is in encrypted format.
tcpPassword Specifes the TCP MD5 password/secret-key.

Default
N/A.

Usage Guidelines
Changing auto peering password might cause peers to be disconnected if passwords
do not match.

Example
The following example sets the password to "123":
# configure auto-peering one-config password 123

History
This command was first available in ExtremeXOS 31.1.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 237

configure auto-peering one-config remote id Commands

configure auto-peering one-config remote id

configure auto-peering one-config remote id [add | delete] id {password
[none | {encrypted} tcpPassword]}

Description
Configures a list of unique values that identify the remote Auto-peering devices to
which this device can also automatically form an adjacency.

Syntax Description
auto-peering Specifies Auto-peering.
one-config Specifies changing the BGP Auto-peering OneConfig
configuration.
remote Specifies a remote device connecting in the Auto-peering
network.
id Specifies configuring the BPG Auto-peering ID that devices
advertise to neighbors.
add Specifies adding a remote ID.
delete Specifies deleting a remote ID.
id Specifies the ID.
password Configures the password for Auto peering neighbors.
none Removes the current password
encrypted Specifies that the password is in encrypted format.
tcpPassword Specifies the TCP MD5 password/secret-key.

Default
N/A.

Usage Guidelines
Not specifying a password will result in unsecure peering. Remote ID neighbors can
use MD5 passwords for neighboring security. The lower ID password is used.

Example
The following example adds the remote Auto-peering device with ID "2222" and sets
the password as "123":
# configure auto-peering one-config remote id add 2222 password 123

238 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 31.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure auto-provision cloud-connector server

configure auto-provision cloud-connector server [vr ( vr_name | none) |
ipaddress (ip_address | none)]

Description
Configures the either the virtual router or the IP address for the Cloud Connector to
use.

Syntax Description
vr Specifies the virtual router for Cloud Connector to use..
vr_name Specifies the virtual router name.
ipaddress Specifies the on-premises network management server IP
address, which overrides the DNS resolved IP address.
ip_address Specifies the on-premises network management server IP
address.
none Specifies the use of the auto-discovered information from
auto-provision discovery.

Default
N/A.

Usage Guidelines
This command allows you to troubleshoot the Instant Port profile installed.

Example
The following example configures VR-Mgmt as the virtual router for Cloud Connector.
configure auto-provision cloud-connector server vr VR-Mgmt

The following example configures the on-premises network management server IP

address as 10.139.12.70 for Cloud Connector.
configure auto-provision cloud-connector server ipaddress 10.139.12.70

Switch Engine™ Command Reference Guide for version 32.7.1 239

History Commands

History
This command was first available in version 32.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure automation edge connect/disconnect

configure automation edge [connect | disconnect] database database_name

Description
Connects or disconnects an Automation Edge remote VXLAN (Virtual Extensible LAN)
network identifier (VNI)-device database.

Syntax Description
automation Designates configuring Automation Edge VXLAN VNI-
device database information.
edge Designates configuring Automation Edge VXLAN VNI-
device database information.
connect Designates connecting to the specified database.
disconnect Designates disconnecting from the specified database.
database Designates connecting or disconnecting a database.
database_name Sets the database name that you are connecting or
disconnecting.

Default
N/A.

Usage Guidelines
To connect to another new database, an existing database must be disconnected first.
To view the connected database, use the command show database database_name

Example
The following example connects the database "database1":
# configure automation edge connect database database1

The following example disconnects the database "database1":

# configure automation edge disconnect database database1

240 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 31.1 as a demonstration feature.

This command is fully supported in ExtremeXOS 31.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure banner
configure banner {after-login | { before-login } { acknowledge } |
before-login {acknowledge} save-to-configuration}

Description
Configures the banner string to be displayed for CLI screens.

Syntax Description
after-login Specifies that a banner be displayed after login.
before-login Specifies that a banner be displayed before login.
acknowledge Require acknowledgement of the banner before login.
save-to-configuration Save the before login banner to the configuration file as
well as non-volatile memory.

Default
N/A.

Usage Guidelines
Use this command to configure two types of banners:
• A banner for a CLI session that displays before login.
• A banner for a CLI session that displays after login.

If no optional parameters are specified, the command defaults to configuring a banner

that is displayed before the CLI session login prompt.

For each CLI session banner, you can enter up to 24 rows of 79-column text.

Press [Return] at the beginning of a line to terminate the command and apply the
banner. To clear the banner, press [Return] at the beginning of the first line.

Note
The system does not wait for a keypress when you use SSH for access; this only
applies to the serial console login sessions and Telnet sessions.

Switch Engine™ Command Reference Guide for version 32.7.1 241

Example Commands

To disable the acknowledgement feature, use the configure banner command

omitting the acknowledge parameter.

To display any configured banners, use the show banner command.

To unconfigure one or more configured banners, use the unconfigure banner

command.

Example
The following example add the text "test" before the pre-login prompt:
# configure banner before-login
test

# logout
Do you wish to save your configuration changes to primary.cfg? (y/N)
Y
test

login:
# show banner

Before-Login banner:
test

Acknowledge: Disabled
Save to : Non-volatile memory only

After-Login banner:

History
This command was first available in ExtremeXOS 10.1.

The acknowledge parameter was added in ExtremeXOS 11.5.

The after-login option was added in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure bfd vlan

configure bfd vlan vlan_name [{detection-multiplier multiplier}
{receive-interval rx_interval} {transmit-interval tx_interval}]

Description
Configures BFD transmit (TX) and receive (RX) intervals and multipliers on the VLAN.

242 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan_name Specifies the VLAN.
multiplier Specifies the detection multiplier. The range is 1 to 255.
rx_interval Specifies the receive interval for control packets in
milliseconds. The range is 100 to 4294967 ms. (3 to 4294967
ms if hardware assist is enabled).
tx_interval Specifies the transmit interval for control packets in
milliseconds. The range is 100 to 4294967 ms. (3 to 4294967
ms if hardware assist is enabled).

Default
The default value for RX and TX intervals is 1000 ms.

The default value for the detection-multiplier is 3.

Usage Guidelines
Use this command to configure BFD.

Use the show bfd vlan command to display the current settings.

Example
The following command configures a transmit and receive interval of 2000 ms and a
detection multiplier of 2 on the VLAN vlan1:
# configure bfd vlan vlan1 detection-multiplier 2 receive-interval 2000 transmit-interval
2000

Receive interval of 0
An rx_interval value of 0 means that this system does not want to receive any
periodic BFD Control packets. A system may transmit a value of 0 for the Required
MinRX Interval to indicate that the remote system should send no packets.
# configure bfd vlan vlan1 detection-multiplier 2 receive-interval 0 transmit-interval
2000

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 243

configure bfd vlan authentication Commands

configure bfd vlan authentication

configure bfd vlan vlan_name authentication [none | simple-password
{encrypted encrypted_password | password }]

Description
Configures authentication for BFD on a VLAN.

Syntax Description
vlan_name Specifies the VLAN name.
none Specifies that no authentication is to be used. (Default)
encrypted Indicates that the password is already encrypted.
password Specifies a simple password to use to authenticate.

Default
The authentication default is none.

Usage Guidelines
Use this command to configure authentication for BFD on a VLAN using a password or
specify that none is required.

Use the show bfd vlan command to display the authentication setting.

The encrypted keyword is primarily for the output of the show configuration command,
so that the password is not revealed in the command output. Do not use it to set the
password

Example
The following command configures authentication using the password password:
# configure bfd vlan vlan1 authentication simple-password password

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

244 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure bgp add aggregate-address

configure bgp add aggregate-address

configure bgp add aggregate-address {address-family [ipv4-unicast |
ipv4-multicast |ipv6-unicast | ipv6-multicast]} ipaddress/masklength
{as-match | as-set} {summary-only} {advertise-policy policy}
{attribute-policy policy}

Description
Configures a BGP aggregate route.

Syntax Description
address-family Specifies an IPv4 or IPv6 unicast or multicast address
family.
ipaddress/masklength Specifies an IP network address and mask length.
as-match Generates autonomous system sequence path information
(order of AS numbers in AS_PATH is preserved).
as-set Generates autonomous system set path information (order
of AS numbers in AS_PATH is not preserved).
summary-only Specifies to send only aggregated routes to the neighbors.
advertise-policy Specifies the policy used to select routes for this
aggregated route.
attribute-policy Specifies the policy used to set the attributes of the
aggregated route.

Default
If no address family is specified, IPv4 unicast is the default.

N/A.

Usage Guidelines
Route aggregation is the process of combining the characteristics of several routes
so that they are advertised as a single route. Aggregation reduces the amount of
information that a BGP speaker must store and exchange with other BGP speakers.
Reducing the information that is stored and exchanged also reduces the size of the
routing table.

Before you can create an aggregate route, you must enable BGP aggregation using the
following command:
enable bgp aggregation

Switch Engine™ Command Reference Guide for version 32.7.1 245

Example Commands

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
If the specified address is an IPv4 address, an IPv4 address family must be
specified with the command. If the specified address is an IPv6 address, an
IPv6 address family must be specified with the command.

BGP supports overlapping routes. For example, you can configure both of the following
aggregate addresses:
• 192.0.0.0/8
• 192.168.0.0/16

After you create an aggregate route, the aggregate route remains inactive until
BGP receives a route with an IP address and mask that conforms to an aggregate
route. When a conforming route is received, the aggregate route becomes active
and is advertised to BGP neighbors. If the summary-only option is specified, only
the aggregate route becomes active and is advertised. If the summary-only option is
omitted, any conforming aggregate routes and the received route are advertised to
BGP neighbors.

Example
The following command configures a BGP aggregate route:
configure bgp add aggregate-address 192.1.1.4/30

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for overlapping aggregate addresses was added in ExtremeXOS 12.1.3.

Support for IPv6 was added in ExtremeXOS 12.6-BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp add confederation-peer sub-AS-number

configure bgp add confederation-peer sub-AS-number number

246 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Adds a sub-AS to a confederation.

Syntax Description
number Specifies a sub-AS number of the confederation. The range
is 1 to 4294967295.

Default
N/A.

Usage Guidelines
Before you can add a sub-AS to a confederation on the switch, you must disable any
BGP neighbor sessions that are configured with the same AS number as a remote AS
number. To disable BGP neighbor sessions, use the following command:
disable bgp neighbor [remoteaddr | all]

Invoke the configure bgp add confederation-peer sub-AS-number command

multiple times to add multiple sub-ASs.

IBGP requires networks to use a fully-meshed router configuration. This requirement

does not scale well, especially when BGP is used as an interior gateway protocol.
One way to reduce the size of a fully-meshed AS is to divide the AS into multiple
sub-autonomous systems and group them into a routing confederation. Within
the confederation, all BGP speakers in each sub-AS must be fully-meshed. The
confederation is advertised to other networks as a single AS.

The AS number is a 4-byte AS number in either the ASPLAIN or the ASDOT format as
described in RFC 5396, Textual Representation of Autonomous System (AS) Numbers.

Example
The following example adds one sub-AS to a confederation using the ASPLAIN 4-byte
AS number format:
configure bgp add confederation-peer sub-AS-number 65536

The following example adds one sub-AS to a confederation using the ASDOT 4-byte AS
number format:
configure bgp add confederation-peer sub-AS-number 1.15

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Switch Engine™ Command Reference Guide for version 32.7.1 247

Platform Availability Commands

Support for 4-byte AS numbers was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature,see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp add network

configure bgp add network {address-family [ipv4-unicast | ipv4-multicast
|ipv6-unicast | ipv6-multicast]} ipaddress/masklength {network-policy
policy}

Description
Adds a network to be originated from this router.

Syntax Description
address-family Specifies an IPv4 or IPv6 unicast or multicast address family.
ipaddress/ Specifies an IP network address and mask length.
masklength
policy Name of policy to be associated with network export. Policy can
filter and/or change the route parameters.

Default
If no address family is specified, IPv4 unicast is the default.

N/A.

Usage Guidelines
The network must be present in the routing table.

Using the export command to redistribute routes complements the redistribution of

routes using the configure bgp add network command. The configure bgp add
network command adds the route to BGP only if the route is present in the routing
table. The enable bgp export command redistributes an individual route from the
routing table to BGP. If you use both commands to redistribute routes, the routes
redistributed using the network command take precedence over routes redistributed
using the export command.

248 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
If the specified address is an IPv4 address, an IPv4 address family must be
specified with the command. If the specified address is an IPv6 address, an
IPv6 address family must be specified with the command.

Example
The following command adds a network to be originated from this router:

configure bgp add network 192.1.1.16/32

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature,see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp as-display-format

configure bgp as-display-format [asdot | asplain]

Description
Configures the AS number format displayed in show commands.

Syntax Description
asdot Specifies the ASDOT format.
asplain Specifies the ASPLAIN format.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 249

Usage Guidelines Commands

Usage Guidelines
The ASPLAIN and ASDOT formats are described in RFC 5396, Textual Representation of
Autonomous System (AS) Numbers.

Example
The following command selects the ASDOT 4-byte AS number format:
configure bgp as-display-format asdot

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp as-number

configure bgp AS-number number

Description
Changes the local AS number used by BGP.

Syntax Description
number Specifies a local AS number. The range is 1 to 4294967295.

Default
N/A.

Usage Guidelines
BGP must be disabled before the AS number can be changed.

This command applies to the current VR or VRF context.

The AS number is a 4-byte AS number in either the ASPLAIN or the ASDOT format as
described in RFC 5396, Textual Representation of Autonomous System (AS) Numbers.

250 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command specifies a local AS number using the ASPLAIN 4-byte AS
number format:

configure bgp AS-number 65551

The following command specifies a local AS number using the ASDOT 4-byte AS
number format:

configure bgp AS-number 1.15

Note
To remove the configured bgp as-number, assign as-number value as 0, i.e.
configure bgp AS-number 0.

The following command configures the BGP router ID:

configure bgp routerid

Note
To remove the configured bgp routerid, give routerid value as 0.0.0.0 i.e.
configure bgp routerid 0.0.0.0.

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for 4-byte AS numbers was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp cluster-id

configure bgp cluster-id cluster-id

Description
Configures the local cluster ID.

Switch Engine™ Command Reference Guide for version 32.7.1 251

Syntax Description Commands

Syntax Description
cluster-id Specifies a 4 byte field used by a route reflector to
recognize updates from other route reflectors in the same
cluster. The range is 0 - 4294967295.

Default
N/A.

Usage Guidelines
BGP must be disabled before the cluster ID can be changed.

Used when multiple route reflectors are used within the same cluster of clients.

Example
The following command appends a BGP route reflector cluster ID to the cluster list of a
route:

configure bgp cluster-id 40000

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp confederation-id

configure bgp confederation-id confederation-id

Description
Specifies a BGP routing confederation ID.

Syntax Description
confederation-id Specifies a routing confederation identifier, which is a 4-
byte AS number in the range of 1 to 4,294,967,295.

252 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
IBGP requires that networks use a fully-meshed router configuration. This requirement
does not scale well, especially when BGP is used as an interior gateway protocol.
One way to reduce the size of a fully-meshed AS is to divide the AS into multiple
sub-autonomous systems and group them into a routing confederation. Within the
confederation, each sub-AS must be fully-meshed. The confederation is advertised to
other networks as a single AS.

The confederation ID is a 4-byte AS number in either the ASPLAIN or the ASDOT

format as described in RFC 5396, Textual Representation of Autonomous System (AS)
Numbers.

BGP must be disabled before the confederation ID can be changed.

Use a confederation ID of 0 to indicate no confederation. You cannot unconfigure

the confederation ID while confederation peers are configured. You must delete the
confederation peers before you unconfigure the confederation ID.

Example
The following command specifies a BGP routing confederation ID using the ASPLAIN
4-byte AS number format:

configure bgp confederation-id 65551

The following command specifies a BGP routing confederation ID using the ASDOT
4-byte AS number format:

configure bgp confederation-id 1.15

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for 4-byte AS numbers was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 253

configure bgp delete aggregate-address Commands

configure bgp delete aggregate-address

configure bgp delete aggregate-address {address-family [ipv4-unicast
| ipv4-multicast |ipv6-unicast | ipv6-multicast]} [ ipaddress/
masklength | all]

Description
Deletes one or all BGP aggregated routes.

Syntax Description
address-family Specifies an IPv4 or IPv6 unicast or multicast address
family.
ipaddress/masklength Specifies an IP network address and netmask length.
all Specifies all aggregated routes in the specified address
family. If you do not specify an address family, all
aggregated routes in all address families are deleted.

Default
N/A.

Usage Guidelines
Route aggregation is the process of combining the characteristics of several routes
so that they are advertised as a single route. Aggregation reduces the amount of
information that a BGP speaker must store and exchange with other BGP speakers.
Reducing the information that is stored and exchanged also reduces the size of the
routing table.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
If the specified address is an IPv4 address, an IPv4 address family must be
specified with the command. If the specified address is an IPv6 address, an
IPv6 address family must be specified with the command.

Example
The following command deletes a BGP aggregate route:

configure bgp delete aggregate-address 192.1.1.4/30

254 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp delete confederation-peer sub-AS-number

configure bgp delete confederation-peer sub-AS-number number

Description
Specifies a sub-AS that should be deleted from a confederation.

Syntax Description
sub-AS-number Specifies a sub-AS.

Default
N/A.

Usage Guidelines
Before you can change the configuration with this command, you must disable the
BGP neighbors in the confederation using the following command:
disable bgp neighbor [remoteaddr | all]

Example
The following command deletes a sub-AS from a confederation using the ASPLAIN
4-byte AS number format:

configure bgp delete confederation-peer sub-AS-number 65551

The following command deletes a sub-AS from a confederation using the ASDOT 4-
byte AS number format:

configure bgp delete confederation-peer sub-AS-number 1.15

Switch Engine™ Command Reference Guide for version 32.7.1 255

History Commands

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for 4-byte AS numbers was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp delete network

configure bgp delete network {address-family [ipv4-unicast | ipv4-
multicast |ipv6-unicast | ipv6-multicast]} [all | ipaddress/
masklength]

Description
Deletes a network to be originated from this router.

Syntax Description
address-family Specifies an IPv4 or IPv6 unicast or multicast address
family.
all Specifies all networks for the specified address family. If
no address family is specified, all networks for all address
families are deleted.
ipaddress/masklength Specifies an IP network address and netmask length.

Default
N/A.

Usage Guidelines
If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
If the specified address is an IPv4 address, an IPv4 address family must be
specified with the command. If the specified address is an IPv6 address, an
IPv6 address family must be specified with the command.

256 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command deletes a network to be originated from this router:

configure bgp delete network 192.1.1.12/30

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp evpn ignore-as

configure bgp evpn ignore-as [on | off]

Description
Configures treatment of the antonymous system (AS) part of the route target.

Syntax Description
bgp BGP capability.
evpn EVPN protocol.
ignore-as Configure treatment of the AS part of the route target.
on Specifies that route target matching ignore the AS part of
the route target (default).
off Specifies that route target matching not ignore the AS part
of the route target.

Default
By default, route target matching ignores the AS part of the route target.

Usage Guidelines
To view the current setting for ignore-as, use the show bgp evpn command.

Switch Engine™ Command Reference Guide for version 32.7.1 257

Example Commands

Example
The following example configures route target matching to ignore the AS as part of the
route target:
# configure bgp evpn ignore-as on

History
This command was first available in ExtremeXOS 31.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature,see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp evpn instance rd

configure bgp evpn instance evpn_instance_name rd [rd_value | auto]

Description
Configures route distinguishers for an EVPN instance.

Syntax Description
bgp BGP capability.
evpn EVPN protocol.
instance Specifies configuring an EVPN instance
evpn_instance_name Specifies name of the EVPN instance.
rd Specifies configuring route distinguisher.
rd_value Route distinguisher in format <admin>:<assigned
number>.
auto Specifes auto-derived route distinguisher values (default).

Default
By default, auto-derived route distinguisher values are used.

Example
The specifies auto-derived route distinguisher values for the EVPN instance "my_evpn":
# configure bgp evpn instance my_evpn rd auto
Warning: Changing RD value for EVPN instance my_evpn from to 'auto calculated' instance
will be reset

258 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature,see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp evpn instance route-target

configure bgp evpn instance evpn_instance_name route-target {import |
export | both} [add | delete] route_target

Description
Configures route targets for an EVPN instance.

Syntax Description
bgp BGP capability.
evpn EVPN protocol.
instance Specifies configuring an EVPN instance
evpn_instance_name Specifies name of the EVPN instance.
route-target Designates setting the route target association. Default is
autoderived import and export.
import Selects import route target.
export Selects export route target.
both Specifies import and export route target mode (default).
add Adds a route target.
delete Deletes a route target.
route_target Route target in format <global-admin-value>:<local-admin-
value>.

Default
By default, if you do not specify route target, then the auto-derived values are used.

If you do not specify, import and export route target mode applies

Switch Engine™ Command Reference Guide for version 32.7.1 259

Usage Guidelines Commands

Usage Guidelines
For EBGP applications of EVPN, the auto-derived values will not match between BGP
peers since local autonomous system (AS) is used in the derivation, and these differ
between EBGP peers.

Note that the route target mode (import, export, or both) is automatically adjusted
depending on configuration. For example, if an “import” target exists and you add
an “export” target for the same value, the mode is automatically changed to “both”.
Similarly, an entry can be deleted by mode. For example, if an entry has mode of “both”
and you delete the “import” target of the same value, the entry is not deleted, instead
its mode is changed to “export”. An attempt to delete an entry that does not exist
(value or mode) produces an error message and no action is taken. For example, if
you attempt to delete a route target using “both”, but the configured entry was only
configured as “import” an error message appears, and no action is taken.

Example
The following example configures for instance "my_evpn" route target both mode:
# configure bgp evpn instance my_evpn route-target both

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature,see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp evpn instance vxlan

configure bgp evpn instance evpn_instance_name vxlan vni [vni_value |
none]

Description
Adds or deletes a virtual extensible local area network (VXLAN) virtual network identifier
(VNI) to an EVPN instance.

Syntax Description
bgp BGP capability.
evpn EVPN protocol.
instance Specifies configuring an EVPN instance

260 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

evpn_instance_name Specifies name of the EVPN instance.

vxlan Specifies termination.
vni Specifies adding a VXLAN VNI to an EVPN instance.
vni_name Specifies the VNI (range = 1–16,777,215).
none Removes existing VNI setting for this EVPN instance.

Default
N/A.

Example
The following example adds the VXLAN VNI "12345" to an EVPN instance named
"my_evpn":
# configure bgp evpn instance my_evpn vxlan vni 12345

The following example removes the existing VXLAN VNI associated with the EVPN
instance named "my_evpn":
# configure bgp evpn instance my_evpn vxlan vni none

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature,see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp evpn l3vni

configure bgp evpn l3vni [vni_value | none] vr vr_name

Description
Configures a Layer 3 virtual network identifier (VNI) and binds it to a VPN virtual router
interface (VRF).

Syntax Description
bgp Specifies changing the BGP configuration.
evpn Specifies changing the EVPN configuration.

Switch Engine™ Command Reference Guide for version 32.7.1 261

Default Commands

l3vni Specifies changing the integrated routing and bridging IP

VRF VNI configuration.
vni_value Sets the VNI to a value between 1 and 16,777,215.
none Removes an existing VNI setting for this EVPN L3VNI.
vr Specifies binding the VNI to a VRF.
vr_name Sets the VRF name.

Default
N/A.

Example
The following example binds VNI 100 to VRF "vrf1":
# configure bgp evpn l3vni 100 vr vrf1

History
This command was first available in ExtremeXOS 30.6.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp export shutdown-priority

configure bgp export route_type {{address-family} address_family}
shutdown-priority number

Description
Configures the shutdown priority for IGP export.

Syntax Description
route_type Specifies the BGP export route type.
address-family Specifies an IPv4 or IPv6 unicast or multicast address
family.
number Specifies the shutdown priority. The range is 0 - 65,535.

262 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
The default value is 2048.

If no address family is specified, IPv4 unicast is the default.

Note
You must specify an IPv6 address family for an IPv6 peer, because an IPv6
peer does not support the default IPv4 unicast address family. Similarly, if you
specify an IPv4 peer and an address family in the command, an IPv4 address
family must be specified.

Usage Guidelines
To export IPv6 protocols to BGP, you must specify an IPv6 address family.

Note
This command is not currently supported, and is not recommended for use.

Higher priority values lower the chance of an IGP export to be automatically disabled in
case BGP or the system goes to a low memory condition.

Note
For this command to execute, the specified protocol must support the
specified address family. For example, the command fails if you specify OSPF
and the IPv6 unicast address family. You can specify blackhole, direct, static,
and IS-IS routes with IPv4 or IPv6 address families.

Example
The following command configures the shutdown priority of BGP exported OSPF
routes to 1000:

configure bgp export ospf shutdown-priority 1000

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 263

configure bgp import-policy Commands

configure bgp import-policy

configure bgp import-policy [policy-name | none]

Description
Configures the import policy for BGP.

Syntax Description
policy-name Specifies the policy.
none Specifies no policy.

Default
N/A.

Usage Guidelines
Use the none keyword to remove a BGP import policy.

An import policy is used to modify route attributes while adding BGP routes to the IP
route table.

Example
The following command configures a policy imprt_plcy for BGP:

configure bgp import-policy imprt_plcy

The following command unconfigures the import policy for BGP:

configure bgp import-policy none

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

264 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure bgp local-preference

configure bgp local-preference

configure bgp local-preference number

Description
Changes the default local preference attribute.

Syntax Description
number Specifies a value used to advertise this router’s degree of
preference to other routers within the AS. Range is 0 to
2147483647.

Default
100.

Usage Guidelines
BGP must be disabled before the local preference attribute can be changed.

BGP selects routes based on the following precedence (from highest to lowest):
• higher weight
• higher local preference
• shortest length (shortest AS path)
• lowest origin code
• lowest MED
• route from external peer
• lowest cost to Next Hop
• lowest routerID

Local preference is used to determine a preferred exit point from an AS. Local
preferences are exchanged throughout the AS. A change in the local-preference can
result in a change in routing and forwarding of traffic leaving the AS.

Example
The following command changes the default local preference attribute to 500:

configure bgp local-preference 500

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Switch Engine™ Command Reference Guide for version 32.7.1 265

Platform Availability Commands

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp maximum-as-path-length

configure bgp maximum-as-path-length [max-as-path | none]

Description
This command adds support for filtering BGP updates based on a specified maximum
autonomous system path (AS-path) length. This support is on a per BGP instance basis
(not per neighbor).

Syntax Description
maximum-as-path- Specifies setting the AS path length.
length
max-as-path Value specifying the AS path length.
Range is 1 to 1,500.
none Specifies no maximum AS path length.

Default
N/A

Usage Guidelines
It can be desirable to protect the router against BGP updates with excessively long
AS-paths to ensure memory is not exhausted. Any BGP updates that exceed this user-
defined limit are dropped. This setting does not affect existing routes.

Example
The following example sets the AS-path to 500.
configure bgp maximum-as-path-length 500

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

266 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure bgp maximum-paths

configure bgp maximum-paths

configure bgp maximum-paths max-paths

Description
Enables or disables the BGP ECMP (Equal Cost Multi Paths) feature and specifies the
maximum number of paths supported on the current VR.

Syntax Description
max-paths Specifies the maximum number of paths. The range is 1 to
64. The value 1 disables BGP ECMP. A value greater than 1
enables BGP ECMP and specifies the maximum number of
paths.

Default
One. BGP ECMP is disabled.

Usage Guidelines
This command triggers the BGP decision process, causing BGP to re-install the entire
BGP routing table into the IP forwarding table. This activity requires a significant
amount of switch processor resources, so we recommend that you enable or disable
the BGP ECMP feature before enabling the BGP protocol globally on a VR. To ensure
that BGP ECMP routes are programmed in the hardware, enter the enable iproute
sharing command.

Note
BGP must be disabled before you can change the configuration with this
command.

Example
The following command enables BGP ECMP and sets the maximum number of paths
to 4 (the maximum number of possible paths is 64):

configure bgp maximum-paths 4

History
This command was first available in ExtremeXOS 12.1.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade

Switch Engine™ Command Reference Guide for version 32.7.1 267

configure bgp med Commands

your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp med

configure bgp med [none | bgp_med]

Description
Configures the metric to be included in the Multi-Exit-Discriminator (MED) path
attribute.The MED path attribute is included in route updates sent to external peers
if a value is configured.

Syntax Description
none Specifies not to use a multi-exist-discriminator number.
bgp_med Specifies a multi-exit-discriminator number. The range is
0-2147483647.

Default
N/A.

Usage Guidelines
BGP selects routes based on the following precedence (from highest to lowest):
• higher weight
• higher local preference
• shortest length (shortest AS path)
• lowest origin code
• lowest MED
• route from external peer
• lowest cost to Next Hop
• lowest routerID

Note
BGP must be disabled before you can change the configuration with this
command.

Example
The following command configures the metric to be included in the MED path
attribute:

configure bgp med 3

268 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp neighbor allowas-in

configure bgp neighbor [all | remoteaddr] {address-family [ipv4-unicast
| ipv4-multicast |ipv6-unicast | ipv6-multicast |vpnv4]} allowas-in
{max-as-occurrence as-count}

Description
Configures EBGP to receive and accept a looped EBGP route from the specified
neighbor, provided the number of occurrences of local AS number in AS-Path is less
than or equal to the value of as-count.

Syntax Description
all Specifies that the configuration applies to all neighbors
in the specified address family. If no address family
is specified or if an IPv4 address is specified, the
configuration applies to all IPv4 neighbors. If an IPv6
address family is specified, the configuration applies to all
IPv6 neighbors.
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor. The
switch uses the IP address format to determine if the
address is an IPv4 or IPv6 address.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.

Switch Engine™ Command Reference Guide for version 32.7.1 269

Default Commands

vpnv4 Specifies the VPNv4 address family for Layer 3 VPN

support. This address family is applicable for PE to PE BGP
neighbor sessions only. This keyword may prompt warning
or error messages if executed for a regular BGP neighbor
session or for a PE to CE neighbor session.
as-count The maximum number of occurrences of local AS
number in the received route AS-Path. If the number of
occurrences of local AS number in AS-Path is more than
as-count, the route is not accepted. The valid range is from
1-16.

Default
This feature is disabled by default.

If no as-count is specified, the as-count defaults to 3.

If no address family is specified and an IPv4 address is detected, IPv4 unicast is the
default address family.

Usage Guidelines
In a hub and spoke configuration, it becomes necessary to accept an inbound EBGP
route even though the route's AS-Path contains the receiver's own AS-number. In such
network topologies, this feature can be enabled.

Note
A looped AS path is always allowed for IBGP, irrespective of the BGP
configuration.

All EBGP routes with looped AS-Path are silently discarded by default.

This command applies to the current VR or VRF context.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
For an IPv6 peer, an IPv6 address family must be specified, because an IPv6
peer does not support IPv4 address families. If no address family is specified
for an IPv6 peer, the default, the IPv4 unicast address family, applies and the
command fails. Similarly an IPv4 peer only supports IPv4 address families and
the command fails if an IPv6 address family is specified.

To configure this feature on Layer 3 VPNs, you must configure this feature in the
context of the MPLS-enabled VR; this feature is not supported for BGP neighbors on
the CE (VRF) side of the PE router.

270 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example enables BGP to accept looped BGP routes that contains a
maximum of 6 occurrences of receiver's AS-number in AS-Path attribute:

configure bgp neighbor 192.162.17.54 allowas-in max-as-occurrence 6

History
This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp neighbor alternate-local-as

configure bgp neighbor [all | remoteaddr] alternate-local-as asNumber

Description
Allows the local router to accept peering sessions intended for the specified alternate
local autonomous system (AS).

Syntax Description
bgp Specifies BGP.
neighbor Specifies BGP neighbor.
all Selects configuring all BGP neighbors.
remoteaddr Selects configuring the specified BGP neighbor (IP
address).
alternate-local-as Allow alternate local AS number for peering with this
neighbor
asNumber AS number (0–4,294,967,295).

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 271

Usage Guidelines Commands

Usage Guidelines
This command provides configuration flexibility, particularly when peering with third-
party devices that may use a different AS number than the ExtremeXOS device uses for
auto-peering.

Example
The following example configures the BPG neighbor at 192.168.99.1 to use an alternate
local AS "50":
# configure bgp neighbor 192.168.99.1 alternate-local-as 50

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp neighbor bfd

configure bgp {neighbor [all | remoteaddr ]} {bfd [on | off]}

Description
Enables or disables Bidirectional Forwarding Detection (BFD) protection of BGP
peering sessions.

Syntax Description
all Specifies that the configuration applies to all neighbors
in the specified address family. If no address family
is specified or if an IPv4 address is specified, the
configuration applies to all IPv4 neighbors. If an IPv6
address family is specified, the configuration applies to all
IPv6 neighbors.
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor. The
switch uses the IP address format to determine if the
address is an IPv4 or IPv6 address.
bfd on | off Configures BFD detection for the specified neighbor(s).

Default
BFD is disabled on neighbor by default.

272 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
You must disable a neighbor before configuring BFD.

Example
The following example enables BFD on neighbor 192.168.24.2:
# disable bgp neighbor 192.168.24.2
# configure bgp neighbor 192.168.24.2 bfd on
# enable bgp neighbor 192.168.24.2

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure bgp neighbor connect-retry

configure bgp neighbor [all | remoteaddr] connect-retry seconds

Description
Configures the BGP neighbor retry timer.

Syntax Description
all Specifies that the configuration applies to all neighbors
in the specified address family. If no address family
is specified or if an IPv4 address is specified, the
configuration applies to all IPv4 neighbors. If an IPv6
address family is specified, the configuration applies to all
IPv6 neighbors.
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor. The
switch uses the IP address format to determine if the
address is an IPv4 or IPv6 address.
connect-retry Specifies to configure the time interval between attempts
to establish a TCP connection to a configured peer.
seconds Specifies the retry time in seconds. Default is 30 seconds.

Default
Thirty (30) seconds when newly configured in ExtremeXOS 31.6 or later.

Switch Engine™ Command Reference Guide for version 32.7.1 273

Usage Guidelines Commands

Usage Guidelines
Five specific values are supported: 10, 30, 60, 90, and 120 seconds.

Enter show bgp neighbor detail to display the current value of this command.

The neighbor retry timer was not configurable prior to ExtremeXOS 31.6 and was fixed
at 120 seconds.

Example
The following command configures the BGP neighbor retry timer to 120 seconds:
configure bgp neighbor 192.168.1.22 connect-retry 120

History
This command was first available in ExtremeXOS 31.6.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp neighbor dampening

configure bgp neighbor [all | remoteaddr] {address-family [ipv4-
unicast | ipv4-multicast |ipv6-unicast | ipv6-multicast |
vpnv4]} dampening {{half-life half-life-minutes {reuse-limit reuse-
limit-number suppress-limit suppress-limit-number max-suppress max-
suppress-minutes} | policy-filter [policy-name | none]}

Description
Configures the route flap dampening feature for a BGP neighbor.

Syntax Description
all Specifies that the configuration applies to all neighbors
in the specified address family. If no address family
is specified or if an IPv4 address is specified, the
configuration applies to all IPv4 neighbors. If an IPv6
address family is specified, the configuration applies to all
IPv6 neighbors.
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor. The
switch uses the IP address format to determine if the
address is an IPv4 or IPv6 address.
ipv4-unicast Specifies the IPv4 unicast address family.

274 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

ipv4-multicast Specifies an IPv4 multicast address family.

ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support. This address family is applicable for PE to PE BGP
neighbor sessions only. Using this keyword may prompt
warning or error messages if executed for a regular BGP
neighbor session, or for a PE to CE neighbor session.
half-life Specifies the dampening half life. Range is 1 to 45 minutes.
reuse-limit Specifies the reuse limit. Range is 1 to 20000.
suppress-limit Specifies the suppress limit. Range is 1 to 20000.
max-suppress Specifies the maximum hold down time. Range is 1 to 255
minutes.
policy-filter Specifies a policy.
none Removes the configured policy.

Default
This feature is disabled by default.

If no address family is specified and an IPv4 address is detected, IPv4 unicast is the
default address family.

Usage Guidelines
This command applies to the current VR or VRF context.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
For an IPv6 peer, an IPv6 address family must be specified, because an IPv6
peer does not support IPv4 address families. If no address family is specified
for an IPv6 peer, the default, the IPv4 unicast address family, applies and the
command fails. Similarly an IPv4 peer only supports IPv4 address families and
the command fails if an IPv6 address family is specified.

The half life is the period of time, in minutes, during which the accumulated penalty of
a route is reduced by half. The range is 1 to 45 minutes, and the default is 15 minutes.

The reuse limit is the penalty value below which a route is used again. The range is
1-20,000, and the default is 750.

The suppress limit is the penalty value above which a route is suppressed. The range is
1-20,000, and the default is 2,000.

Switch Engine™ Command Reference Guide for version 32.7.1 275

Example Commands

The maximum hold down time is the maximum time a route can be suppressed,
no matter how unstable it has been, as long as it no longer flaps. The range is 1-255
minutes, and the default is 4 * the half life.

If you change dampening parameters when routes are in suppressed or history state,
the new dampening parameters apply only to routes in the active state. Routes in the
suppressed or history state continue to use the old dampening parameters until they
become active, at which time they use the updated dampening parameters.

Instead of explicitly configuring the dampening parameters using the command line,
you can associate a policy using the policy-filter option. Multiple sets of parameters can
be supplied using a policy.

Use the following command to disable route flap dampening for BGP neighbors:
configure bgp neighbor [remoteaddr | all] {address-family [ipv4-unicast
| ipv4-multicast | ipv6-unicast | ipv6-multicast | vpnv4]} no-dampening

To configure this feature on Layer 3 VPNs, you must configure this feature in the
context of the MPLS-enabled VR; this feature is not supported for BGP neighbors on
the CE (VRF) side of the PE router.

Example
The following command configures route flap dampening to the BGP neighbor at
192.168.1.22 to the default values:
configure bgp neighbor 192.168.1.22 dampening

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp neighbor description

configure bgp neighbor [all | remoteaddr] description {description}

276 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures a description for a BGP neighbor.

Syntax Description
all Specifies all IPv4 and IPv6 neighbors.
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor.
description Specifies a string used to describe the neighbor.

Default
The description is a NULL string by default.

Usage Guidelines
Use this command to attach a description to a BGP neighbor. This description is
displayed in the output of the show bgp neighbor command when you specify the
detail option, or when you specify a particular neighbor. Enclose the string in double
quotes if there are any blank spaces in the string. The maximum length of the string is
56 characters.

If you do not specify the description parameter, the description is reset to the default.

This command applies to the current VR or VRF context.

Example
The following command configures the description for the BGP neighbor 192.168.1.22 to
Toledo_5:

configure bgp neighbor 192.168.1.22 description Toledo_5

History
This command was first available in ExtremeXOS 11.0.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 277

configure bgp neighbor dont-allowas-in Commands

configure bgp neighbor dont-allowas-in

configure bgp neighbor [all | remoteaddr] {address-family [ipv4-
unicast | ipv4-multicast |ipv6-unicast | ipv6-multicast |vpnv4]}
dont-allowas-in

Description
Disables EBGP from receiving and accepting a looped EBGP route from the specified
neighbor, provided the number of occurrences of local AS number in AS-Path is less
than or equal to the value of as-count.

Syntax Description
all Specifies that the configuration change applies to all
neighbors in the specified address family. If no address
family is specified or if an IPv4 address is specified, the
configuration change applies to all IPv4 neighbors. If an
IPv6 address family is specified, the configuration change
applies to all IPv6 neighbors.
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor. The
switch uses the IP address format to determine if the
address is an IPv4 or IPv6 address.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.

Default
This feature is disabled by default.

If no as-count is specified, the as-count defaults to 3.

If no address family is specified and an IPv4 address is detected, IPv4 unicast is the
default address family.

278 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
In a hub and spoke configuration, it becomes necessary to accept an inbound EBGP
route even though the route's AS-Path contains the receiver's own AS-number. In such
network topologies, this feature can be enabled.

Note
A looped AS path is always allowed for IBGP, irrespective of the BGP
configuration.

All EBGP routes with looped AS-Path are silently discarded by default.

This command applies to the current VR or VRF context.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
For an IPv6 peer, an IPv6 address family must be specified, because an IPv6
peer does not support IPv4 address families. If no address family is specified
for an IPv6 peer, the default, the IPv4 unicast address family, applies and the
command fails. Similarly an IPv4 peer only supports IPv4 address families and
the command fails if an IPv6 address family is specified.

To configure this feature on Layer 3 VPNs, you must configure this feature in the
context of the MPLS-enabled VR; this feature is not supported for BGP neighbors on
the CE (VRF) side of the PE router.

History
This command was first available in ExtremeXOS 12.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp neighbor maximum-prefix

configure bgp neighbor [remoteaddr | all] {address-family [ipv4-unicast
| ipv4-multicast | ipv6-unicast | ipv6-multicast | vpnv4]} maximum-
prefix number {{threshold percent} {teardown {holddown-interval
seconds}} {send-traps}

Switch Engine™ Command Reference Guide for version 32.7.1 279

Description Commands

Description
Configures the maximum number of IP prefixes accepted from a BGP neighbor.

Syntax Description
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor. The switch
uses the IP address format to determine if the address is an IPv4
or IPv6 address.
all Specifies that the configuration applies to all neighbors in the
specified address family. If no address family is specified or if
an IPv4 address is specified, the configuration applies to all IPv4
neighbors. If an IPv6 address family is specified, the configuration
applies to all IPv6 neighbors.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN support. This
address family is applicable for PE to PE BGP neighbor sessions
only. This keyword may prompt warning or error messages if
executed for a regular BGP neighbor session, or for a PE to CE
neighbor session.
number Specifies the maximum number of prefixes that can be accepted.
The range is 0 to 4294967294. A value of 0 disables prefix limit
feature.
percent Specifies the percentage of the maximum prefix (threshold) at
which a warning message is printed in the log (and console),
and/or a trap is sent to the SNMP (Simple Network Management
Protocol) manager.
teardown Specifies that the peer session is torn down when the maximum
is exceeded.
seconds Specifies the length of time before the session is re-established, if
the session is torn down due to maximum prefix exceeded. If the
hold-down interval is zero or not specified, it is kept down until
the peer is enabled. The range is 30 to 86400 seconds.
send-traps Specifies sending “number of prefix reached threshold” and
“number of prefix exceed the max-prefix limit” SNMP traps.

Default
This feature is disabled by default.

The default threshold is 75%.

By default, teardown is not specified.

By default, send-traps is not specified.

280 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This command applies to the current VR or VRF context.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
For an IPv6 peer, an IPv6 address family must be specified, because an IPv6
peer does not support IPv4 address families. If no address family is specified
for an IPv6 peer, the default, the IPv4 unicast address family, applies and the
command fails. Similarly an IPv4 peer only supports IPv4 address families and
the command fails if an IPv6 address family is specified.

Configure the peer group before configuring the neighbors. To configure the peer
group, use the following command:
configure bgp peer-group peer-group-name {address-family [ipv4-unicast |
ipv4-multicast | ipv6-unicast | ipv6-multicast | vpnv4]} maximum-prefix
number {{threshold percent} {teardown {holddown-interval seconds}}
{send-traps}

To configure this feature on Layer 3 VPNs, you must configure this feature in the
context of the MPLS-enabled VR; this feature is not supported for BGP neighbors on
the CE (VRF) side of the PE router.

Example
The following command configures the maximum number of IP prefixes accepted
from all neighbors to 5000, sets the threshold for warning messages to 60%, and
specifies SNMP traps:

configure bgp neighbor all maximum-prefix 5000 threshold 60 send-traps

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 281

configure bgp neighbor next-hop-self Commands

configure bgp neighbor next-hop-self

configure bgp neighbor [remoteaddr | all] {address-family [ipv4-unicast
| ipv4-multicast |ipv6-unicast | ipv6-multicast |vpnv4]} [next-hop-
self | no-next-hop-self]

Description
Configures the next hop address used in the outgoing updates to be the address of the
BGP connection originating the update.

Syntax Description
remoteaddr Specifies an IP address.
all Specifies all neighbors.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support. This address family is applicable for PE to PE BGP
neighbor sessions only. This keyword may prompt warning
or error messages if executed for a regular BGP neighbor
session, or for a PE to CE neighbor session.
next-hop-self Specifies that the next hop address used in the updates be
the address of the BGP connection originating it.
no-next-hop-self Specifies that the next hop address used in the updates
not be the address of the BGP connection originating it
(lets BGP decide what would be the next hop).

Default
If no address family is specified, IPv4 unicast is the default.

Usage Guidelines
This command applies to the current VR or VRF context. These settings apply to the
peer group and all neighbors of the peer group.

Note
The BGP neighbor must be disabled before you can change the configuration
with this command.

282 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
For an IPv6 peer, an IPv6 address family must be specified, because an IPv6
peer does not support IPv4 address families. If no address family is specified
for an IPv6 peer, the default, the IPv4 unicast address family, applies and the
command fails. Similarly an IPv4 peer only supports IPv4 address families and
the command fails if an IPv6 address family is specified.

To configure this feature on Layer 3 VPNs, you must configure this feature in the
context of the MPLS-enabled VR; this feature is not supported for BGP neighbors on
the CE (VRF) side of the PE router.

Example
The following command configures the next hop address used in the updates to be the
address of the BGP connection originating it:

configure bgp neighbor 172.16.5.25 next-hop-self

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp neighbor no-dampening

configure bgp neighbor [remoteaddr | all] {address-family [ipv4-unicast
| ipv4-multicast | ipv6-unicast | ipv6-multicast | vpnv4]} no-
dampening

Description
Configures no route flap dampening over BGP peer sessions (disables route flap
dampening).

Switch Engine™ Command Reference Guide for version 32.7.1 283

Syntax Description Commands

Syntax Description
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor. The
switch uses the IP address format to determine if the
address is an IPv4 or IPv6 address.
all Specifies that the configuration applies to all neighbors
in the specified address family. If no address family
is specified or if an IPv4 address is specified, the
configuration applies to all IPv4 neighbors. If an IPv6
address family is specified, the configuration applies to all
IPv6 neighbors.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.

Default
This feature is disabled by default.

If no address family is specified and an IPv4 address is detected, IPv4 unicast is the
default address family.

Usage Guidelines
If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
For an IPv6 peer, an IPv6 address family must be specified, because an IPv6
peer does not support IPv4 address families. If no address family is specified
for an IPv6 peer, the default, the IPv4 unicast address family, applies and the
command fails. Similarly an IPv4 peer only supports IPv4 address families and
the command fails if an IPv6 address family is specified.

Use the following command to enable route flap dampening for BGP neighbors:
configure bgp neighbor [all | remoteaddr] {address-family [ipv4-unicast
| ipv4-multicast | ipv6-unicast | ipv6-multicast | vpnv4]} dampening
{{half-life half-life-minutes {reuse-limit reuse-limit-number suppress-
limit suppress-limit-number max-suppress max-suppress-minutes} | policy-
filter [policy-name | none]}

To configure this feature on Layer 3 VPNs, you must configure this feature in the
context of the MPLS-enabled VR; this feature is not supported for BGP neighbors on
the CE (VRF) side of the PE router.

284 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command disables route flap dampening to the BGP neighbor at
192.168.1.22:

configure bgp neighbor 192.168.1.22 no-dampening

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp neighbor password

configure bgp neighbor [all | remoteaddr] password [none | {encrypted}
tcpPassword]

Description
Configures an RSA Data Security, Inc. MD5 (Message-Digest algorithm 5) Message-
Digest Algorithm secret password for a neighbor.

Syntax Description
all Specifies all IPv4 and IPv6 neighbors.
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor.
none Specifies not to use a password
encrypted Specifies an encrypted string; do not use.
tcpPassword Specifies a password string.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 285

Usage Guidelines Commands

Usage Guidelines
This command applies to the current VR or VRF context.

You must disable the BGP neighbor before changing the password.

When a password is configured, TCP RSA Data Security, Inc. MD5 Message-Digest
Algorithm authentication is enabled on the TCP connection that is established with
the neighbor.

Changes made to the parameters of a peer group are applied to all neighbors in the
peer group.

To change any one of the following parameters you must disable and re-enable the
peer session:
• timer
• source-interface
• soft-in-reset
• password

Changing a route reflector client automatically disables and enables the peer session.

The encrypted option is used by the switch when generating a configuration file, and
when parsing a switch-generated configuration file. Do not select the encrypted option
in the CLI.

Example
The following command configures the password for a neighbor as Extreme:

configure bgp neighbor 192.168.1.5 password extreme

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

286 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure bgp neighbor peer-group

configure bgp neighbor peer-group

configure bgp neighbor [all | remoteaddr] peer-group [peer-group-name |
none] {acquire-all}

Description
Configures an existing neighbor as the member of a peer group.

Syntax Description
all Specifies all neighbors.
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor.
peer-group-name Specifies a peer group name.
none Removes the neighbor from the peer group.
acquire-all Specifies that all parameters should be inherited by the
neighbor from the peer group.

Default
By default, remote AS (if configured for the peer group), source-interface, outbound
route policy, send-community and next-hop-self settings are inherited.

Usage Guidelines
This command applies to the current VR or VRF context.

If acquire-all is not specified, only the default parameters are inherited by the neighbor.

When you remove a neighbor from a peer group, it retains the parameter settings
of the group. The parameter values are not reset to those the neighbor had before it
inherited the peer group values.

To create a new neighbor and add it to a BGP peer group, use the following command:
create bgp neighbor remoteaddr peer-group peer-group-name {multi-hop}

The new neighbor is created as part of the peer group and inherits all of the existing
parameters of the peer group. The peer group must have a remote AS configured.

If you are adding an IPv4 peer to a peer group and no IPv4 address family capabilities
are assigned to the specified peer group, the IPv4 unicast and multicast address
families are automatically enabled for that peer group. If you adding an IPv6 peer to

Switch Engine™ Command Reference Guide for version 32.7.1 287

Example Commands

a peer group and no IPv6 address family capabilities are assigned to the peer group,
you must explicitly enable the IPv6 address family capabilities you want to support.

Note
If the peer group or any member of the peer group has been configured with
an IPv4 or IPv6 address family, the peer group only accepts peers that are
configured to use that family. For example, if a peer group is configured for the
IPv4 unicast address family, the switch will not allow you to add an IPv6 peer.
LIkewise, an IPv6 peer group cannot accept an IPv4 peer.

Example
The following command configures an existing neighbor as the member of the peer
group outer:
configure bgp neighbor 192.1.1.22 peer-group outer

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp neighbor route-policy

configure bgp neighbor [remoteaddr | all] {address-family [ipv4-unicast
| ipv4-multicast |ipv6-unicast | ipv6-multicast |vpnv4]} route-policy
[in | out] [none | policy]

Description
Configures a route map filter for a neighbor.

288 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor. The
switch uses the IP address format to determine if the
address is an IPv4 or IPv6 address.
all Specifies that the configuration applies to all neighbors
in the specified address family. If no address family
is specified or if an IPv4 address is specified, the
configuration applies to all IPv4 neighbors. If an IPv6
address family is specified, the configuration applies to all
IPv6 neighbors.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support. This address family is applicable for PE to PE BGP
neighbor sessions only. This keyword may prompt warning
or error messages if executed for a regular BGP neighbor
session, or for a PE to CE neighbor session.
in Specifies to install the filter on the input side.
out Specifies to install the filter on the output side.
none Specifies to remove the filter.
policy Specifies a policy.

Default
If no address family is specified and an IPv4 address is detected, IPv4 unicast is the
default address family.

Usage Guidelines
This command applies to the current VR or VRF context.

The policy can be installed on the input or output side of the router. The policy is used
to modify or filter the NLRI information and the path attributes associated with it when
exchanging updates with the neighbor.

Note
A policy file applied to BGP neighbors cannot have NLRI for both IPv4 and IPv6
address families defined in the same policy file.

Switch Engine™ Command Reference Guide for version 32.7.1 289

Example Commands

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
For an IPv6 peer, an IPv6 address family must be specified, because an IPv6
peer does not support IPv4 address families. If no address family is specified
for an IPv6 peer, the default, the IPv4 unicast address family, applies and the
command fails. Similarly an IPv4 peer only supports IPv4 address families and
the command fails if an IPv6 address family is specified.

To configure this feature on Layer 3 VPNs, you must configure this feature in the
context of the MPLS-enabled VR; this feature is not supported for BGP neighbors on
the CE (VRF) side of the PE router.

Example
The following command configures the route-policy filter for a neighbor based on the
policy nosales:

configure bgp neighbor 192.168.1.22 route-policy in nosales

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp neighbor route-reflector-client

configure bgp neighbor [remoteaddr | all] [route-reflector-client | no-
route-reflector-client]

Description
Configures a BGP neighbor to be a route reflector client.

290 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor.
all Specifies all IPv4 and IPv6 neighbors.
route-reflector- Specifies for the BGP neighbor to be a route reflector
client client.
no-route-reflector- Specifies for the BGP neighbor not to be a route reflector
client client.

Default
N/A.

Usage Guidelines
Another way to overcome the difficulties of creating a fully-meshed AS is to use route
reflectors. Route reflectors allow a single router to serve as a central routing point for
the AS or sub-AS.

Use this command to implicitly define the router to be a route reflector. The neighbor
must be in the same AS as the router.

This command applies to the current VR or VRF context.

When changing the route reflector status of a peer, the peer is automatically disabled
and re-enabled and a warning message appears on the console and in the log.

A cluster is formed by the route reflector and its client routers. Peer routers that are not
part of the cluster must be fully meshed according to the rules of BGP.

Example
The following command configures a BGP neighbor to be a route reflector client:

configure bgp neighbor 192.168.1.5 route-reflector-client

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade

Switch Engine™ Command Reference Guide for version 32.7.1 291

configure bgp neighbor send-community Commands

your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp neighbor send-community

configure bgp neighbor [remoteaddr | all] {address-family [ipv4-unicast
| ipv4-multicast |ipv6-unicast | ipv6-multicast |vpnv4]} [send-
community | dont-send-community] {both | extended | standard}

Description
Configures whether the community path attribute associated with a BGP NLRI should
be included in the route updates sent to the BGP neighbor.

Syntax Description
remoteaddr Specifies an IP address of a BGP neighbor.
all Specifies all neighbors.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support. This address family is applicable for PE to PE BGP
neighbor sessions only. This keyword may prompt warning
or error messages if executed for a regular BGP neighbor
session, or for a PE to CE neighbor session.
send-community Specifies to include the community path attribute.
dont-send-community Specifies not to include the community path attribute.
both Send both standard and extended community attributes
to this BGP neighbor, or neighbors in peer group
extended Send only extended communities to this BGP neighbor or
neighbors in peer group
standard Send only standard communities to this BGP neighbor or
neighbors in peer group

Default
If no address family is specified, IPv4 unicast is the default. If no optional keyword (both,
standard or extended) is specified, standard is assumed.

292 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
A BGP community is a group of BGP destinations that require common handling.
ExtremeXOS supports the following well-known BGP community attributes:
• no-export
• no-advertise
• no-export-subconfed

The command is additive; that is, if the command is executed twice with the standard
or extended option, both the extended and standard communities are sent to the BGP
neighbor.

This command applies to the current VR or VRF context.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
For an IPv6 peer, an IPv6 address family must be specified, because an IPv6
peer does not support IPv4 address families. If no address family is specified
for an IPv6 peer, the default, the IPv4 unicast address family, applies and the
command fails. Similarly an IPv4 peer only supports IPv4 address families and
the command fails if an IPv6 address family is specified.

To configure this feature on Layer 3 VPNs, you must configure this feature in the
context of the MPLS-enabled VR; this feature is not supported for BGP neighbors on
the CE (VRF) side of the PE router.

Example
The following command includes the community path attribute associated with a BGP
NLRI in the route updates sent to all BGP neighbors:

configure bgp neighbor all send-community

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Options to control the advertisement of extended community attributes were added in

ExtremeXOS12.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Switch Engine™ Command Reference Guide for version 32.7.1 293

Platform Availability Commands

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp neighbor shutdown-priority

configure bgp neighbor [all | remoteaddr] shutdown-priority number

Description
Configures the shutdown priority for a BGP neighbor.

Syntax Description
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor.
all Specifies all IPv4 and IPv6 neighbors.
number Specifies the shutdown priority. The range is 0 - 65,535.

Default
The default value is 1024.

Usage Guidelines
Note
This command is not currently supported, and is not recommended for use.

Higher priority values lower the chance of a BGP neighbor to be automatically disabled
in case BGP or the system goes to a low memory condition.

Example
The following command configures the shutdown priority of the BGP neighbor 10.0.20.1
to 500:

configure bgp neighbor 10.0.20.1 shutdown-priority 1000

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

294 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp neighbor soft-reset

configure bgp neighbor [remoteaddr | all] {address-family [ipv4-unicast
| ipv4-multicast |ipv6-unicast | ipv6-multicast |vpnv4 l2vpn-evpn]}
soft-reset {in | out}

Description
Applies the current input or output routing policy to the routing information already
exchanged with the neighbor.

Syntax Description
remoteaddr Specifies an IP address of a BGP neighbor.
all Specifies all neighbors.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support. This address family is applicable for PE to PE BGP
neighbor sessions only. This keyword may prompt warning
or error messages if executed for a regular BGP neighbor
session, or for a PE to CE neighbor session.
l2vpn-evpn Specifies the Layer 2 VPN-EVPN address family.
soft-reset Do a soft reconfiguration for the BGP neighbor.
in Specifies to apply the input routing policy.
out Specifies to apply the output routing policy.

Default
If no address family is specified, IPv4 unicast is the default.

Usage Guidelines
The input/output policy is determined by the route policy configured for the neighbor
on the input and/or output side of the router. This command does not affect the switch
configuration.

Switch Engine™ Command Reference Guide for version 32.7.1 295

Example Commands

If both the local BGP neighbor and the neighbor router support the route refresh
capability, a dynamic soft input reset can be performed. The configure bgp neighbor
soft-reset command triggers the generation of a Route-Refresh message to the
neighbor. As a response to the Route-Refresh message, the neighbor sends the entire
BGP routing table in updates and the switch applies the appropriate routing policy to
the updates.

This command applies to the current VR or VRF context.

If the route-refresh capability is not supported by the neighbor, the configure bgp
neighbor soft-reset command reprocesses the BGP route database using the policy
configured for that neighbor.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
For an IPv6 peer, an IPv6 address family must be specified, because an IPv6
peer does not support IPv4 address families. If no address family is specified
for an IPv6 peer, the default, the IPv4 unicast address family, applies and the
command fails. Similarly an IPv4 peer only supports IPv4 address families and
the command fails if an IPv6 address family is specified.

To configure this feature on Layer 3 VPNs, you must configure this feature in the
context of the MPLS-enabled VR; this feature is not supported for BGP neighbors on
the CE (VRF) side of the PE router.

Example
The following command applies the current input routing policy to the routing
information already exchanged with the neighbor:
# configure bgp neighbor 192.168.1.5 soft-reset in

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Support for Layer 2 VPN-EVPN was added in ExtremeXOS 30.5.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade

296 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure bgp neighbor source-interface

your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp neighbor source-interface

configure bgp neighbor [remoteaddr | all] source-interface [any |
ipaddress ipAddr]

Description
Changes the BGP source interface for TCP connections.

Syntax Description
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor.
all Specifies all IPv4 and IPv6 neighbors.
any Specifies any source interface.
ipAddr Specifies the IP address of a source interface.

Default
Any.

Usage Guidelines
The source interface IP address must be a valid IP address of any VLAN configured on
the switch.

This command applies to the current VR or VRF context.

Example
The following command changes the BGP source interface to 10.43.55.10:

configure bgp neighbor 192.168.1.5 source-interface ipaddress 10.43.55.10

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade

Switch Engine™ Command Reference Guide for version 32.7.1 297

configure bgp neighbor timer Commands

your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp neighbor timer

configure bgp neighbor [remoteaddr | all] timer keep-alive keepalive
hold-time holdtime

Description
Configures the BGP neighbor timers.

Syntax Description
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor.
all Specifies all IPv4 and IPv6 neighbors.
keepalive Specifies a BGP neighbor timer keepalive time in seconds.
The range is 0 to 21,845 seconds.
holdtime Specifies a BGP neighbor timer hold time in seconds. The
range is 0 and 3to65,535 seconds.

Default
The default keepalive setting is 60 seconds. The default hold time is 180 seconds.

Usage Guidelines
You must disable the BGP neighbor before changing the timer values.

This command applies to the current VR or VRF context.

Example
The following command configures the BGP neighbor timers:

configure bgp neighbor 192.168.1.5 timer keep-alive 120 hold-time 360

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

298 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp neighbor weight

configure bgp neighbor [remoteaddr | all] weight weight

Description
Assigns a locally-used weight to a neighbor connection for the route selection
algorithm.

Syntax Description
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor.
all Specifies all IPv4 and IPv6 neighbors.
weight Specifies a BGP neighbor weight.

Default
By default, the weight is 1.

Usage Guidelines
All routes learned from this peer are assigned the same weight. The route with the
highest weight is more preferable when multiple routes are available to the same
network. The range is 0 to 65,535.

BGP selects routes based on the following precedence (from highest to lowest):
• higher weight
• higher local preference
• shortest length (shortest AS path)
• lowest origin code
• lowest MED
• route from external peer
• lowest cost to Next Hop
• lowest routerID

This command applies to the current VR or VRF context.

Switch Engine™ Command Reference Guide for version 32.7.1 299

Example Commands

Example
The following command assigns a locally used weight of 10 to a neighbor connection:

configure bgp neighbor 192.168.1.5 weight 10

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp peer-group allowas-in

configure bgp peer-group peer-group-name {address-family [ipv4-unicast
| ipv4-multicast |ipv6-unicast | ipv6-multicast |vpnv4]} allowas-in
{max-as-occurrence as-count}

Description
Configures BGP to receive and accept a looped BGP route from the neighbors of the
specified peer group, provided the number of occurrences of local AS number in AS-
Path is less than or equal to that specified in as-count.

Syntax Description
peer-group-name Specifies a peer group.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.
as-count The maximum number of occurrences of local AS
number in the received route AS-Path. If the number of
occurrences of local AS number in AS-Path is more than
as-count, the route is not accepted. The valid range is from
1-16.

300 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
This feature is disabled by default.

If no as-count is specified, the as-count defaults to 3.

If no address family is specified, IPv4 unicast is the default.

Usage Guidelines
In a hub and spoke configuration, it becomes necessary to accept an inbound BGP
route even though the route's AS-Path contains the receiver's own AS-number. In such
network topologies, this feature can be enabled.

This feature can also be enabled for both IBGP and EBGP neighbors, wherever
necessary.

This command applies to the current VR or VRF context.

Note
BGP neighbors do not inherit the allowas-in configuration from their peer
group unless you explicitly specify the acquire-all option when adding a
neighbor to a peer-group.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
If the specified peer group contains IPv6 peers, it is an IPv6 peer group and you
must specify an IPv6 address-family. When the specified peer group is an IPv6
peer group, this command fails if no address family is specified or if an IPv4
address-family is specified. This command also fails if an IPv6 address family is
specified for an IPv4 peer-group.

To configure this feature on Layer 3 VPNs, you must configure this feature in the
context of the MPLS-enabled VR; this feature is not supported for BGP neighbors on
the CE (VRF) side of the PE router.

Example
The following example enables BGP to accept looped BGP routes that contains a
maximum of 8 occurrences of receiver's AS-number in AS-Path attribute:

configure bgp peer-group internal allowas-in max-as-occurrence 8

History
This command was first available in ExtremeXOS 12.1.

Switch Engine™ Command Reference Guide for version 32.7.1 301

Platform Availability Commands

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp peer-group connect-retry

configure bgp peer-group peer-group-name connect-retry seconds

Description
Configures the BGP retry timer of the specified peer group.

Syntax Description
peer-group-name Specifies a peer group.
connect-retry Specifies to configure the time interval between attempts
to establish a TCP connection to a configured peer.
seconds Specifies the retry time in seconds. Default is 30 seconds.

Default
This feature is disabled by default.

Usage Guidelines

Example
The following command configures the BGP peer group "internal" retry timer to 120
seconds:

configure bgp peer-group internal connect-retry 120

History
This command was first available in ExtremeXOS 31.6.

302 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp peer-group dampening

configure bgp peer-group peer-group-name {address-family [ipv4-
unicast | ipv4-multicast |ipv6-unicast | ipv6-multicast |vpnv4]}
dampening {{half-life half-life-minutes {reuse-limit reuse-limit-
number supress-limit suppress-limit-number max-suppress max-suppress-
minutes}} | policy-filter [policy-name | none]}

Description
Configures route flap dampening for a BGP peer group.

Syntax Description
peer-group-name Specifies a peer group.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.
half-life-minutes Specifies the dampening half life.
reuse-limit-number Specifies the reuse limit.
suppress-limit-number Specifies the suppress limit.
max-suppress-minutes Specifies the maximum hold down time.
policy-name Specifies a policy.
none Removes any policy association.

Default
This feature is disabled by default.

If no address family is specified, IPv4 unicast is the default.

Usage Guidelines
This command applies to the current VR or VRF context.

Switch Engine™ Command Reference Guide for version 32.7.1 303

Example Commands

The half life is the period of time, in minutes, during which the accumulated penalty of
a route is reduced by half. The range is 1 to 45 minutes, and the default is 15 minutes.

The reuse limit is the penalty value below which a route is used again. The range is
1-20,000, and the default is 750.

The suppress limit is the penalty value above which a route is suppressed. The range is
1-20,000, and the default is 2,000.

The maximum hold down time is the maximum time a route can be suppressed,
no matter how unstable it has been, as long as it no longer flaps. The range is 1-255
minutes, and the default is 4 * the half life.

If you change dampening parameters when routes are in suppressed or history state,
the new dampening parameters apply only to routes in the active state. Routes in the
suppressed or history state continue to use the old dampening parameters until they
become active, at which time they use the updated dampening parameters.

Instead of explicitly configuring the dampening parameters using the command line,
you can associate a policy using the policy-filter option. Multiple sets of parameters can
be supplied using a policy.

Use the following command to disable route flap dampening for a BGP peer-group:
configure bgp peer-group peer-group-name {address-family [ipv4-unicast |
ipv4-multicast | ipv6-unicast | ipv6-multicast | vpnv4]} no-dampening

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
If the specified peer group contains IPv6 peers, it is an IPv6 peer group and you
must specify an IPv6 address-family. When the specified peer group is an IPv6
peer group, this command fails if no address family is specified or if an IPv4
address-family is specified. This command also fails if an IPv6 address family is
specified for an IPv4 peer-group.

To configure this feature on Layer 3 VPNs, you must configure this feature in the
context of the MPLS-enabled VR; this feature is not supported for BGP neighbors on
the CE (VRF) side of the PE router.

Example
The following command configures route flap dampening for the BGP peer group
outer:

configure bgp peer-group outer dampening

304 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature,see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp peer-group dont-allowas-in

configure bgp peer-group peer-group-name {address-family [ipv4-unicast |
ipv4-multicast |ipv6-unicast | ipv6-multicast |vpnv4]} dont-allowas-
in

Description
Disables BGP from receiving and accepting a looped BGP route from the neighbors of
the specified peer group, provided the number of occurrences of local AS number in
AS-Path is less than or equal to that specified in as-count.

Syntax Description
peer-group-name Specifies a peer group.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.

Default
This feature is disabled by default.

If no as-count is specified, the as-count defaults to 3.

If no address family is specified, IPv4 unicast is the default.

Switch Engine™ Command Reference Guide for version 32.7.1 305

Usage Guidelines Commands

Usage Guidelines
This command applies to the current VR or VRF context.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
If the specified peer group contains IPv6 peers, it is an IPv6 peer group and you
must specify an IPv6 address-family. When the specified peer group is an IPv6
peer group, this command fails if no address family is specified or if an IPv4
address-family is specified. This command also fails if an IPv6 address family is
specified for an IPv4 peer-group.

To configure this feature on Layer 3 VPNs, you must configure this feature in the
context of the MPLS-enabled VR; this feature is not supported for BGP neighbors on
the CE (VRF) side of the PE router.

Note
BGP neighbors do not inherit the allowas-in configuration from their peer
group unless you explicitly specify the acquire-all option when adding a
neighbor to a peer-group.

History
This command was first available in ExtremeXOS 12.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp peer-group maximum-prefix

configure bgp peer-group peer-group-name {address-family [ipv4-unicast |
ipv4-multicast |ipv6-unicast | ipv6-multicast |vpnv4]} maximum-prefix
number {{threshold percent} {teardown {holddown-interval seconds}}
{send-traps}

306 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures the maximum number of IP prefixes accepted for all neighbors in the peer
group.

Syntax Description
name Specifies a peer group.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.
number Specifies the maximum number of prefixes that can be
accepted. The range is 0 to 4294967294. A value of 0
disables prefix limit feature.
percent Specifies the percentage of the maximum prefix
(threshold) at which a warning message is printed in the
log (and on the console). An SNMP trap can also be sent.
teardown Specifies that the peer session is torn down when the
maximum is exceeded.
seconds Specifies the length of time before the session is re-
established, if the session has been torn down due to
exceeding the max limit. If the hold down interval is 0 or
not specified, it is kept down until the peer is enabled. The
range is 30 to 86400 seconds.
send-traps Specifies sending “number of prefix reached threshold”
and “number of prefix exceed the max-prefix limit” SNMP
traps.

Default
This feature is disabled by default.

The default threshold is 75%.

By default, teardown is not specified.

By default, send-traps is not specified.

If no address family is specified, IPv4 unicast is the default.

Usage Guidelines
This command applies to the current VR or VRF context.

Switch Engine™ Command Reference Guide for version 32.7.1 307

Example Commands

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
If the specified peer group contains IPv6 peers, it is an IPv6 peer group and you
must specify an IPv6 address-family. When the specified peer group is an IPv6
peer group, this command fails if no address family is specified or if an IPv4
address-family is specified. This command also fails if an IPv6 address family is
specified for an IPv4 peer-group.

Configure the peer group before configuring the neighbors. To configure the
neighbors, use the following command:

configure bgp neighbor 192.168.1.1 maximum-prefix

After you enter this command, the switch automatically disables and enables all
neighbors in the peer group before the change takes effect.

To configure this feature on Layer 3 VPNs, you must configure this feature in the
context of the MPLS-enabled VR; this feature is not supported for BGP neighbors on
the CE (VRF) side of the PE router.

Example
The following command configures the maximum number of IP prefixes accepted
from the peer group outer to 5000, sets the threshold for warning messages to 60%,
and specifies SNMP traps:

configure bgp peer-group outer maximum-prefix 5000 threshold 60 send-traps

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

308 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure bgp peer-group next-hop-self

configure bgp peer-group next-hop-self

configure bgp peer-group peer-group-name {address-family [ipv4-unicast |
ipv4-multicast |ipv6-unicast | ipv6-multicast |vpnv4]} [next-hop-self
| no-next-hop-self]

Description
Configures the next hop address used in the updates to be the address of the BGP
connection originating the update.

Syntax Description
peer-group-name Specifies a peer group.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.
next-hop-self Specifies that the next hop address used in the updates be
the address of the BGP connection originating it.
no-next-hop-self Specifies that the next hop address used in the updates
not be the address of the BGP connection originating it
(Let the BGP protocol decide the next hop).

Default
If no address family is specified, IPv4 unicast is the default.

Usage Guidelines
This command applies to the current VR or VRF context.

These settings apply to the peer group and all neighbors of the peer group.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
If the specified peer group contains IPv6 peers, it is an IPv6 peer group and you
must specify an IPv6 address-family. When the specified peer group is an IPv6
peer group, this command fails if no address family is specified or if an IPv4
address-family is specified. This command also fails if an IPv6 address family is
specified for an IPv4 peer-group.

Switch Engine™ Command Reference Guide for version 32.7.1 309

Example Commands

To configure this feature on Layer 3 VPNs, you must configure this feature in the
context of the MPLS-enabled VR; this feature is not supported for BGP neighbors on
the CE (VRF) side of the PE router.

Example
The following command configures the next hop address used in the updates to be the
address of the BGP connection originating it:

configure bgp peer-group outer next-hop-self

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp peer-group no-dampening

configure bgp peer-group peer-group-name {address-family [ipv4-unicast |
ipv4-multicast |ipv6-unicast | ipv6-multicast |vpnv4]} no-dampening

Description
Configures no route flap dampening for a BGP peer group (disables route flap
dampening).

Syntax Description
peer-group-name Specifies a BGP peer group.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.

310 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
This feature is disabled by default.

If no address family is specified, IPv4 unicast is the default.

Usage Guidelines
If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
If the specified peer group contains IPv6 peers, it is an IPv6 peer group and you
must specify an IPv6 address-family. When the specified peer group is an IPv6
peer group, this command fails if no address family is specified or if an IPv4
address-family is specified. This command also fails if an IPv6 address family is
specified for an IPv4 peer-group.

Use the following command to enable route flap dampening for a BGP peer-group:
configure bgp peer-group peer-group-name {address-family [ipv4-unicast
| ipv4-multicast | ipv6-unicast | ipv6-multicast | vpnv4]} dampening
{{half-life half-life-minutes {reuse-limit reuse-limit-number suppress-
limit suppress-limit-number max-suppress max-suppress-minutes}} |
policy-filter [policy-name | none]}

To configure this feature on Layer 3 VPNs, you must configure this feature in the
context of the MPLS-enabled VR; this feature is not supported for BGP neighbors on
the CE (VRF) side of the PE router.

Example
The following command disables route flap dampening to the BGP peer group outer:

configure bgp peer-group outer no-dampening

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade

Switch Engine™ Command Reference Guide for version 32.7.1 311

configure bgp peer-group password Commands

your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp peer-group password

configure bgp peer-group peer-group-name password [none | {encrypted}
tcpPassword]

Desccription
Configures the TCP RSA Data Security, Inc. MD5 Message-Digest Algorithm secret
password for a peer group and all neighbors of the peer group.

Syntax Description
peer-group-name Specifies a peer group.
none Specifies no password.
tcpPassword Specifies a password.
encrypted Specifies an encrypted string.

Default
N/A.

Usage Guidelines
Changes made to the parameters of a peer group are applied to all neighbors in the
peer group.

This command applies to the current VR or VRF context.

After you enter this command, the switch automatically disables and enables all
neighbors in the peer group before the change takes effect.

Example
The following command configures the password as Extreme for the peer group outer
and its neighbors:
configure bgp peer-group outer password extreme

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

312 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp peer-group remote-AS-number

configure bgp peer-group peer-group-name remote-AS-number number

Description
Configures the remote AS number for a peer group and all the neighbors of the peer
group.

Syntax Description
peer-group-name Specifies a peer group.
number Specifies a remote AS number. The range is 1 to
4294967295.

Default
N/A.

Usage Guidelines
The AS number is a 4-byte AS number in either the ASPLAIN or the ASDOT format as
described in RFC 5396, Textual Representation of Autonomous System (AS) Numbers.

Changes made to the parameters of a peer group are applied to all neighbors in the
peer group.

After you enter this command, the switch automatically disables and enables all
neighbors in the peer group before the change takes effect.

Example
The following example configures the remote AS number for the peer group outer and
its neighbors using the ASPLAIN 4-byte AS number format:
configure bgp peer-group outer remote-AS-number 65536

The following example configures the remote AS number for the peer group abc and
its neighbors using the ASDOT 4-byte AS number format:
configure bgp peer-group abc remote-AS-number 1.10

Switch Engine™ Command Reference Guide for version 32.7.1 313

History Commands

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for 4-byte AS numbers was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp peer-group route-policy

configure bgp peer-group peer-group-name {address-family [ipv4-unicast
| ipv4-multicast |ipv6-unicast | ipv6-multicast |vpnv4]} route-policy
[in |out] [none | policy]

Description
Configures the policy for a peer group and all the neighbors of the peer group.

Syntax Description
peer-group-name Specifies a peer group.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.
in Specifies to install the policy on the input side.
out Specifies to install the policy on the output side.
none Specifies to remove the filter.
policy Specifies a policy.

Default
There is no default policy configuration.

If no address family is specified, IPv4 unicast is the default.

314 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This command applies to the current VR or VRF context.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
If the specified peer group contains IPv6 peers, it is an IPv6 peer group and you
must specify an IPv6 address-family. When the specified peer group is an IPv6
peer group, this command fails if no address family is specified or if an IPv4
address-family is specified. This command also fails if an IPv6 address family is
specified for an IPv4 peer-group.

To configure this feature on Layer 3 VPNs, you must configure this feature in the
context of the MPLS-enabled VR; this feature is not supported for BGP neighbors on
the CE (VRF) side of the PE router.

Example
The following command configures the route policy for the peer group outer and its
neighbors using the policy nosales:

configure bgp peer-group outer route-policy in nosales

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp peer-group route-reflector-client

configure bgp peer-group peer-group-name [route-reflector-client | no-
route-reflector-client]

Switch Engine™ Command Reference Guide for version 32.7.1 315

Description Commands

Description
Configures all the peers in a peer group to be a route reflector client.

Syntax Description
peer-group-name Specifies a peer group.
route-reflector- Specifies that all the neighbors in the peer group be a
client route reflector client.
no-route-reflector- Specifies that all the neighbors in the peer group not be a
client route reflector client.

Default
N/A.

Usage Guidelines
This command implicitly defines this router to be a route reflector.

This command applies to the current VR or VRF context.

The peer group must be in the same AS of this router.

Example
The following command configures the peer group outer as a route reflector client:

configure bgp peer-group outer route-reflector-client

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp peer-group send-community

configure bgp peer-group peer-group-name {address-family [ipv4-unicast
| ipv4-multicast |ipv6-unicast | ipv6-multicast |vpnv4]} [send-
community | dont-send-community] {both | extended | standard}

316 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures whether communities should be sent to neighbors as part of route updates.

Syntax Description
peer-group-name Specifies a peer group.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.
send-community Specifies that communities are sent to neighbors as part of
route updates.
dont-send-community Specifies that communities are not sent to neighbors as
part of route updates.
both Send both standard and extended community attributes
to this BGP neighbor, or neighbors in peer group.
extended Send only extended communities to this BGP neighbor or
neighbors in peer group.
standard Send only standard communities to this BGP neighbor or
neighbors in peer group.

Default
If no address family is specified, IPv4 unicast is the default. If no optional keyword (both,
standard or extended) is specified, standard is assumed.

Usage Guidelines
These settings apply to the peer group and all neighbors of the peer group.

This command applies to the current VR or VRF context.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
If the specified peer group contains IPv6 peers, it is an IPv6 peer group and you
must specify an IPv6 address-family. When the specified peer group is an IPv6
peer group, this command fails if no address family is specified or if an IPv4
address-family is specified. This command also fails if an IPv6 address family is
specified for an IPv4 peer-group.

Switch Engine™ Command Reference Guide for version 32.7.1 317

Example Commands

The command is additive; that is, if the command is executed twice with the standard
or extended option, both the extended and standard communities are sent to the BGP
neighbor.

To configure this feature on Layer 3 VPNs, you must configure this feature in the
context of the MPLS-enabled VR; this feature is not supported for BGP neighbors on
the CE (VRF) side of the PE router.

Example
The following command configures communities to be sent to neighbors as part of
route updates:

configure bgp peer-group outer send-community

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Options to control the advertisement of extended community attributes were added in

ExtremeXOS12.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp peer-group soft-reset

configure bgp peer-group peer-group-name {address-family [ipv4-unicast |
ipv4-multicast |ipv6-unicast | ipv6-multicast |vpnv4]} soft-reset {in
| out}

Description
Applies the current input/output routing policy to the neighbors in the peer group.

Syntax Description
peer-group-name Specifies a peer group.
ipv4-unicast Specifies the IPv4 unicast address family.

318 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

ipv4-multicast Specifies an IPv4 multicast address family.

ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.
in Specifies to apply the input routing policy.
out Specifies to apply the output routing policy.

Default
If no address family is specified, IPv4 unicast is the default.

Usage Guidelines
The input/output routing policy is determined by the route policy configured for the
neighbors in the peer group on the input/output side of the router. This command
does not affect configuration of the switch.

This command applies to the current VR or VRF context.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
If the specified peer group contains IPv6 peers, it is an IPv6 peer group and you
must specify an IPv6 address-family. When the specified peer group is an IPv6
peer group, this command fails if no address family is specified or if an IPv4
address-family is specified. This command also fails if an IPv6 address family is
specified for an IPv4 peer-group.

Changes made to the parameters of a peer group are applied to all neighbors in the
peer group.

Any configuration change with this command automatically disables and enables the
neighbors before the changes.

To configure this feature on Layer 3 VPNs, you must configure this feature in the
context of the MPLS-enabled VR; this feature is not supported for BGP neighbors on
the CE (VRF) side of the PE router.

Example
The following command applies the current input routing policy to the neighbors in
the peer group outer:

configure bgp peer-group outer soft-reset in

Switch Engine™ Command Reference Guide for version 32.7.1 319

History Commands

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp peer-group source-interface

configure bgp peer-group peer-group-name source-interface [any |
ipaddress ipAddr]

Description
Configures the source interface for a peer group and all the neighbors of the peer
group.

Syntax Description
peer-group-name Specifies a peer group.
any Specifies any source interface.
ipAddr Specifies an interface.

Default
N/A.

Usage Guidelines
The source interface IP address must be a valid IP address of a VLAN configured on the
switch.

Changes made to the parameters of a peer group are applied to all neighbors in the
peer group.

This command applies to the current VR or VRF context.

After you enter this command, the switch automatically disables and enables the
neighbors so that the changes can take effect.

320 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command configures the source interface for the peer group outer and
its neighbors on 10.34.25.10:

configure bgp peer-group outer source-interface ipaddress 10.34.25.10

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp peer-group timer

configure bgp peer-group peer-group-name timer keep-alive seconds hold-
time seconds

Description
Configures the keepalive timer and hold timer values for a peer group and all the
neighbors of the peer group.

Syntax Description
peer-group-name Specifies a peer group.
keep-alive seconds Specifies a keepalive time in seconds. Range is 0 to 21845.
hold-time seconds Specifies a hold-time in seconds. Range is 0 and 3 to 65535.

Default
N/A.

Usage Guidelines
This command applies to the current VR or VRF context.

Changes made to the parameters of a peer group are applied to all neighbors in the
peer group.

Switch Engine™ Command Reference Guide for version 32.7.1 321

Example Commands

After you enter this command, the switch automatically disables and enables all
neighbors in the peer group before the change takes effect.

Example
The following command configures the keepalive timer and hold timer values for the
peer group outer and its neighbors:

configure bgp peer-group outer timer keep-alive 30 hold-time 90

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp peer-group weight

configure bgp peer-group peer-group-name weight weight

Description
Configures the weight for the peer group and all the neighbors of the peer group.

Syntax Description
peer-group-name Specifies a peer group.
weight Specifies a BGP peer group weight. Range is 0 to 65,535.

Default
N/A.

Usage Guidelines
BGP selects routes based on the following precedence (from highest to lowest):
• higher weight
• higher local preference
• shortest length (shortest AS path)

322 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

• lowest origin code

• lowest MED
• route from external peer
• lowest cost to Next Hop
• lowest routerID

This command applies to the current VR or VRF context.

Example
The following command configures the weight for the peer group outer and its
neighbors:

configure bgp peer-group outer weight 5

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp restart address-family

configure bgp restart [add | delete] address-family [ipv4-unicast |
ipv4-multicast |ipv6-unicast | ipv6-multicast]

Description
Configures the address family used with graceful BGP restart.

Syntax Description
add Add the address family.
delete Remove the address family.
address-family Specifies an IPv4 or IPv6 unicast or multicast address
family.

Switch Engine™ Command Reference Guide for version 32.7.1 323

Default Commands

Default
The default is IPv4 unicast.

Usage Guidelines
Before you can enter this command, you must disable BGP services on the switch with
the disable bgp command.

This command configures the address family participating in graceful BGP restart. An
address family can be added or deleted. By adding an address family, BGP instructs the
switch to preserve BGP routes of that address family during a graceful restart. The local
OPEN message contains all the added address families.

Note
When graceful restart is enabled on the switch, the IPv4 unicast address family
support is added by default. Graceful restart for other address families must be
explicitly added using this command.
For BGP graceful restart to inter-operate with Cisco routers, any restarting
routers connected to Cisco routers must be configured with the command,
enable bgp neighbor capability, in the following form: enable bgp
neighbor remoteaddr capability ipv4-unicast. The command must be
executed before BGP is enabled globally on the switch.

Example
The following command configures a router to add IPv4 unicast addresses to graceful
BGP restarts:

configure bgp restart add address-family ipv4-unicast

History
This command was first available in ExtremeXOS 11.4.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature,see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp restart restart-time

configure bgp restart restart-time seconds

324 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures the restart time used with graceful BGP restart. This is the maximum time a
receiver router waits for a restarting router to come back up.

Syntax Description
seconds Specifies the restart time. The range is 1 to 3600 seconds.

Default
The default is 120 seconds.

Usage Guidelines
Before you can enter this command, you must disable BGP services on the switch with
the disable bgp command.

This command configures the restart timer. This timer is started on the receiver router
when it detects the neighbor router is restarting (usually when the peer TCP session
is reset). At that time, routes from the restarting router are marked as stale, but are
preserved in the routing table. The timer is stopped when the restarting BGP neighbor
goes to the ESTABLISHED state (it has finished restarting). If the timer expires, the stale
routes are deleted.

Example
The following command configures the graceful BGP restart timer:

configure bgp restart restart-time 200

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp restart stale-route-time

configure bgp restart stale-route-time seconds

Switch Engine™ Command Reference Guide for version 32.7.1 325

Description Commands

Description
Configures the stale route timer used with graceful BGP restart. This is the maximum
time to hold stale paths on receiver routers while its neighbor gracefully restarts.

Syntax Description
seconds Specifies the stale route time. The range is 1 to 3600
seconds.

Default
The default is 360 seconds.

Usage Guidelines
Before you can enter this command, you must disable BGP services on the switch with
the disable bgp command.

This command configures the stale route timer. This timer is started when the
restarting BGP peer goes to the ESTABLISHED state after it restarts. The timer is
stopped when the restarting BGP peer sends EOR messages for all address families.
When the timer is stopped, or it expires, the stale routes are deleted.

Example
The following command configures the graceful BGP stale route timer:

configure bgp restart stale-route-time 400

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature,see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp restart update-delay

configure bgp restart update-delay seconds

326 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures the update delay timer used with graceful BGP restart. This is the maximum
time to delay updating BGP routes to the local IP route table.

Syntax Description
seconds Specifies the stale route time. The range is 1 to 3600
seconds.

Default
The default is 600 seconds.

Usage Guidelines
Before you can enter this command, you must disable BGP services on the switch with
the disable bgp command.

This command configures the update delay timer. Usually, a restarting router waits to
receive EOR messages from all the receiving BGP neighbors before it starts the route
update. Otherwise, it does the route selection when the timer expires.

Example
The following command configures the graceful BGP update delay timer:

configure bgp restart update-delay 800

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp restart

configure bgp restart [none | planned | unplanned | both | aware-only]

Description
Configures the router as a graceful BGP restart router.

Switch Engine™ Command Reference Guide for version 32.7.1 327

Syntax Description Commands

Syntax Description
none Do not act as a graceful BGP restart router.
planned Only act as a graceful BGP restart router for planned
restarts.
unplanned Only act as a graceful BGP restart router for unplanned
restarts.
both Act as a graceful BGP restart router for both planned and
unplanned restarts.
aware-only Only act as a graceful BGP receiver (helper) router.

Default
The default is none; graceful restart is disabled.

Usage Guidelines
This command configures the router as a graceful BGP router. You can decide to
configure a router to enter graceful restart for only planned restarts, for only unplanned
restarts, or for both. Also, you can decide to configure a router to be a receiver only
(which helps a restarting BGP router to perform the graceful restart process), and not to
do graceful restarts itself.

After a graceful restart, the switch preserves the time stamps for all BGP routes in the
RIB that were received before the stale timer expired. After restart, the capabilities for
all BGP peers are renegotiated.

Note
End of Restart (EOR) messages are not sent to BGP peers if the graceful restart
feature is disabled.

This command cannot be used while BGP is enabled globally on the switch.

Example
The following command configures a router to perform graceful BGP restarts only for
planned restarts:

configure bgp restart planned

History
This command was first available in ExtremeXOS 11.4.

328 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature,see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp routerid

configure bgp routerid router-identifier

Description
Changes the router identifier.

Syntax Description
router identifier Specifies a router identifier in the IPv4 address format.

Default
N/A.

Usage Guidelines
BGP must be disabled before changing the router ID.

BGP selects routes based on the following precedence (from highest to lowest):
• Higher weight
• Higher local preference
• Shortest length (shortest AS path)
• Lowest origin code
• Lowest MED
• Route from external peer
• Lowest cost to Next Hop
• Lowest router ID

This command applies to the current VR or VRF context.

Switch Engine™ Command Reference Guide for version 32.7.1 329

Example Commands

Example
The following command changes the router ID:

configure bgp routerid 192.1.1.13

Note
To remove the configured bgp routerid, give routerid value as 0.0.0.0 i.e.
configure bgp routerid 0.0.0.0.

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure bgp soft-reconfiguration

configure bgp soft-reconfiguration

Description
Immediately applies the route policy associated with the network command,
aggregation, import, and redistribution.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
This command does not affect the switch configuration.

This command applies to the current VR or VRF context.

330 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command applies the route policy associated with the network
command, aggregation, import, and redistribution:

configure bgp soft-reconfiguration

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature,see the Switch Engine 32.7.1
Feature License Requirements document.

configure bootprelay
configure bootprelay [ {vlan [vlan_name]} [add ip_address | delete
[ip_address] | all ]]

Description
This command configures DHCPv4 server/next hop relay for each VLAN IPv4 interfaces.
This command is not applicable to IPv6 interfaces. Configuring bootprelay per VLAN v4
level is supported only on IPv4, and not on IPv6.

Syntax Description
bootprelay BOOTP Relay service.
add Adds DHCP BOOTP Relay server.
delete Deletes DHCP BOOTP Relay server.
ip_address IP address of bootp relay server.

Default
N/A.

Usage Guidelines
Use this command to configure the DHCPv4 server/next hop for each VLAN interface.
The configuration applied to the VR level is populated to all VLAN v4 IPv4/v6 interfaces.

Switch Engine™ Command Reference Guide for version 32.7.1 331

Example Commands

Example
The following example displays IPv6 bootprelay information:
# sh bootprelay configuration ipv4
DHCPv4 BOOTP Relay : Enabled on virtual router "VR-Default"
Include Secondary : Disabled
BOOTP Relay Servers : 10.127.6.243
DHCP Relay Agent Information Option: Disabled
DHCP Relay Agent Information Check : Disabled
DHCP Relay Agent Information Policy: Replace

VLAN DHCPv4 BOOTP Relay

------------------------ ------------------
VLAN "Default":
BOOTP Relay : Enabled
VLAN "client":
BOOTP Relay : Enabled
BOOTP Relay Servers : 10.1.1.1 10.127.6.101 10.127.6.243
DHCP Relay Agent Information Option: Disabled
DHCP Relay Agent Information Check : Disabled
DHCP Relay Agent Information Policy: Replace
VLAN "client1":
BOOTP Relay : Enabled
VLAN "dhcpv4server":
BOOTP Relay : Enabled
VLAN "server":
BOOTP Relay : Enabled

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure bootprelay add

configure bootprelay {ipv4 | ipv6} add ip_address {vr vrid}

Description
Configures the addresses to which BOOTP requests should be directed.

Syntax Description
ipv4 DHCPv4 BOOTP Relay service (default).
ipv6 DHCPv6 BOOTP relay service.
ip_address Specifies an IP address.
vrid Specifies a VR or VRF name.

332 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
If you do not specify a VR or VRF, the current VR context is used.

If you do not specify DHCPv4 or v6 BOOTP Relay service, DHCPv4 is used.

Usage Guidelines
After IP unicast routing has been configured, you can configure the switch to forward
DHCP or BOOTP requests coming from clients on subnets being serviced by the switch
and going to hosts on different subnets.

To configure the relay function, follow these steps:

1. Configure VLANs and IP unicast routing.

2. Configure the addresses to which DHCP or BOOTP requests should be directed,
using the following command: configure bootprelay add ip_address
3. Enable the DHCP or BOOTP relay function using the following command: enable
bootprelay

Example
The following example configures BOOTP requests to be directed to 123.45.67.8:
configure bootprelay add 123.45.67.8

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure bootprelay delete

configure bootprelay {ipv4 | ipv6} delete [ip_address | all] {vr vrid}

Description
Removes one or all IP destination addresses for forwarding BOOTP packets.

Syntax Description
ipv4 DHCPv4 BOOTP Relay service (default).
ipv6 DHCPv6 BOOTP relay service.
ip_address Specifies an IP address.

Switch Engine™ Command Reference Guide for version 32.7.1 333

Default Commands

all Specifies all IP address entries.

vrid Specifies a VR or VRF name.

Default
If you do not specify a VR, the current VR context is used.

If you do not specify DHCPv4 or v6 BOOTP Relay service, DHCPv4 is used.

Usage Guidelines
None.

Example
The following command removes the destination address:

configure bootprelay delete 123.45.67.8

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure bootprelay dhcp-agent information check

configure bootprelay dhcp-agent information check

Description
Enables the DHCP relay agent option (option 82) checking.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

334 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
In some instances, a DHCP server may not properly handle a DHCP request packet
containing a relay agent option. Use this command to prevent DHCP reply packets
with invalid or missing relay agent options from being forwarded to the client.

To disable this check, use the following command:

unconfigure bootprelay dhcp-agent information check

Example
The following command configures the DHCP relay agent option check:

configure bootprelay dhcp-agent information check

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure bootprelay dhcp-agent information circuit-id port-

information
configure bootprelay dhcp-agent information circuit-id port-information
port_info port port

Description
Configures the circuit ID sub-option that identifies the port for an incoming DHCP
request.

Syntax Description
port_info Specifies a text string that becomes the circuit ID
sub-option for the specified port. Specify a text string
composed of 1 to 32 characters.
port Specifies the port to which the circuit ID sub-option is
assigned.

Default
The default port_info is encoded as ((slot_number * 1000) + port_number/portIfindex).
For example, if the DHCP request is received on port 3:12, the default circuit ID port_info
value is 3012. On standalone switches, the slot number is one, so the default circuit ID

Switch Engine™ Command Reference Guide for version 32.7.1 335

Usage Guidelines Commands

port_info value is (1000 + port_number/portIfindex). For example, the default port_info

for port 3 on a standalone switch is 1003.

Usage Guidelines
The full circuit ID string uses the format vlan_info-port_info . To configure the
vlan_info portion of the circuit ID string, use the following command:
configure bootprelay dhcp-agent information circuit-id vlan-information
vlan_info {vlan} [vlan_name|all]

To display the port_info information, use the following command:

show bootprelay dhcp-agent information circuit-id port-information ports
all

Example
The following command configures the circuit ID port_info value slot1port3 for port 1:3:

configure bootprelay dhcp-agent information circuit-id port-information slot1port3 port

1:3

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure bootprelay dhcp-agent information circuit-id vlan-

information
configure bootprelay dhcp-agent information circuit-id vlan-information
vlan_info {vlan} [vlan_name|all]

Description
Configures the circuit ID sub-option that identifies the VLAN for an incoming DHCP
request.

336 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan_info Specifies a text string that becomes the circuit ID sub-
option for the specified VLAN. Specify a text string
composed of 1 to 32 characters.
vlan_name Specifies the VLAN to which the circuit ID sub-option is
assigned.
all Specifies that the vlan_info entered is to be used in the
circuit ID sub-option for all VLANs.

Default
The default vlan_info for each VLAN is the VLAN ID or tag.

Usage Guidelines
The full circuit ID string uses the format vlan_info-port_info . To configure the
port_info portion of the circuit ID string, use the following command:
configure bootprelay dhcp-agent information circuit-id port-information
port_info port port

To display the vlan_info information, use the following command:

show bootprelay dhcp-agent information circuit-id vlan-information

Example
The following command configures the circuit ID vlan_info value VLANblue for VLAN
blue:

configure bootprelay dhcp-agent information circuit-id vlan-information VLANblue blue

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure bootprelay dhcp-agent information option

configure bootprelay dhcp-agent information option

Description
Enables the DHCP relay agent option (option 82).

Switch Engine™ Command Reference Guide for version 32.7.1 337

Syntax Description Commands

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
After IP unicast routing has been configured, you can configure the switch to forward
DHCP or BOOTP requests coming from clients on subnets being serviced by the switch
and going to hosts on different subnets.

To configure the relay function, follow these steps:

• Configure VLANs and IP unicast routing.
• Enable the DHCP or BOOTP relay function, using the following command: enable
bootprelay {{vlan} [vlan_name] | {{vr} vr_name} | all [{vr} vr_name]}
• Configure the addresses to which DHCP or BOOTP requests should be directed,
using the following command: configure bootprelay add ip_address {vr
vrid}

Configure the DHCP relay agent option (option 82), using the following command:
configure bootprelay dhcp-agent information option

To disable the DHCP relay agent option (option 82), use the following command:
unconfigure bootprelay dhcp-agent information option

Example
The following example configures the DHCP relay agent option:
configure bootprelay dhcp-agent information option

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure bootprelay dhcp-agent information policy

configure bootprelay dhcp-agent information policy [drop | keep |
replace]

338 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures the DHCP relay agent option (option 82) policy.

Syntax Description
drop Specifies to drop the packet.
keep Specifies to keep the existing option 82 information in
place.
replace Specifies to replace the existing data with the switch’s own
data.

Default
Replace.

Usage Guidelines
Use this command to set a policy for the relay agent. Packets can be dropped, the
option 82 information can be replaced (the default), or the packet can be forwarded
with the information unchanged.

Example
The following command configures the DHCP relay agent option 82 policy to keep:

configure bootprelay dhcp-agent information policy keep

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure bootprelay dhcp-agent information remote-id

configure bootprelay dhcp-agent information remote-id [remote_id |
system-name] {vr vrid}

Description
Configures the remote ID sub-option that identifies the relaying switch for DHCP
requests and replies.

Switch Engine™ Command Reference Guide for version 32.7.1 339

Syntax Description Commands

Syntax Description
remote_id Specifies a text string that becomes the remote ID sub-
option for the switch. Specify a text string composed of 1 to
32 characters.
system-name Specifies that the switch name is used as the remote ID
sub-option for the switch.
vrid Specifies the VR on which to configure the remote ID sub-
option.

Default
The switch MAC address.

Usage Guidelines
To display the remote-ID, use the following command: show bootprelay

Example
The following example configures the remote ID sub-option to specify the switch name
in DHCP requests and replies:
configure bootprelay dhcp-agent information remote-id system-name

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure bootprelay dhcp-agent source-vlan

configure bootprelay dhcp-agent source-vlan {vlan_name} {vr vrid}

Description
Configures a source VLAN to use as the source IP address in the BOOTPrelay packet.

Syntax Description
bootprelay Specifies BOOTPrelay agent information option.
dhcp-agent Specifies DHCP agent.
source-vlan Specifies using the IP address of the configured loopback
VLAN as the gateway IP (giaddr) field when BOOTPrelay is
used for the anycast VLAN.

340 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

vlan_name Specifies the loopback VLAN name.

vr Specifies using a specific virtual router ID.
vrid Specifies the virtual router ID.

Default
N/A.

Usage Guidelines
When a VLAN is configured with an anycast MAC address and has an anycast IP
address, the source address must be a unique reachable IP address. Without a
unique IP address, the DHCP reply from the server might not reach the DHCP relay
ExtremeXOS device. The source VLAN must be a loopback VLAN that is configured
on the specified VRF. If a source VLAN is not configured, then a loopback VLAN is
automatically picked for anycast VLANs receiving a DHCP request.

To view the selected source VLAN, use the command show bootprelay
configuration {ipv4 | ipv6} {{vlan vlan_name } | {vr vr_name}} .

Example
The following example configures the VLAN "vlan1" to use as the source IP address in
the BOOTPrelay packet:
# configure bootprelay dhcp-agent source-vlan vlan1

History
This command was first available in ExtremeXOS 30.7.

Platform Availability
This command is available on all Universal switches supported in this document.

configure bootprelay include-secondary

configure bootprelay {ipv4 | ipv6} include-secondary {sequential |
parallel | off} {vr vr_name}

Description
Configures DHCP smart relay mode, and includes a secondary IP address as the giaddr
at the VR level.

Switch Engine™ Command Reference Guide for version 32.7.1 341

Syntax Description Commands

Syntax Description
ipv4 Specifies DHCPv4 BOOTP Relay service (default).
ipv6 Specifies DHCPv6 BOOTP Relay service.
include-secondary (Optional) Uses both primary and secondary address(es) of
the client VLAN as gateway address.
sequential Uses primary and secondary address(es) of client VLAN in
sequence after 3 retries (default if include-secondary is on).
parallel Uses primary and secondary address(es) of client VLAN in
parallel.
off Disables use of both primary and secondary address(es) of
client VLAN as gateway address (default).
vr Specifies a virtual router ID.
vr_name Specifies the virtual router.

Default
IPv4 is the default relay service.

The default value is off, but sequential is the default if include-secondary is on.

Usage Guidelines
Use this command to configure DHCP smart relay mode, and to include a secondary IP
address as giaddr at the VR level.

Example
The following example configures DHCPv4 BOOTP Relay service to use both primary
and secondary addresses of the client VLAN as the gateway address. By default, the
command specifies that you use the primary and secondary addresses of the client
VLAN in sequence after three retries.
configure bootprelay ipv4 include-secondary sequential

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure bootprelay ipv6 option interface-id

configure bootprelay ipv6 option [ interface-id ] [identifier_string |
system_name | none] [vlan vlan_name | all]

342 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
This command configures the option interface-id as described in RFC-4649 to an
IPv6 bootp relay/DHCP relay agent.

Syntax Description
bootprelay BOOTP Relay Service
ipv6 DHCPv6 BOOTP Relay Service
option DHCPv6 BOOTP Relay options
interface-id Interface identifier option.
interface_id_string Interface identifier string.
none Identifier defaults to 802.1Q VLAN ID.
all All VLANs.

Default
802.1Q VLAN ID if not configured.

Usage Guidelines
Use this command to configure the option interface-id as described in RFC-4649 to
an IPv6 BOOTP relay/DHCP relay agent. After receiving an IPv6 BOOTP/DHCP request
packet on the specified VLAN, the agent adds the configured identifier to the packet
and passes it to the server. If this option is configured to be as system-name, the switch
name is used as the remote-id. The same can be unconfigured using the none option.
After unconfiguring this option, the switch MAC address (the default value) is used as
remote-id. This option can be configured or unconfigured to a specified VLAN or to all
VLANs.

Example
* Switch # show bootprelay ipv6
BOOTP Relay: DHCPv6 BOOTP Relay enabled on virtual router "VR-Default"
BOOTP Relay Servers : 2001:0db8:85a3:0000:0000:8a2e:0370:7334
2001:0db8:85a3:0000:0000:8a2e:0370:7335
2001:0db8:85a3:0000:0000:8a2e:0370:7336
2001:0db8:85a3:0000:0000:8a2e:0370:7337
VLAN "Default":
BOOTP Relay : Disabled
VLAN "v1":
BOOTP Relay : Enabled
Interface ID : v1-12
Remote ID : v1_remId
VLAN "v2":
BOOTP Relay : Enabled
Interface ID : 100 (Default)
Remote ID : 00:04:96:52:A7:1B (Default)

Switch Engine™ Command Reference Guide for version 32.7.1 343

History Commands

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure bootprelay ipv6 option remote-id

configure bootprelay ipv6 option [remote-id] [identifier_string] |
system-name | none] [vlan vlan_name | vlan all]

Description
This command configures the remote-id option as described in RFC-4649 to an IPv6
BOOTP relay/DHCP relay agent.

Syntax Description
bootprelay BOOTP Relay Service
ipv6 DHCPv6 BOOTP Relay Service
option DHCPv6 BOOTP Relay options
remote-id Remote-ID sub-option to identify remote host
remote_id_string Remote ID String
system-name System Name string
none Identifier defaults System MAC address
all All VLANs

Default
System MAC address if not configured.

Usage Guidelines
Use this command to configure the remote-id option as described in RFC-4649 to
an IPv6 BOOTP relay/DHCP relay agent. After receiving an IPv6 BOOTP/DHCP request
packet on the specified VLAN, the agent adds the configured identifier to the packet
and passes it to the server. If this option is configured to be as system-name, the switch
name is used as the remote-id. The same can be unconfigured using the none option.
After unconfiguring this option, the switch MAC address (the default value), is used as
remote-id. This option can be configured orunconfigured to a specified VLAN or to all
VLANs.

344 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
* Switch # show bootprelay ipv6
BOOTP Relay: DHCPv6 BOOTP Relay enabled on virtual router "VR-Default"
BOOTP Relay Servers : 2001:0db8:85a3:0000:0000:8a2e:0370:7334
2001:0db8:85a3:0000:0000:8a2e:0370:7335
2001:0db8:85a3:0000:0000:8a2e:0370:7336
2001:0db8:85a3:0000:0000:8a2e:0370:7337
VLAN "Default":
BOOTP Relay : Disabled
VLAN "v1":
BOOTP Relay : Enabled
Interface ID : v1-12
Remote ID : v1_remId
VLAN "v2":
BOOTP Relay : Enabled
Interface ID : 100 (Default)
Remote ID : 00:04:96:52:A7:1B (Default)

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure bootprelay ipv6 prefix-delegation snooping add

configure bootprelay ipv6 prefix-delegation snooping add ipv6_prefix
ipv6Gateway {vlan} vlan_name valid-time valid_time

Description
Adds information about a snooped IPv6 delegated prefix on a VLAN.

Syntax Description
ipv6_prefix Specifies the IPv6 prefix (/prefix length) to be added.
ipv6Gateway Specifies the IPv6 gateway address.
vlan_name Specifies the VLAN.
valid_time Time, in seconds, that the delegated IPv6 prefix is valid.

Default
N/A

Switch Engine™ Command Reference Guide for version 32.7.1 345

Usage Guidelines Commands

Usage Guidelines
Allows you to add a particular IPv6 delegated prefix to snoop if the prefix was issued or
renewed during reboot. If the prefix has been snooped earlier, this command renews
the valid time for the prefix.

To set the specified prefix to always be valid, set the valid-time parameter to 0.

Before adding an IPv6 delegated prefix to snoop, you must enable IPv6 BOOTP relay
and prefix snooping using enable bootprelay ipv6 and configure bootprelay
ipv6 prefix-delegation snooping .

Example
The following example adds prefix /56.
configure bootprelay ipv6 prefix-delegation snooping add 5001:db8:3553:bf00::/56
fe80::a440:cfd5:c05b:d324 vlan v1 valid-time 300

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure bootprelay ipv6 prefix-delegation snooping

configure bootprelay ipv6 prefix-delegation snooping [on {vlan}vlan_name
| off [{vlan}vlan_name | vlan all] ]

Description
Enables and disables snooping of IPv6 prefixes delegated via DHCP.

Syntax Description
on Enables snooping of IPv6 prefixes delegated via DHCP on
the specified VLAN.
vlan_name Specifies the VLAN.
off Disables snooping of IPv6 prefixes delegated via DHCP on
the specified VLAN.
vlan all Disables snooping of IPv6 prefixes delegated via DHCP on
all VLANs.

Default
By default, snooping of IPv6 prefixes is off.

346 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
You can enable snooping on a specific VLAN.

You can disable the snooping on a specific VLAN or all VLANs.

Example
The following example disables snooping of IPv6 prefixes on all VLANs.
configure bootprelay ipv6 prefix-delegation snooping off vlan all

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure bootprelay vlan include-secondary

configure bootprelay {ipv4 | ipv6} {vlan vlan_name} include-secondary
{sequential | parallel | off}

Description
Configures DHCP smart relay mode to include secondary IP address as giaddr at VLAN
level.

Syntax Description
ipv4 Specifies DHCPv4 BOOTP Relay service (default).
ipv6 Specifies DHCPv6 BOOTP Relay service.
vlan Configure BOOTP relay for this VLAN, and overrides the VR
level configuration.
vlan_name Specifies the VLAN name.
include-secondary (Optional) Use both primary and secondary address(es) of
the client VLAN as gateway address.
sequential Use primary and secondary address(es) of client VLAN in
sequence after 3 retries (default if include-secondary is on).
parallel Use primary and secondary address(es) of client VLAN in
parallel.
off Disable use of both primary and secondary address(es) of
client VLAN as gateway address (default).

Switch Engine™ Command Reference Guide for version 32.7.1 347

Default Commands

Default
IPv4 is the default relay service.

off is the default value, but sequential is the default if include-secondary is on.

Usage Guidelines
Use this command to configure DHCP smart relay mode to include the secondary IP
address as giaddr at the VLAN level.

Example
The following command configures DHCPv4 BOOTP Relay service for the "vlan_100"
VLAN, and uses both primary and secondary address(es) of the client VLAN as gateway
address. This overrides the VR level configuration.

configure bootprelay ipv4 vlan vlan_100 include-secondary

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cdp cos-extend ports

configure cdp cos-extend cos_value ports [port_list | all]

Description
This command configures COS extended support on the IP phone. This information will
be sent to the IP phone from the ExtremeXOS switch by trust TLV and COS TLV.

Syntax Description
cos_value COS value range from 0 to 7.
port_list Port list separated by a comma or -";

Default
0.

348 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
None.

Example
The following example sets the COS TLV value as 4 for port 5 in the ExtremeXOS switch,
which will be used by the IP phone to override priority received from PC or the attached
device.
configure cdp cos-extend 4 ports 5

The following example sets the COS TLV value to default for port 5 in the ExtremeXOS
switch.
configure cdp cos-extend 0 ports 5

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cdp device-id

configure cdp device-id [device_id | system-mac | system-name]

Description
Configures the device ID only in CDP.

Syntax Description
device-id Unique device identifier to be used in CDP.
system-mac Use system MAC address as the device identifier.
system-name Use sysName as the device identifier (default).

Default
system-name.

Usage Guidelines
Use this command to configure the Device ID. If you do not configure it, the MAC
address is used as the Device ID. This configuration of device ID is only used in the
CDP .

Switch Engine™ Command Reference Guide for version 32.7.1 349

Example Commands

Example
The following command configures the device ID as the MAC address:

configure cdp device-id system-mac

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cdp frequency

configure cdp frequency seconds

Description
Enables CDP on a port.

Syntax Description
seconds Specifies the transmit frequency in seconds. The range is
5,254 seconds. The default value is 60 seconds.

Default
60 seconds.

Usage Guidelines

Example
The following command configures the CDP frequency as two minutes:

configure cdp frequency 120

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

350 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure cdp hold-time

configure cdp hold-time

configure cdp hold-time seconds

Description
Configures the hold time of the neighbor information .

Syntax Description
seconds Duration in seconds that receiver must keep this packet.
The range is 10-255 and the default is 180 seconds.

Default
60 seconds.

Usage Guidelines
Use this command to configure the hold time of the neighbor information for which a
receiving device should hold information before discarding it.

Example
The following command configures the CDP hold time as two minutes:

configure cdp hold-time 120

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cdp management-address

configure cdp management-address [{vlan} vlan_name | vlan vlan_id]
{primary-ip | secondary-ip secondary_ip_address}]

Description
Configures a specified VLAN’s IP address as the management address to be advertised
by Cisco Discovery Protocol (CDP).

Switch Engine™ Command Reference Guide for version 32.7.1 351

Syntax Description Commands

Syntax Description
vlan Specifies a VLAN for the management IP address.
vlan_name Specifies a VLAN name for the management IP address
(default is "Mmgt").
vlan_id Specifies a VLAN ID for the management IP address.
primary-ip CDP advertises the primary IP address of the specified
VLAN (default).
The specified VLAN must be already configured with at
least one primary IPv4 or IPv6 address.
secondary-ip Specifies that CDP advertises the secondary IP address of
the specified VLAN.
The specified secondary IP address must already be
configured on the specified VLAN.
secondary_ip_address Specifies the secondary IP address of the specified VLAN.

Default
By default, the Management VLAN’s IP address is advertised by CDP.

If you do not specify, CDP advertises the primary IP address of the specified VLAN.

Usage Guidelines
If the Management VLAN IP address is not configured, you can specify any user-
defined VLAN’s IP address or front panel port VLAN’s IP address as the management
address for the CDP protocol.

This command dictates the management address to be advertised by the CDP

protocol; the equivalent command for LLDP is configure lldp management-address on
page 796.

To use this command, the specified VLAN must already exist. The management IP
address configuration is removed if the specified VLAN is deleted, or if the primary IP
address of the specified VLAN is deleted (if primary-ip configured), or if the specified
secondary IP address of the specified VLAN is deleted (if secondary-ip configured).

If primary-ip is configured and the specified VLAN has multiple primary IP addresses
(IPv4 and IPv6), then CDP advertises the first primary IP address that exists in the
address table. If IPv4 is not configured, CDP advertises the first IPv6 address.

If secondary-ip is configured and the specified VLAN has multiple secondary IP

addresses, then CDP advertises only the specified secondary IP address of the
configuration.

352 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example configures the primary IP address of the VLAN "vlan1" as the
management address to be advertised by CDP protocol:
configure cdp management-address vlan vlan1 primary-ip

History
This command was first available in ExtremeXOS 22.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cdp power-available ports

configure cdp power-available [advertise | no-advertise] ports
[port_list | all]

Description
This command configures the advertising status of the power available TLV on CDP
ports.

Syntax Description
advertise Specifies to send the TLV to neighbors.
no-advertise Specifies not to send the TLV to neighbors.
port_list Port list separated by a comma or - .

Default
No-advertise.

Usage Guidelines
This command is for PoE switches.

Example
The following example advertises the Power Available TLV on port 1:
configure cdp power-available advertise ports 1

The following example does not advertise the Power Available TLV on port 1:
configure cdp power-available no-advertise ports 1

Switch Engine™ Command Reference Guide for version 32.7.1 353

History Commands

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cdp trust-extend ports

configure cdp trust-extend [untrusted | trusted] ports [port_list | all]

Description
This command configures trust mode support for the IP phone. This information will be
sent to the IP phone from the ExtremeXOS switch by trust TLV.

Syntax Description
untrusted Instructs attached IP phone to overwrite priority received
from PC with configured COS value.
trusted Instructs IP phone to trust the priority received from PC or
the attached device.
port_list Port list separated by a comma or -";

Default
Trusted.

Usage Guidelines
None.

Example
The following example sets the trust TLV value as trusted for port 5 in the ExtremeXOS
switch, which will be used by the IP phone to not change the priority received from the
PC or attached device.
configure cdp trust-extend trusted ports 5

The following example sets the trust mode to untrusted for port 5 in the ExtremeXOS
switch, which will be used by the IP phone to override priority received from the PC or
attached device.
configure cdp trust-extend untrusted ports 5

354 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cdp voip-vlan ports

configure cdp voip-vlan advertise [solicited | unsolicited] [vlan_name |
vlan_id | dot1p | untagged | none] ports [port_list | all]

Description
This command configures voice VLAN, for voice traffic from the IP phone in one or
more ports in ExtremeXOS switch. This information will be sent to IP phone from the
ExtremeXOS switch by VOIP Reply TLV.

Syntax Description
vlan_name VLAN name.
vlan_id VLAN ID tag between 1 and 4,094.
advertise Configures when TLVs are sent to neighbors.
solicited Send TLVs to neighbors only when requested (default).
unsolicited Send TLVs to neighbors without waiting for a request.
dot1p Instructs IP phone to send dot1p tagged voice traffic.
untagged Instructs IP phone to send untagged voice traffic.
none No VLAN information is sent in CDP PDUs.
port_list Port list is separated by a comma or -";
all Instructs IP phone to send all traffic.

Default
By default, voice VLAN reply TLV are sent to neighbors only when requested.

Usage Guidelines
None.

Example
The following example sets the VOIP VLAN reply TLV value value as default in
ExtremeXOS for port, which will be used by the IP phone for voice traffic:
Configure cdp voip-vlan “Default” ports 5

Switch Engine™ Command Reference Guide for version 32.7.1 355

History Commands

The following example sets the VOIP VLAN reply TLV value as priority tagged in
ExtremeXOS switch for port 5, which will be used by the IP phone for voice traffic.
configure cdp voip-vlan dot1p ports 5

The following example sets the VOIP VLAN reply TLV value as untagged in ExtremeXOS
switch, which will be used by the IP phone for voice traffic.
configure cdp voip-vlan untagged ports 5

The following example sets the VOIP VLAN reply TLV value as none in ExtremeXOS
switch, this will not transmit any VLAN information TLV to the IP phone.
configure cdp voip-vlan none ports 5

The following example sets the VOIP VLAN reply TLV value as VLAN Id 1 in ExtremeXOS
switch for port 5, which will be used by the IP phone for voice traffic.
configure cdp voip-vlan 1 ports 5

To configure VoIP VLAN as unsolicited on port 10:

configure cdp voip-vlan advertise unsolicited ports 10

History
This command was first available in ExtremeXOS 21.1.

Ability to send voice VLAN reply TLV without receiving voice VLAN request TLV
(unsolicited) was added in ExtremeXOS 22.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm domain add association integer

configure cfm domain domain_name add association integer int [vlan
vlan_name|vman vman_name]

Description
Creates a maintenance association (MA) related to a specified maintenance domain
(MD). This command supports the 2-octet integer MA format.

Syntax Description
domain_name Specifies the domain you want to associate with this MA.
int Enter an integer to name the MA. The range is 0 to 65535.
vlan_name Specifies the VLAN you want to assign to this MA. Each MA
contains only one VLAN, VMAN, BVLAN or SVLAN.
vman_name Specifies the VMAN you want to assign to this MA.

356 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
All ports configured on the specified VLAN are now CFM ports in the specified MA.

You add the MA, or association, to the domain, and the MA uses the MD level assigned
to the domain. Each MA can belong to only one domain, but several MAs can belong to
a given domain. The MA is unique within a given domain.

Example
The following command creates a 2-octet integer MA (350) that associates the domain
brazil and the VLAN admin:

configure cfm domain brazil add association integer 350 vlan admin

History
This command was first available in ExtremeXOS 11.4.

The SVLAN option was added in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm domain add association meg

configure cfm domain domain_name add association [meg meg_name]

Description
Creates a maintenance association (MA) related to a specified maintenance domain
(MD). This command supports the MEG MA format.

Syntax Description
meg ITU-T Y.1731 Maintenance Entity Group.
meg_name MEG name, maximum of 12 characters with 6 bytes ITU
Carrier Code and 6 bytes Organization specific Unique
MEG ID Code.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 357

Usage Guidelines Commands

Usage Guidelines
All ports configured on the specified MEG are now CFM ports in the specified MA.You
add the MA, or association, to the domain, and the MA uses the MD level assigned to
the domain. Each MA can belong to only one domain, but several MAs can belong to a
given domain. The MA is unique within a given domain.

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm domain add association string

configure cfm domain domain_name add association string name [vlan
vlan_name|vman vman_name]

Description
Creates a maintenance association (MA) related to a specified maintenance domain
(MD). This command supports the character string MA format.

Syntax Description
domain_name Specifies the domain you want to associate with this MA.
string Enter up to 45 alphanumeric characters to name the MA.
vlan_name Specifies the VLAN you want to assign to this MA. Each MA
contains only one VLAN, VMAN, or BVLAN.
vman_name Specifies the VMAN you want to assign to this MA.

Default
N/A.

Usage Guidelines
All ports configured on the specified VLAN are now CFM ports in the specified MA.

You add the MA, or association, to the domain, and the MA uses the MD level assigned
to the domain. Each MA can belong to only one domain, but several MAs can belong to
a given domain. The MA is unique within a given domain.

358 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command creates an MA named service that associates the MD spain
and the VLAN finance:

configure cfm domain service add association string spain vlan finance

History
This command was first available in ExtremeXOS 11.4.

The SVLAN option was added in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm domain add association vlan-id

configure cfm domain domain_name add association vlan-id vlanid [vlan
vlan_name|vman vman_name]

Description
Creates a maintenance association (MA) related to a specified maintenance domain
(MD). This command supports the VLAN ID MA format.

Syntax Description
domain_name Specifies the domain you want to associate with this MA.
vlanid Specifies the VLAN ID.
vlan_name Specifies the VLAN you want to assign to this MA. Each MA
contains only one VLAN, VMAN, or BVLAN.
vman_name Specifies the VMAN you want to assign to this MA.

Default
N/A.

Usage Guidelines
All ports configured on the specified VLAN are now CFM ports in the specified MA.

You add the MA, or association, to the domain, and the MA uses the MD level assigned
to the domain. Each MA can belong to only one domain, but several MAs can belong to
a given domain. The MA is unique within a given domain.

Switch Engine™ Command Reference Guide for version 32.7.1 359

History Commands

History
This command was first available in ExtremeXOS 12.1.

The SVLAN option was added in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm domain add association vpn-id oui index

configure cfm domain domain_name add association vpn-id oui oui index
index [vlan vlan_name| meg meg_name|vman vman_name]

Description
Creates a maintenance association (MA) related to a specified maintenance domain
(MD). This command supports the RFC 2685 VPN ID MA format.

Syntax Description
domain_name Specifies the domain you want to associate with this MA.
association IEEE 802.1ag Maintenance Association or ITU-T Y.1731
Maintenance Entity Group
oui Enter a virtual private network (VPN) Organizational
Unique Identifier (OUI) in the format XX:XX:XX as part of the
name for the MA.
index Enter the 32-bit VPN index you want to append to the OUI
to name the MA. The range is 0 to 4294967295.
vlan_name Specifies the VLAN you want to assign to this MA. Each MA
contains only one VLAN, VMAN, or BVLAN.
vman_name Specifies the VMAN you want to assign to this MA.
meg ITU-T Y.1731 Maintenance Entity Group.
meg_name MEG name, maximum of 12 characters with 6 bytes ITU
Carrier Code and 6 bytes organization specific unique MEG
ID code.

Default
N/A.

Usage Guidelines
All ports configured on the specified VLAN are now CFM ports in the specified MA. You
add the MA, or association, to the domain, and the MA uses the MD level assigned to

360 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

the domain. Each MA can belong to only one domain, but several MAs can belong to a
given domain. The MA is unique within a given domain.

Example
The following command creates an MA with the VPN ID of 11:22:33 50 that associates
the domain spain and the VLAN accounting:

configure cfm domain spain add association vpn-id oui 11:22:33 index 50 vlan accounting

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm domain association add remote-mep

configure cfm domain domain_name association association_name add
remote-mep mepid { mac_address mac_address }

Description
Allows you to add a remote MEP with the given MEP ID and MAC address to an existing
association.

Syntax Description
domain_name Enter the domain associated with the MA you are
configuring.
association_name IEEE 802.1ag or ITU-T Y.1731 association name.
mepid Enter the MEP ID of the remote MEP being added. The
range is 1 to 8191.
mac_address Specifies the MAC address for the remote MEP being
added.

Default
N/A.

Usage Guidelines
Use this command to add a remote MEP with given MEP ID and MAC address to an
existing association. Use the show cfm detail command to verify your configuration.

Switch Engine™ Command Reference Guide for version 32.7.1 361

History Commands

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm domain association add

configure cfm domain domain_name association association_name [ports
port_list add [[end-point [up|down] mepid { group group_name } ] |
[intermediate-point]]

Description
This command allows you to create an up MEP, down MEP, intermediate-point (MIP)
on a maintenance association, a group. You can also combine different maintenance
points.

Combining different Maintenance points is restricted per the following:

• Up MEP and Down MEP in a single association is not allowed.
• Down MEP and MIP in a single association is not allowed.
• More than one Up MEP in a single association is not allowed.
• Up MEP and MIP in a single association is allowed.
• More than one Down MEP in a single association is allowed.
• A group can be created while creating a MEP.
• With CFM Support over VPLS, this command is used to associate pseudo wires of a
VPLS service instance to an association & domain.
• Portlist can have only one port configured for a MEP configuration but can have
multiple ports in MIP configuration, when Hwaoam is supported on the system.

Syntax Description
domain_name Enter the domain associated with the MA you are
configuring.
association_name IEEE 802.1ag or ITU-T Y.1731 association name.
port_list Specifies the port number(s).
up Enter the port to be the UP port of the MA; this MEP sends
CCM messages to all ports—other than the sending switch
port—in this MA on this switch.
down Enter the port to be the DOWN port of the MA; this MEP
sends CCM messages out of the configured physical port.
mepid Specifies a value for this MEP. The range is 1 to 8191.
NOTE: On each MA, each MEPID must be unique.

362 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

group CFM group that binds an LMEP to RMEPS. If not specified,

the client does not receive events from the respective
RMEPs.
group_name Group name, maximum of 31 characters.

Default
N/A.

Usage Guidelines
These ports must already be in the MA (VLAN or VMAN) prior to assigning a MEP
function to them. If you try to assign a port not in the MA as an end-point, the system
returns the following message:
The following port(s) <portlist> are not part of the associations VLAN.

Note
Ensure that you assigned the port number correctly to the UP MEP and to the
DOWN MEP, or the CCM messages go in the wrong direction.

Each MA needs at least two MEPs that can reach each other to exchange CCM
messages.

You can also combine different maintenance points. The following are CLI restrictions
on MP combinations:
• DOWN and UP MEP cannot be present on the same association
• DOWN MEP and MIP cannot be present on the same association
• UP MEP and MIP can be present on the same association
• Only one UP MEP is allowed in an association
• Multiple DOWN MEPs are allowed in an association

You can configure a total of 32 MIPs on a single switch.

Use the show cfm command to verify your configuration.

Example
The following command configures port 1:20 as a MIP on the 350 association in the
spain domain:

configure cfm domain spain association 350 ports 1:20 add intermediate-point

The following command configures port 5:10 to be the UP MEP on the test association
in the brazil domain, with a mepid of 500:

configure cfm domain brazil association test ports 5:10 add end-point up 500

Switch Engine™ Command Reference Guide for version 32.7.1 363

History Commands

History
This command was first available in ExtremeXOS 11.4.

This command was updated in ExtremeXOS 15.2 to include the optional group
parameter.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm domain association delete remote-mep

configure cfm domain domain_name association association_name delete
remote-mep mepid

Description
Allows you to delete a remote MEP for a specific MEP ID and MAC address.

Syntax Description
domain_name Enter the domain associated with the MA you are configuring.
association_nam IEEE 802.1ag or ITU-T Y.1731 association name.
e
mepid Enter the MEP ID of the remote MEP that is to be deleted.

Default
N/A.

Usage Guidelines
Use this command to delete a remote MEP of an MA for a specific MEP ID.

Use the show cfm detail command to verify your configuration.

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

364 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure cfm domain association delete

configure cfm domain association delete

configure cfm domain domain_name association association_name [ports
port_list delete [[end-point [up|down]] | [intermediate-point] ] ]

Description
Deletes a maintenance end point (MEP) or maintenance intermediate point (MIP) from
that MA.

Syntax Description
domain_name Enter the domain associated with the MA you are
configuring.
association_name IEEE 802.1ag or ITU-T Y.1731 association name
port_list Specifies the port number(s).
up Specifies that an UP MEP is to be deleted.
down Specifies that a DOWN MEP is to be deleted.

Default
N/A.

Usage Guidelines
Use this command to delete an MEP or MIP.

If the VPLS option is chosen then the CFM deletes all the VPLS-based MIPs.

Use the show cfm command to verify your configuration.

Example
The following command deletes port 5:12 as an MIP on the test association in the brazil
domain:

configure cfm domain brazil association test ports 5:12 delete intermediate-point

The following command deletes an UP MEP on port 5:10 on the test association in the
brazil domain:

configure cfm domain brazil association test ports 5:10 delete end-point up

History
This command was first available in ExtremeXOS 11.4.

Switch Engine™ Command Reference Guide for version 32.7.1 365

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm domain association destination-mac-type

configure cfm domain domain-name association association_name
destination-mac-type [unicast | multicast]

Description
Allows you to choose the destination MAC type for sending CFM PDUs for an MA.

Syntax Description
domain_name Enter the domain associated with the MA you are configuring.
association_nam IEEE 802.1ag or ITU-T Y.1731 association name.
e
unicast CFM PDUs are sent to the unicast MAC address configured in
static remote MEP creation.
multicast CFM PDUs are sent to the standard multicast destination address.

Default
Multicast.

Usage Guidelines
Use this command to change the MAC type on a previously configured MA. If multicast
is selected, CFM PDUs are sent to the standard multicast destination. If unicast is
selected, CFM PDUs are sent to the unicast MAC address configured in static remote
MEP creation.
Use the show cfm command to verify your configuration.

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm domain association end-point add group

configure cfm domain domain-name association association-name ports
port-list end-point [up | down] add group group_name

366 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
This command allows you to create a group for an existing local end-point.

Syntax Description
domain_name Enter the domain associated with the MA you are configuring.
association_nam IEEE 802.1ag or ITU-T Y.1731 association name.
e
port_list Enter the port number you want to configure as either an UP or
DOWN MEP.

Default
N/A.

Usage Guidelines
Use this command to add a group to the association.

Example

configure cfm domain "MD1" association "MD1v1" ports 17 end-point down add group
"eapsCfmGrp"

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm domain association end-point delete group

configure cfm domain domain_name association association_name ports
port_list end-point [up|down] delete group [group_name | all ]

Description
This command allows you to delete one or all groups.

Switch Engine™ Command Reference Guide for version 32.7.1 367

Syntax Description Commands

Syntax Description
domain_name Enter the domain associated with the MA you are configuring.
association_nam IEEE 802.1ag or ITU-T Y.1731 association name.
e
port_list Enter the port number you want to configure as either an UP or
DOWN MEP.
delete Delete configuration from the association

Default
N/A.

Usage Guidelines
Use this command to delete one or all groups from the association.

Example

configure cfm domain "MD1" association "MD1v1" ports 17 end-point down delete group
"eapsCfmGrp"

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm domain association end-point transmit-interval

configure cfm domain domain_name association association_name {ports
port_list end-point [up | down]} transmit-interval [3|10|100|1000|
10000|60000|600000]

Description
Allows you to change time interval for an MEP to send out a CCM. We recommend
configuring this value as at least 1 second.

Syntax Description
domain_name Enter the domain associated with the MA you are
configuring.
association_name IEEE 802.1ag or ITU-T Y.1731 association name.

368 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

port_list Enter the port number of the MEP on which you are
changing the time interval it sends out a CCM.
up Enter this variable if you are changing the time interval for
sending a CCM on an UP MEP.
down Enter this variable if you are changing the time interval for
sending a CCM on a DOWN MEP.

Default
1000 ms.

Usage Guidelines
Use this command to change the time interval between sending out CCMs on a
previously configured UP or DOWN MEP. If you attempt to change the interval on a
port that is either not an MEP or having wrong MEP type, the system returns an error
message.

Note
We recommend that you use a transmit interval of at least 1 second (1000 ms).

The receiving system also uses this value multiplied by 3.5 to determine when the MEP
is no longer alive.

Use the show cfm command to verify your configuration and the show cfm detail
command to display the configured lifetime.

Note
The transmit interval value “3” is 3.3 msec. Also, the values 60000 and 600000
are supported in hardware.

Example
The following command changes the interval the UP MEP (previously configured on
port 2:4) uses to send CCM messages on the 350 association in the finance domain to
10 seconds:

configure cfm domain finance association 350 ports 2:4 end-point up transmit-interval
10000

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 369

configure cfm domain association ports end-point ccm Commands

configure cfm domain association ports end-point ccm

configure cfm domain domain_name association association_name ports
port_list end-point [up | down ] ccm [disable | enable]

Description
This command is used to enable or disable sending CCMs on a given MEP.

Syntax Description
domain_name Enter the domain associated with the MA you are configuring.
association_nam IEEE 802.1ag or ITU-T Y.1731 association name.
e
port_list Enter the port number you want to configure as either an UP or
DOWN MEP.

Default
Enabled.

Usage Guidelines
Each MA needs at least two MEPs that can reach each other to exchange CCM
messages.

Note
Ensure that you assigned the port number correctly to the UP MEP and to the
DOWN MEP, or the CCM messages go in the wrong direction.

These ports must already be in the MA (VLAN or VMAN) prior to assigning a MEP
function to them. If you try to assign a port not in the MA as an end-point, the system
returns the following message:
The following port(s) <portlist> are not part of the associations VLAN.

Use the show cfm command to verify your configuration.

Example
configure cfm domain "MD1" association "MD1v1" ports 17 end-point down delete group
"eapsCfmGrp"

History
This command was first available in ExtremeXOS 12.3.

370 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm domain association ports end-point mepid

configure cfm domain domain-name association association_name ports
port_list end-point [up | down] mepid mepid

Description
Allows you to change the MEP ID for a previously configured MEP. Each MEP within a
single MA must have a unique MEP ID.

Syntax Description
domain_name Enter the domain associated with the MA you are configuring.
association_nam IEEE 802.1ag or ITU-T Y.1731 association name.
e
port_list Enter the port number you want to change the MEP ID.
up Enter this variable if you are changing the MEP ID on an UP MEP.
down Enter this variable if you are changing the MEP ID on a DOWN
MEP.
mepid Enter the new value for this MEP. The range is 1 to 8191.
NOTE: On each MA, each MEPID must be unique.

Default
N/A.

Usage Guidelines
Use this command to change the MEPID on a previously configured UP or DOWN MEP.
If you attempt to change the MEPID on a port that is either not an MEP or having
wrong MEP type, the system returns an error message.

Use the show cfm command to verify your configuration.

Example
The following command changes the MEP ID to 75 on the previously configured port
2:4 UP MEP on the 350 association in the finance domain:

configure cfm domain finance association 350 ports 2:4 end-point up mepid 75

Switch Engine™ Command Reference Guide for version 32.7.1 371

History Commands

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm domain association ports end-point sender-id-ipaddress

configure cfm domain domain_name association association_name ports
port_list end-point [up | down ] sender-id-ipaddress [disable |
enable ip-address]

Description
This command is used to disable or enable configuring the sender-id-ipaddress on a
given MEP.

Syntax Description
domain_name Enter the domain associated with the MA you are configuring.
association_nam IEEE 802.1ag or ITU-T Y.1731 association name.
e
port_list Enter the port number.
ip-address Specifies the IP address that is sent in the sender-id TLV of the
CFM PDUs.

Default
Disable.

Usage Guidelines
Each MA needs at least two MEPs that can reach each other to exchange CCM
messages.

Note
Ensure that you assigned the port number correctly to the UP MEP and to the
DOWN MEP, or the CCM messages go in the wrong direction.

You must create the MEP for which the configuration is being made before changing
the configuration. Otherwise, the following error message is displayed:
The following port(s) <portlist> are not part of the associations VLAN.

Use the show cfm command to verify your configuration.

372 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm domain association ports end-point

configure cfm domain domain_name association association_name ports
port_list end-point [up | down] [enable | disable]

Description
Enables or disables an MEP.

Syntax Description
domain_name Specifies the domain name.
association_nam IEEE 802.1ag or ITU-T Y.1731 association name.
e
port_list Specifies the ports to configure.
up Specifies that the end point is up.
down Specifies that the end point is down.

Default
MEP is enabled by default.

Usage Guidelines
Use this command to enable or disable an MEP.

Use the show cfm command to verify your configuration.

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 373

configure cfm domain association remote-mep mac-
address Commands

configure cfm domain association remote-mep mac-address

configure cfm domain domain-name association association_name remote-mep
mepid mac-address mac_address

Description
Allows you to modify the MAC address of an existing MEP.

Syntax Description
domain_name Enter the domain associated with the MA you are configuring.
association_nam IEEE 802.1ag or ITU-T Y.1731 association name.
e
mepid Specifies the MEP ID of the remote MEP being modified. The
range is 1 to 8191.
mac_address Specifies the MAC address for the remote MEP being modified.

Default
N/A.

Usage Guidelines
Use this command to modify a remote MEP with given MEP ID and MAC address in an
existing association. Use the show cfm detail command to verify your configuration.

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm domain delete association

configure cfm domain domain_name delete association association_name

Description
Deletes a maintenance association (MA), including all its configured values, from the
switch.

374 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
domain_name Enter the domain associated with the MA you are deleting.
association_name IEEE 802.1ag or ITU-T Y.1731 association name.

Default
N/A.

Usage Guidelines
When you delete an association, or MA, you also remove all its configured values from
the switch. These values include all configured MEPs, MIPs, and static remote MEPs.

Example
The following command deletes the MA test, in the domain of brazil, from the switch,
along with all its configured MIPs, MEPs, and static remote MEPs:

configure cfm domain brazil delete association test

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm domain md-level

configure cfm domain domain_name md-level level

Description
Changes a previously configured MD level for the specified domain.

Syntax Description
domain_name Enter the name of the domain for which you want to
change the MD level.
level Specifies the new MD level you are assigning to this
domain. Enter a value between 0 and 7.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 375

Usage Guidelines Commands

Usage Guidelines
You can have up to 8 domains on a switch, and each one must have a unique MD level.
Thus, a given MD level exists only once one a switch.

The IEEE standard 801.2ag specifies different levels for different network users, as
follows:
• 5 to 7 for end users
• 3 and 4 for Internet service providers (ISPs)
• 0 to 2 for operators (entities carrying the information for the ISPs)

Example
The following command changes the MD level of a previously created domain extreme
to 2:

configure cfm domain extreme md-level 2

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm group add rmep

configure cfm group group_name add rmep mepid

Description
This command allows you to create and associate an RMEP to a group.

Syntax Description
mepid Specifies the MEP ID of the remote MEP being created. The
range is 1 to 8191.

Default
N/A.

Usage Guidelines
Use this command to create and associate an RMEP to a group.

376 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example

configure cfm group “eapsCfmGroup” add rmep 2

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm group delete rmep

configure cfm group group_name delete rmep [mepid | all]

Description
This command allows you to delete one or all RMEPs from a group.

Syntax Description
mepid Specifies the MEP ID of the remote MEP being created. The
range is 1 to 8191.

Default
N/A.

Usage Guidelines
Use this command to delete one or all RMEPs from a group.

Example

configure cfm group “eapsCfmGroup” delete rmep 2

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 377

configure cfm segment add domain association Commands

configure cfm segment add domain association

configure cfm segment segment_name add domain domain_name association
association_name

Description
Adds a CFM domain and association to a CFM segment.

Syntax Description
segment_name An alpha numeric string identifying the segment name.
domain_name Specifies the IEEE 802.1ag maintenance domain.
association_name IEEE 802.1ag or ITU-T Y.1731 association name.

Default
N/A.

Usage Guidelines
Use this command to add a CFM domain and an association to a CFM segment. It is
used to enable DMM/DMR in the association that is configured in the CFM domain.

Example
The following command adds the domain cfm3 and the association as3 to the segment
s2.

configure cfm segment s2 add domain cfm3 association as3

To delete the domain and/or association, use the command, configure cfm segment
delete domain association.

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm segment delete domain association

configure cfm segment segment_name delete domain association

378 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Deletes a CFM domain from a CFM segment.

Syntax Description
segment_name An alpha numeric string identifying the segment name.

Default
N/A.

Usage Guidelines
Use this command to delete a CFM domain from a CFM segment.

Example
The following command deletes the domain and association from the segment s2.

configure cfm segment s2 delete domain association

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm segment dot1p

configure cfm segment segment_name dot1p dot1p_priority

Description
Configures the priority for the segment.

Syntax Description
segment-name An alpha numeric string identifying the segment name.
dot1p_priority Priority value that is set in the DMM/DMR. The range is 0 to
7.

Default
The default is 6.

Switch Engine™ Command Reference Guide for version 32.7.1 379

Usage Guidelines Commands

Usage Guidelines
Use this command to configure the dot1p priority that a DMM/DMR frame can get.

Example
The following example configures a dot1p priority of 3 for segment s2.
configure cfm segment s2 dot1p 3

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm segment frame-delay dot1p

configure cfm segment segment_name frame-delay dot1p dot1p_priority

Description
This command configures the class of service for a particular cfm segment. This value is
used to fill the dot1p priority bit in the Ethernet header during transmission.

If the optional keyword frame-delay is not specified, the same value of Dot1p will be
used for both DMM and LMM. The optional keyword allows configuring different values
for DMM and LMM.

Syntax Description
segment_name An alpha numeric string identifying the segment name.
dot1p_priority Priority value that is set in the DMM/DMR. The range is 0 to
7.

Default
N/A.

Usage Guidelines
Use this command to configure the class of service for a particular cfm segment.

Example

configure cfm segment frame-delay dot1p 4

380 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm segment frame-delay window

configure cfm segment segment_name frame-delay window window_size

Description
This command is used to configure the window size for calculating the alarm/clear
threshold values for DMM and Severely Errored Second (SES) threshold for LMM. This
window size denotes the total number of recent frames for which the threshold values
will be measured.

If the optional keyword frame-delay or frame-loss is not specified, the same value
of window size will be used for both DMM and LMM. The optional keyword allows
configuring values for DMM and LMM.

Syntax Description
segment_name Alphanumeric string identifying the segment name.
frame-delay Y.1731 Ethernet frame delay measurement.
window_size Window size for delay measurement; number of frames
1-1800 to be used.

Default
60.

Usage Guidelines
Use this command to configure the window size for calculating the alarm/clear
threshold values for DMM and Severely Errored Second (SES) threshold for LMM.

Example

configure cfm segment cs2 frame-delay window 1000

History
This command was first available in ExtremeXOS 15.1.

Switch Engine™ Command Reference Guide for version 32.7.1 381

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm segment frame-delay/frame-loss transmit interval

configure cfm segment segment_name {frame-delay | frame-loss} transmit-
interval interval

Description
Configures the delay between two consecutive DMM/LMM frames.

Syntax Description
segment_name Alphanumeric string identifying the segment name.
frame-delay Y.1731 Ethernet frame delay measurement.
frame-loss Y.1731 Ethernet frame loss measurement.
interval Trasmit interval in seconds, with a range of 1 to 90.

Default
N/A.

Usage Guidelines
Configures the delay between two consecutive DMM/LMM frames. The configured
delay would be for both continuous and on-demand transmission. This command is
optional, and if not configured, the default interval would be 10 seconds.

If the optional keyword frame-delay or frame-loss is not specified, the same value of
transmit-interval will be used for both DMM and LMM. The optional keyword allows
configuring different values for DMM and LMM.

Example

configure cfm segment cs2 frame-delay transmit-interval 10

configure cfm segment cs2 frame-loss transmit-interval 10

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all Universal switches supported in this document.

382 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure cfm segment frame-loss consecutive

configure cfm segment frame-loss consecutive

configure cfm segment segment_name frame-loss consecutive frames

Description
This command is used to configure the number of consecutive measurements to be
used to determine the availability status of a CFM segment.

Syntax Description
segment_name Alphanumeric string identifying the segment name.
frame-loss Y.1731 Ethernet frame loss measurement.

Default
10.

Usage Guidelines
This configuration is optional.

Example

configure cfm segment cs2 frame-loss consecutive 10

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm segment frame-loss dot1p

configure cfm segment segment_name frame-loss dot1p dot1p_priority

Description
This command configures the class of service for a particular cfm segment. This value is
used to fill the dot1p priority bit in the Ethernet header during transmission.

If the optional keyword frame-loss is not specified, the same value of Dot1p will be used
for both DMM and LMM. The optional keyword allows configuring different values for
DMM and LMM.

Switch Engine™ Command Reference Guide for version 32.7.1 383

Syntax Description Commands

Syntax Description
segment_name An alpha numeric string identifying the segment name.
dot1p_priority Priority value that is set in the DMM/DMR. The range is 0 to
7.

Default
N/A.

Usage Guidelines
Use this command to configure the class of service for a particular cfm segment.

Example

configure cfm segment frame-loss dot1p 4

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm segment frame-loss mep

configure cfm segment segment_name frame-loss [add|delete] mep mep_id

Description
This command is used to add/delete the local MEP for a given CFM segment.

Syntax Description
segment_name Alphanumeric string identifying the segment name.
frame-loss Y.1731 Ethernet frame loss measurement.

Default
N/A.

384 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
The MEP with the given MEP ID should already be created in the system. The domain
and association for the segment should be configured before executing this command.
If the domain and association are not configured, the command throws an error.

Configuring of local MEP is mandatory to start the Frame Loss measurements.

Example

configure cfm segment cs2 add mep 3

configure cfm segment cs2 delete mep 3

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm segment frame-loss ses-threshold

configure cfm segment segment_name frame-loss ses-threshold percent

Description
This command is used to configure the percentage of frames lost in a measurement
period for it to be marked as SES (Severely Errored Second).

Syntax Description
segment_name Alphanumeric string identifying the segment name.
ses Severely errored second.
frame-loss Y.1731 Ethernet frame loss measurement.

Default
30%.

Usage Guidelines
This configuration is optional.

Switch Engine™ Command Reference Guide for version 32.7.1 385

Example Commands

Example

configure cfm segment cs2 frame-loss ses-threshold .02

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm segment frame-loss window

configure cfm segment segment_name frame-loss window window_size

Description
This command is used to configure the window size for calculating the alarm/clear
threshold values for DMM and Severely Errored Second (SES) threshold for LMM. This
window size denotes the total number of recent frames for which the threshold values
will be measured.

If the optional keyword frame-delay or frame-loss is not specified, the same value
of window size will be used for both DMM and LMM. The optional keyword allows
configuring values for DMM and LMM.

Syntax Description
segment_name Alphanumeric string identifying the segment name.
frame-loss Y.1731 Ethernet frame loss measurement.
window_size Window size for loss measurement; number of frames
1-1800 to be used.

Default
1200.

Usage Guidelines
Use this command to configure the window size for calculating the alarm/clear
threshold values for DMM and Severely Errored Second (SES) threshold for LMM.

Example

configure cfm segment cs2 frame-loss window 900

386 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm segment threshold

configure cfm segment segment_name [alarm-threshold | clear-threshold]
value

Description
Configures the alarm threshold and clear threshold.

Syntax Description
alarm-threshold Specifies the minimum threshold percentage.
clear-threshold Specifies the maximum threshold percentage.
value Specified the threshold percentage in a range of 1-99%.

Default
Alarm threshold is 10% of the total frames received during the current window.

Clear-threshold is 95% of the total frames received during the current window.

Usage Guidelines
Use this command to configure the alarm and clear threshold value for a CFM
segment. Upon reaching the alarm threshold, an error message is generated and
displayed once, and the state is maintained until the threshold reaches the clear
threshold value.

This command is optional, and if not configured the default intervals are used.

Example
The following commands configure an alarm threshold of 15% and a clear-threshold of
90% for segment-first.

configure cfm segment segment-first alarm-threshold 15

configure cfm segment segment-first clear-threshold 90

Switch Engine™ Command Reference Guide for version 32.7.1 387

History Commands

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm segment timeout

configure cfm segment segment_name timeout msec

Description
Configures the timeout for a segment.

Syntax Description
segment_name An alpha numeric string identifying the segment name.
msec Specifies the number of milliseconds. The range is 1 to
65535.

Default
50 milliseconds.

Usage Guidelines
Use this command to configure the timeout value for the reception of a DMR frame. If
a DMR frame is not received within this specified time, that frame is considered as an
errored frame, and if the number of errored frames reaches the alarm threshold of the
current window size, an alarm is generated.

This command is optional, and if not configured, timeout is set to the default.

Example
The following command configures a timeout value of 45 milliseconds for the s4
segment:

configure cfm segment s4 timeout 45

History
This command was first available in ExtremeXOS 12.3.

388 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure cfm segment transmit-interval

configure cfm segment segment_name {frame-delay | frame loss}transmit-
interval interval

Description
Configures the transmission interval of DMM frames.

Syntax Description
segment_name An alpha numeric string identifying the segment name.
frame-delay Y.1731 Ethernet Frame Delay Measurement.
frame loss Y.1731 Ethernet Frame Loss Measurement.
interval Specifies the transmit interval in seconds. The range is 1 to
90.

Default
10 seconds.

Usage Guidelines
Use this command to configure the delay between two consecutive DMM frames. The
configured delay is for both continuous and on-demand transmission. This command is
optional, and if not configured the default interval is used.

Example
The following example configures a transmission interval of 5 seconds for segment s2.
configure cfm segment s2 transmit-interval 5

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 389

configure cfm segment window Commands

configure cfm segment window

configure cfm segment segment_name window size

Description
Configures the measurement window size.

Syntax Description
segment_name An alpha numeric string identifying the segment name.
size Specifies the number of frames to be used for delay
measurement. The range is 1 to 1800.

Default
60 frames.

Usage Guidelines
Use this command to configure the window size to be used for calculating the
threshold values. This window size denotes the total number of recent frames for which
the threshold values are to be measured.

This is an optional command and if not configured, the lower of either the default value
or the total number of frames sent is used.

Note
MEPs with intervals 3 and 10 cannot be created in this domain as the domain
name format is of dns type.

Example
The following command configures the measurement window size for the CFM
segment segment-first at 55:

configure cfm segment segment-first window 55

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is available on all Universal switches supported in this document.

390 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure cli

configure cli
configure cli [{ lines height } {columns width }]

Description
This command configures the number of lines and columns for the current login
session only.

Syntax Description
lines Number of lines on the screen.
height Height of the screen.
columns Number of columns on the screen.
width Width of the screen.

Default
N/A.

Usage Guidelines
The screen size specified takes effect over whatever screen size the session may
have started with or whatever the current settings may be. If the terminal emulation
supports dynamic resizing of the window, this will cause the size set by this command
to be overriden. The command accepts either lines or columns or both in either order.

Example
The show management command has been enhanced to display the current screen
size:
# show management
CLI idle timeout : Enabled (20 minutes)
CLI max number of login attempts : 3
CLI max number of sessions : 8
CLI paging : Enabled (this session only)
CLI space-completion : Disabled (this session only)
CLI configuration logging : Disabled
CLI password prompting only : Disabled
CLI scripting : Disabled (this session only)
CLI scripting error mode : Ignore-Error (this session only)
CLI persistent mode : Persistent (this session only)
CLI prompting : Enabled (this session only)
CLI screen/window size : 80 Lines 256 Columns (this session only)
CLI refresh : Enabled
Telnet access : Enabled (tcp port 23 vr all)
: Access Profile : not set
SSH Access : ssh module not loaded.
Web access : Enabled (tcp port 80)
: Access Profile : not set
Total Read Only Communities : 1

Switch Engine™ Command Reference Guide for version 32.7.1 391

History Commands

Total Read Write Communities : 1

RMON : Disabled
SNMP access : Enabled
: Access Profile : not set
SNMP Notifications : Enabled
SNMP Notification Receivers : None
SNMP stats: InPkts 0 OutPkts 0 Errors 0 AuthErrors
0
Gets 0 GetNexts 0 Sets 0 Drops 0
SNMP traps: Sent 0 AuthTraps Enabled
SNMP inform: Sent 0 Retries 0 Failed 0

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cli journal

configure cli journal size size

Description
This command configures the size of the historical list (journal) of the most recently
executed CLI commands.

Syntax Description
journal List of the most recently executed CLI commands.
size size Configures the size (number) of remembered commands.
Range is 50 to 200 (default = 100).

Default
One hundred commands are preserved in the journal by default.

Usage Guidelines
The journal retains as many as 200 of the most recently executed commands along
with the timestamp and user name. Commands are saved even after logging off,
rebooting, or switch crashes.

To view the journal, use the show cli journal command.

392 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example sets the journal size to 150:
configure cli journal size 150

History
This command was first available in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cli max-failed-logins

configure cli max-failed-logins num-of-logins

Description
Establishes the maximum number of failed logins permitted before the session is
terminated.

Syntax Description
num-of-logins Specifies the maximum number of failed logins permitted; the
range is 1 to 10.

Default
The default is three logins.

Usage Guidelines
The value must be greater than 0; the range is 1 to 10.

Example
The following command sets the maximum number of failed logins to five:

configure cli max-failed-logins 5

History
This command was first available in ExtremeXOS 10.1.

Switch Engine™ Command Reference Guide for version 32.7.1 393

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure cli max-sessions

configure cli max-sessions num-of-sessions

Description
Limits number of simultaneous CLI sessions on the switch.

Syntax Description
num-of-sessions Specifies the maximum number of concurrent sessions
permitted. The range is 1 to 16.

Default
The default is eight sessions.

Usage Guidelines
The value must be greater than 0; the range is 1 to 16.

Example
The following command limits the number of simultaneous CLI sessions to ten:

configure cli max-sessions 10

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cli mode

configure cli mode [persistent | non-persistent]

Description
Configures the persistent nature of command execution for non-persistent commands.

394 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
persistent Configures command execution to be persistent.
non-persistent Configures command execution to be not persistent.

Default
The default mode is non-persistent.

Usage Guidelines
All ExtremeXOS commands can operate in persistent mode, and a subset of the
ExtremeXOS command set can operate in non-persistent mode. Commands that are
executed in persistent mode become part of the saved switch configuration that
persists when the switch is rebooted. Commands that are executed in non-persistent
mode configure temporary changes that are not saved in the switch configuration and
do not persist when the switch is rebooted.

Most commands operate only in persistent mode. The subset of commands that
operate in non-persistent mode are called non-persistent-capable commands. The
Universal Port feature uses the non-persistent-capable commands to configure
temporary changes that could create security issues if the switch were rebooted or
reset. The use of non-persistent-capable commands in scripts and Universal Port
profiles allows you to make temporary configuration changes without affecting the
default configuration the next time the switch is started.

The configure cli mode command affects only the non-persistent-capable commands,
which are listed in the Universal Port chapter in the Switch Engine 32.7.1 User Guide. By
default, all commands operate in persistent mode with the following exceptions:
• In Universal Port dynamic profiles, the non-persistent-capable commands operate
in non-persistent mode unless preceded by the configure cli mode persistent
command in the profile.
• In the CLI, CLI scripts, and static profiles, the non-persistent-capable commands
operate in non-persistent mode only when preceded by the configure cli mode
non-persistent command.

You can use the configure cli mode persistent command and the configure cli mode
non-persistent command to change the mode of operation for non-persistent-capable
commands multiple times within a script, profile, or configuration session.

Example
The following example sets command execution to be persistent:
configure cli mode persistent

History
This command was first available in ExtremeXOS 11.6.

Switch Engine™ Command Reference Guide for version 32.7.1 395

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure cli mode scripting

configure cli mode scripting [abort-on-error | ignore-error]

Description
Configures the error handling process for CLI scripting on the switch.

Syntax Description
abort-on-error Configures Cli scripts to be aborted if a CLI error occurs.
ignore-error Configures the script to be executed when CLI errors occur.

Default
CLI: ignore-error Static profiles: abort-on-error Dynamic profiles: abort-on-error

Usage Guidelines
You can change the error-handling options within the scripts.

Example
The following command configures the switch to ignore syntax errors in CLI scripts:

configure cli mode scripting ignore-error

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cli moved-keywords

configure cli moved-keywords [hide | show {no-help}]

Description
Controls how old keywords that have been moved and redefined appear in the CLI.

396 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
cli Configures aspects of the CLI.
moved-keywords Selects CLI keywords that were moved or processing
options that were renamed.
hide Deprecates old-moved keywords to hide them from help
display.
show Shows old-moved keywords and corresponding redirection
help text. (Default)
no-help Shows old-moved keywords, but does not show redirection
help text.

Default
By default, the show option is in effect.

Usage Guidelines
ExtremeXOS has evolved and incorporated many new features over time. During this
development, CLI keywords have been introduced that are not logically organized or
do not conform to the CLI format standards. This command provides a way to manage
how old keywords that have been moved and redefined appear in the CLI.

The option you select with this command, and if you elect to hide commands, which
version of ExtremeXOSversion was running when the hide command was issued,
appear in the output of the show management.

Example
The following example shows old commands and displays help text:
# configure cli moved-keywords show

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cli password prompting-only

configure cli password prompting-only [ on | off ]

Switch Engine™ Command Reference Guide for version 32.7.1 397

Description Commands

Description
This command allows you to configure prompting (with no echo) for all passwords,
secrets, or keys.

Syntax Description
prompting-only Prompting is required when entering passwords, keys, and
secrets. The default is off.
on Enable the option.
off Disable the option.

Default
Off.

Usage Guidelines
Use this command to configure prompting (with no echo) for all passwords, secrets,
or keys. Each CLI command with password arguments will be modified to use
the new mode (designated with flags="prompting-only" in the CLI syntax attribute
specification). Prompting must be handled in the action script for that command.

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cli script path

configure cli script path path

Description
Creates a search path for the run/load script filename command.
.

Syntax Description
path Defines the colon-separated list of directories to search for
CLI scripts. Default is .:/usr/local/cfg.

398 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
.:/usr/local/cfg

Usage Guidelines
This setting only applies to the current session. This command must be added to
exshrc.xsf in order to be persistent.

Example
The following example configures the default script search path:
configure cli script path

History
This command was first available in ExtremeXOS 31.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cli script timeout

configure cli script timeout timeout

Description
Configures the maximum time a script can run.

Syntax Description
timeout Defines the timeout period in seconds.

Default
Regular script: no time limit default.xsf: 500 seconds autoexec.xsf: 500 seconds

Usage Guidelines
This command configures the maximum run time for all scripts, including default.xsf
and autoexec.xsf, which are described in Software Upgrade and Boot Options section in
the Switch Engine 32.7.1 User Guide. If no timeout period is configured, regular scripts
do not timeout, and the default.xsf and autoexec.xsf scripts time out after 500 seconds.

If a script does not finish running in the configured time, command execution stops
and an error message is logged. If the timer expires while a command is executing, the
command execution continues and all following commands are not executed.

Switch Engine™ Command Reference Guide for version 32.7.1 399

Example Commands

If the timer command is executed inside a script, the timer is reset. If the command
is issued more than once inside a script the last timer command executed resets the
timer. The timer is valid only for that session. The use of nested scripts does not extend
the execution period. When the parent script reaches the timeout value, the parent
script and all nested scripts terminate.

To configure a different timeout value for autoexec.xsf or default.xsf, the configure cli
script timeout command should be the first command in the script.

When a script timeout value is configured, the following variables are created:
$CLI.SCRIPT_TIMEOUT and $CLI.SCRIPT_TIME_REMAINING. If no timeout value is
configured for a session, the variables are not created.

You can use the $CLI.SCRIPT_TIMEOUT variable to adjust the timeout value. The
$CLI.SCRIPT_TIME_REMAINING variable returns the time remaining. When a timeout
value is configured, the variable values are as follows:
• If no script is running, both $CLI.SCRIPT_TIME_REMAINING and
$CLI.SCRIPT_TIMEOUT show the configured timeout value.
• If a script is aborted due to timeout, the $CLI.SCRIPT_TIME_REMANING variable
returns the value0.
• If a script finishes execution (before the timeout value is reached) the
$CLI.SCRIPT_TIME_REMANING variable returns the remaining time.

Example
The following example configures the switch to terminate a script after 120 seconds:
configure cli script timeout 120

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cos-index
configure cos-index cos_index [{ qosprofile qosprofile } {ingress-meter
ing_meter } {replace-tos tos_value {mask tos_mask}}]

Description
This command is used to configure the CoS (Class of Service) index, which is used to
assign QoS (Quality of Service) rate-shaping, rate-limiting, flood control, and 802.1p.

400 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
cos_index Class of Service (CoS) index value, range 0 - 255.
qosprofile QoS profile.
qosprofile QoS profile name.
ingress-meter Ingress rate-limiter meter.
ing_meter Ingress rate-limiter meter name.
replace-tos Replace TS value.
tos_value TOS replacement value.
mask TOS replacement mask.
tos_mask TOS replacement mask value.

Default
N/A.

Usage Guidelines
The CoS index (0-255) is used to assign QoS rate-shaping, rate-limiting, flood control,
and 802.1p. The TOS value can be a value from 0-255. The TOS mask option allows for
only certain bits of the field, those masked, to be change. If the mask is not specified
in the ToS input, all bits are overwritten. The replace-dot1p value cannot be set for CoS
indexes 0-7.

For indexes 0-7, the replace-tos option for the cos-index command will map to the
configure diffserv commands, which are associated with the qosprofile, assigned
through the configure dot1p command. Note that diffserv only replaces bits 0-5 of
the TOS byte. Therefore, the replace-tos mask is fixed to 0xfc for cos-index 0-7 and the
equivalent diffserv replace value is shifted left 2 bits. On some platforms, the hardware
only allows replacement of bits 0-5. In which case, the mask is fixed to 0xfc and will
result in an error if the user tries to change the mask.

Example
configure cos-index 51 qosprofile qp2 ingress-meter ingmeter2 replace-tos 64

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 401

configure database add server Commands

configure database add server

configure database database_name add server [host_name | ip_address]
{port port_number} {password [encrypted encrypted_password |
password ]}

Description
Adds a server to an Automation Edge remote VXLAN Network Identifier (VNI)-device
database.

Syntax Description
database Adds a server to a remote VNI-database.
database_name Adds a server to the named database.
add Adds a server to the database.
server Adds a server to the database.
host_name Provides hostname of the remote database server.
ip_address Provides the IP address of the remote server.
port Configures the server TCP port number.
port_number Specifies the server TCP port number. The default is 6,379.
password Specifies providing a password for the database.
encrypted Specifies providing an encrypted password for the
database.
encrypted_password Provides the encrypted password.
password Provides the password.

Default
If not specified, the server TCP port number is 6,379.

Usage Guidelines
N/A.

Example
The following example adds a server at location 1.1.1.2 with password "secretpassword"
to the database "database1":
# configure database database1 add server 1.1.1.2 password secretpassword

History
This command was first available in ExtremeXOS 31.1 as a demonstration feature.

402 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

This command is fully supported in ExtremeXOS 31.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure database delete server

configure database database_name delete server [host_name | ip_address |
all]

Description
Deletes a server from an Automation Edge remote VXLAN network identifier (VNI)-
device database.

Syntax Description
database Deletes server from a remote VNI-database.
database_name Deletes server from the named database.
delete Deletes a server from the database.
server Deletes a from to the database.
host_name Specifies the hostname of the server to delete from the
database.
ip_address Specifies the IP address of the server to delete from the
database.
all Specifes deleting all servers from the database.

Default
N/A.

Usage Guidelines
N/A.

Example
The following example deletes a server at location 1.1.1.2 from database "database1":
# configure database database1 delete server 1.1.1.2

History
This command was first available in ExtremeXOS 31.1 as a demonstration feature.

This command is fully supported in ExtremeXOS 31.2.

Switch Engine™ Command Reference Guide for version 32.7.1 403

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure database max-retry-interval

configure database max-retry-interval retry_interval

Description
Specifies the maximum value for exponentially increasing time interval between retries
for an Automation Edge remote VXLAN network identifier (VNI)-device database.

Syntax Description
database Makes time interval retries remote VNI-database.
max-retry-interval Specifies setting the maximum value for exponentially
increasing time interval between retries.
retry_interval Specifies the value for the maximum time interval between
retries in seconds. The default is 600. The range is 1 to 3,600.

Default
If not specified, the maximum retry interval is 600 seconds.

Usage Guidelines
N/A.

Example
The following example sets the maximum retry interval to 800 seconds:
# configure database max-retry-interval 800

History
This command was first available in ExtremeXOS 31.1 as a demonstration feature.

This command is fully supported in ExtremeXOS 31.2.

Platform Availability
This command is available on all Universal switches supported in this document.

404 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure database server password

configure database server password

configure database database_name server [host_name | ip_address]
password [encrypted encrypted_password | password ]

Description
Updates an existing Automation Edge server in a remote VXLAN Network Identifier
(VNI)-device database with a new password.

Syntax Description
database Specifies the server of a database for a password change.
database_name Specifies the server of the named database for a password
change.
server Specifies the server for a password change.
host_name Provides hostname of the remote database server.
ip_address Provides the IP address of the remote server.
password Specifies providing a password for the database.
encrypted Specifies providing an encrypted password for the
database.
encrypted_password Provides the encrypted password.
password Provides the password.

Default
N/A.

Usage Guidelines
N/A.

Example
The following example changes the password for the server at location 1.1.1.2 to
"differentpassword" in the database "database1":
# configure database database1 server 1.1.1.2 passwor differentpassword

History
This command was first available in ExtremeXOS 31.1 as a demonstration feature.

This command is fully supported in ExtremeXOS 31.2.

Switch Engine™ Command Reference Guide for version 32.7.1 405

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure debug core-dumps

configure debug core-dumps [ off | directory_path]

Description
Enables or disables the sending of core dump files to the internal memory or a USB 2.0
storage device.

Syntax Description
off Specifies that the switch does not save core dump files to memory
or to removable storage devices.
directory_path Directory path (USB is /usr/local/ext; internal memory is /usr/
local/tmp (default); and home directory is /usr/local/cfg.

Default
Beginning with ExtremeXOS 11.6, core dumps to internal memory (/usr/local/tmp) is
enabled by default.

Usage Guidelines
Note
Use this command only under the guidance of Extreme Networks Technical
Support personnel to troubleshoot the switch.

The switch only generates core dump files and writes them to the specified device in
the following situations:
• If an ExtremeXOS process fails.
• When forced under the guidance of Extreme Networks Technical Support.

If you configure the switch to write core dump files to the internal memory and
attempt to download a new software image, you might have insufficient space to
complete the image download. If this occurs, move or delete the core dump files from
the internal memory. For example, if the switch supports a removable storage device
that has space available, transfer the files to the device. On switches without removable
storage devices, transfer the files from the internal memory card to a TFTP server. This
frees up space on the internal memory card while keeping the core dump files.

Before you can enable and save debug information to a removable storage device,
you must install the device. For more information about installing a removable storage
device, refer to the hardware documentation.

406 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Stackables in Stack Mode

After you use the eject usb-device command and manually remove a USB device,
you are prompted to select another location to write the debug files to.

Stackables in Stack Mode

This command works only from the master node. If you enable it on stack master, it is
applicable for all nodes.

Example
The following example enables a switch to save debug information to a USB device:
configure debug core-dumps /usr/local/ext

The following example enables the switch to save debug information to internal
memory:
configure debug core-dumps /usr/local/tmp

History
This command was first available in ExtremeXOS 11.1.

The internal-memory parameter was added in ExtremeXOS 11.2.

Support for USB 2.0 storage devices was added in ExtremeXOS 12.5.3.

The options memorycard and internal-memory were removed and the variable
directory_path was added in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure dhcp ipv6 client identifier-type

configure dhcp ipv6 client identifier-type [ link-layer {plus-time} |
vendor-specific

Description
This command configures the DHCPv6 client identifier type for the client. A DHCP
server uses this identifier-type to identify clients for the selection of configuration
parameters.

Syntax Description
dhcp Configure DHCP
ipv6 Configure DHCP IPv6 client

Switch Engine™ Command Reference Guide for version 32.7.1 407

Default Commands

client Configure DHCP IPv6 client

identifier-type Configure DHCP IPv6 client identifier type
link-layer Configure link-layer address (system MAC) as DHCP IPv6
client identifier
plus-time Configure link-layer address plus current time as DHCP
IPv6 client identifer
vendor-specific Configure DHCP IPv6 client identifier by prepending the
vendor-specific IANA value

Default
IPv4.

Usage Guidelines
Use this command to configure the DHCPv6 client identifier type for the client.

History
This command was first available in ExtremeXOS 15.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure diagnostics privilege

configure diagnostics privilege [admin | user]

Description
This command configures the user privilege level needed to view diagnositc results.

Syntax Description
privilege Configure minimum privilege level needed to view
diagnostic results.
admin Only admin (read-write) accounts can view diagnostic
results.
user User (read-only) accounts can view diagnostic results also
(default).

Default
User.

408 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use this command to configure the privilege level required to view diagnostic results.

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure diffserv examination code-point qosprofile

configure diffserv examination code-point code_point {qosprofile}
qosprofile

Description
Configures the default ingress DiffServ code point (DSCP) to QoS profile mapping.

Syntax Description
code-point Specifies a DiffServ code point (a 6-bit value in the IP-TOS byte
in the IP header). Supported values are 0 to 63.
qosprofile Specifies the QoS profile to which the DiffServ code point is
mapped.

Default
See Table 4 below.

Usage Guidelines
You can specify up to 64 different code points for each port. Code point values are
grouped and assigned to the default QoS profiles as shown in the following table.

Table 4: Default DiffServ Code Point-to-QoS Profile Mapping

Code Point ExtremeSwitching Series Switches QoSProfile
0-7 QP1
8-15 QP1
16-23 QP1
24-31 QP1
32-39 QP1
40-47 QP1

Switch Engine™ Command Reference Guide for version 32.7.1 409

Example Commands

Table 4: Default DiffServ Code Point-to-QoS Profile Mapping (continued)

Code Point ExtremeSwitching Series Switches QoSProfile
48-55 QP1
56-63 QP8

Example
The following command specifies that code point 25 be assigned to QP2:
# configure diffserv examination code-point 25 qosprofile qp2

History
This command was first available in ExtremeXOS 11.0.

The ports keyword was first available in ExtremeXOS 12.2.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure diffserv replacement code-point

configure diffserv replacement [{qosprofile} qosprofile | priority
priority] code-point code_point

Description
Configures the egress Diffserv replacement mapping for either a QoS profile or an
802.1p priority value.

Syntax Description
qosprofile Specifies a QoS profile.
priority Specifies an 802.1p priority value to map to a code point.
code_point Specifies a 6-bit value to be used as the replacement DSCP
in the IPv4 or IPv6 header.

Default
N/A.

410 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Note
We recommend that you use the qosprofile qosprofile value to configure this
parameter.

Egress packets contain the DSCP assigned to the QoS profile, which can be selected by
the 802.1p code point or by an ACL. The default 802.1p priority value to QoS profile to
DSCP mapping is shown in the following table.

Table 5: Default QoS Profile-to-802.1p Priority Value-to-Code Point

802.1p Priority Value ExtremeSwitching Series Switches QoS DSCP
Profile
0 QP1 0
1 QP1 8
2 QP1 16
3 QP1 24
4 QP1 32
5 QP1 40
6 QP1 48
7 QP8 56

Example
The following command specifies that a code point value of 5 should be used to replace
the DiffServ (TOS) bits in packets in QP2:
# configure diffserv replacement qosprofile qp2 code-point 5

History
This command was first available in ExtremeXOS 11.0.

The ports keyword was first available in ExtremeXOS 12.2.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure dns cache analytics [add | delete] protected-client

configure dns cache analytics [add | delete]protected-client [client_ip
netmask | ipNetmask] {{vr} vr_name}

Switch Engine™ Command Reference Guide for version 32.7.1 411

Description Commands

Description
Configures the protected client list for the Domain Name System (DNS) cache analytics
for the virtual router (VR).

Syntax Description
dns Domain Name System.
cache Specifies configuring DNS cache.
analytics Specifies configuring DNS cache analytics.
add Specifies adding to the protected client list.
delete Specifies deleting from the protected client list.
protected-client Specifies configuring the protected client list.
client_ip Specifies the IPv4 network address of the protected client.
netmask Specifies the IP address netmask of the protected client.
ipNetmask Specifies the IP address/mask length of the protected
client.
vr Specifies the VR.
vr_name Specifies the VR name. If not specified, the VR of the
current command context is used.

Default
If not specified, by default the VR of the current command context is used.

Usage Guidelines
Administrators can use this command to restrict the collection of DNS analytics for a
protected client. When you configure the client IP subnet in the protected list, DNS
queries from configured protected clients are erased from the analytics database and
future queries are not stored.

Example
The following example adds the client at IP address 192.168.3.3 on VR-Default to the
protected client list:
# configure dns cache analytics add protected-client 192.168.3.3 255.255.255.255 VR-
Default

or
# configure dns cache analytics add protected-client 192.168.3.3/32 VR-Default

The following example adds the subnet 192.168.3.0 on VR-Default to the protected client
list:
# configure dns cache analytics add protected-client 192.168.3.0 255.255.255.0 VR-Default

412 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

or
# configure dns cache analytics add protected-client 192.168.3.0/24 VR-Default

The following example removes the client 192.168.3.3 on VR-Default from the protected
client list:
# configure dns cache analytics delete protected-client 192.168.3.3 255.255.255.255 VR-
Default

or
# configure dns cache analytics delete protected-client 192.168.3.3/32 VR-Default

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure dns cache add | delete name-server

configure dns cache [add | delete ] name-server ip_address {{vr}
vr_name}

Description
Adds or deletes a Domain Name System (DNS) name server.

Syntax Description
dns Domain Name System.
cache Specifies adding or deleting DNS name server.
add Specifies adding a name server.
delete Specifies deleting a name server.
name-server Specifies adding or deleting a DNS name server.
ip_address Specifies the IP address of the DNS name server.
vr Configures the VR on which the DNS name server is
accessible.
vr_name Specifies the VR on which the DNS name server is
accessible. If not specified, the VR of the current command
context is used.

Default
If no VR name is specified, the VR of the current command context is used.

Switch Engine™ Command Reference Guide for version 32.7.1 413

Usage Guidelines Commands

Usage Guidelines
You can configure a maximum of 8 name servers.

To view the current DNS name servers, use the command show dns cache name-
server.

Example
The following example adds a DNS name server located at 1.1.1.2:
# configure dns cache add name-server 1.1.1.2

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure dns cache analytics

configure dns cache analytics [{timeout minutes} {max-entries
max_entries}]

Description
Configures Domain Name System (DNS) cache analytics.

Syntax Description
dns Domain Name System.
cache Specifies DNS cache.
analytics Specifies configuring DNS analytics.
timeout Specifies setting the timeout period for analyzed DNS
queries. After this time, existing entries are flushed.
minutes Specifies the timeout value in minutes. The range is 1 to
1,440. The default is 1,440.
max-entries Specifies the maximum number of analyzed DNS queries
in the database. When this limit is met, new entries start
replacing old entries.
max_entries Specifies the value for the maximum analyzed queries. The
range is 1,000 to 10,000. The default is 10,000.

Default
The default for the timeout period is 1,440 minutes.

414 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

The default for the maximum number of entries is 10,000.

Usage Guidelines
If query Q1 is learned at time t1 and the timeout period is configured as 5 minutes, this
entry is removed within t1 + 5 minutes.

To manually clear the DNS cache analytics, use the command clear dns cache
analytics entries {{vr} vr_name}.

Example
The following example sets the maximum number of entries to 2,000:
# configure dns cache analytics max-entries 2000

The following example sets the timeout period to 500 minutes:

# configure dns cache analytics timeout 500

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure dns-client add

configure dns-client add [domain-suffix domain_name | name-server
ip_address {vr vr_name}]

Syntax Description
domain-suffix Specifies adding a domain suffix.
domain_name Specifies a domain name.
name-server Specifies adding a name server.
ip_address Specifies an IP address for the name server.
vr Specifies use of a virtual router.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document..

vr_name Specifies a virtual router.

Switch Engine™ Command Reference Guide for version 32.7.1 415

Description Commands

Description
Adds a domain suffix to the domain suffix list or a name server to the available server
list for the DNS client.

Default
N/A.

Usage Guidelines
The domain suffix list can include up to six items.

If the use of all previous names fails to resolve a name, the most recently added entry
on the domain suffix list will be the last name used during name resolution. This
command will not overwrite any exiting entries. If a null string is used as the last suffix
in the list, and all other lookups fail, the name resolver will attempt to look up the name
with no suffix.

Up to eight DNS name servers can be configured. The default value for the virtual
router used by the DNS client option is VR-Default.

Example
The following command configures a domain name and adds it to the domain suffix
list:
configure dns-client add domain-suffix xyz_inc.com

The following command specifies that the switch use the DNS server 10.1.2.1:
configure dns-client add name-server 10.1.2.1

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure dns-client default-domain

configure dns-client default-domain domain_name

Description
Configures the domain that the DNS client uses if a fully qualified domain name is not
entered.

416 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
domain_name Specifies a default domain name.

Default
N/A.

Usage Guidelines
The default domain name will be used to create a fully qualified host name when a
domain name is not specified.

For example, if the default domain name is set to “food.com” then when a command
like “ping dog” is entered, the ping will actually be executed as “ping dog.food.com”.

Example
The following command configures the default domain name for the server:

configure dns-client default-domain xyz_inc.com

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure dns-client delete

configure dns-client delete [domain-suffix domain_name | name-server
ip_address {vr vr_name}]

Description
Deletes a domain suffix from the domain suffix list or a name server from the available
server list for the DNS client.

Syntax Description
domain-suffix Specifies deleting a domain suffix.
domain_name Specifies a domain name.
name-server Specifies deleting a name server.
ip_address Specifies an IP address for the name server.

Switch Engine™ Command Reference Guide for version 32.7.1 417

Default Commands

vr Specifies deleting a virtual router.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

vr_name Specifies a virtual router.

Default
N/A.

Usage Guidelines
Specifying a domain suffix removes an entry from the domain suffix list.

If the deleted item was not the last entry in the list, all items that had been added later
are moved up in the list. If no entries in the list match the domain name specified, an
error message will be displayed.

The default value for the virtual router used by the DNS client option is VR-Default.

Example
The following example deletes a domain name from the domain suffix list:
configure dns-client delete domain-suffix xyz_inc.com

The following example removes a DNS server from the list:

configure dns-client delete name-server 10.1.2.1

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure dos-protect acl-expire

configure dos-protect acl-expire seconds

Description
Configures the denial of service protection ACL expiration time.

418 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
seconds Specifies how long the ACL is in place.

Default
The default is 5 seconds.

Usage Guidelines
This command configures how long the DoS protection ACL remains in place.

Example
This example sets the ACL expiration time to 15 seconds:

configure dos-protect acl-expire 15

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure dos-protect interval

configure dos-protect interval seconds

Description
Configures the denial of service protection interval.

Syntax Description
seconds Specifies how often the DoS protection counter is
monitored.

Default
The default is one second.

Usage Guidelines
This command configures how often the DoS protection counter is monitored.

Switch Engine™ Command Reference Guide for version 32.7.1 419

Example Commands

Example
This example sets the interval to 5 seconds:

configure dos-protect interval 5

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure dos-protect trusted ports

configure dos-protect trusted-ports [ports [ports | all] | add-ports
[ports-to-add | all] | delete-ports [ports-to-delete | all]]

Description
Configures the list of trusted ports.

Syntax Description
ports Specifies the trusted ports list.
ports-to-add Specifies the ports to add to the trusted ports list.
all Specifies all the ports.
ports-to-delete Specifies the ports to delete from the trusted ports list.

Default
N/A.

Usage Guidelines
Traffic from trusted ports will be ignored when DoS protect counts the packets to the
CPU. If we know that a machine connected to a certain port on the switch is a safe
"trusted" machine, and we know that we will not get a DoS attack from that machine,
the port to which this machine is connected can be configured as a trusted port, even
though a large amount of traffic is going through this port.

Example
This example sets the trusted port list to 3:1-3:7:

configure dos-protect trusted-ports ports 3:1-3:7

420 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

This example adds the trusted port 3:8 to the current list (use this command with a
network administrator machine not connected to the internet that is attached to port
3:8):

configure dos-protect trusted-ports add-ports 3:8

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure dos-protect type l3-protect alert-threshold

configure dos-protect type l3-protect alert-threshold packets

Description
Configures the denial of service protection alert threshold.

Syntax Description
packets Specifies how many packets in an interval will cause an
alert.

Default
The default is 4000 packets.

Usage Guidelines
This command configures how many packets received in an interval will cause a DoS
protection alert. When an alert occurs, the packets are analyzed, and a temporary ACL
is applied to the switch.

Example
This example sets the alert threshold to 8000 packets:

configure dos-protect type l3-protect alert-threshold 8000

History
This command was first available in ExtremeXOS 11.1.

Switch Engine™ Command Reference Guide for version 32.7.1 421

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure dos-protect type l3-protect notify-threshold

configure dos-protect type l3-protect notify-threshold packets

Description
Configures the denial of service protection notification threshold.

Syntax Description
packets Specifies how many packets in an interval will cause a
notification.

Default
The default is 3500 packets.

Usage Guidelines
This command configures how many packets received in an interval will cause a DoS
protection notification.

Example
This example sets the notification threshold to 7500 packets:

configure dos-protect type l3-protect notify-threshold 7500

History
This command was first available in ExtremeXOS 11.1

Platform Availability
This command is available on all Universal switches supported in this document.

configure dot1p type

configure dot1p type dot1p_priority {qosprofile} qosprofile {ingress-
meter [ ing_meter | none ]}

Description
Configures an 802.1p priority to QoS profile mapping for the specified ports.

422 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
dot1p_priority Specifies the 802.1p priority value. The value is an integer
between 0 and 7.
qosprofile Specifies a specific QoS profile. The value range is QP1 to
QP8.
ingress-meter Ingress rate-limiter meter.
ing_meter Ingress rate-limiter meter name.
none Dot1p examination rule has no ingress-meter (default if
ingress-meter is unspecified).

Default
The default mapping of each 802.1p priority value to QoS profile is shown in the
following table.

Table 6: Default 802.1p Priority Value-to-QoS Profile Mapping

802.1p Priority Value ExtremeSwitching Series Switches Default QoS Profile
0 QP1
1 QP1
2 QP1
3 QP1
4 QP1
5 QP1
6 QP1
7 QP8

Usage Guidelines
An 802.1p priority value seen on ingress can be mapped to a particular QoS profile and
with specific bandwidth management and priority behavior.

You must create the QoS profile first, using the create qosprofile [QP2| QP3 |
QP4 | QP5 | QP6 | QP7] command, to map the 802.1p information to QoS profile 2
through 7.

SummitStack Only
You must create the QoS profile first, using the create qosprofile [QP2| QP3 |
QP4 | QP5 | QP6 | QP7] command, to map the 802.1p information to QoS profile 2
through 6. You cannot create QP7 in a SummitStack.

Switch Engine™ Command Reference Guide for version 32.7.1 423

Example Commands

Example
The following commands reassign (from the default) the QoS profiles associated with
802.1p priority values 1 and 2:
# configure dot1p type 2 qosprofile qp2
# configure dot1p type 1 qosprofile qp3

The following examples use the ingress-meter option:

# configure dot1p type 1 qosprofile qp5 ingress-meter ingmeter0
# configure dot1p type 2 qp3 ingress-meter ingmeter2
# configure dot1p type 3 qp4

History
This command was first available in ExtremeXOS 11.0.

The ingress-meter, ing_meter, and none options were added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure eaps add control vlan

configure eaps name add control {vlan} vlan_name

Description
Adds the specified control VLAN to the specified EAPS domain.

Syntax Description
name Specifies the name of an EAPS domain.
vlan_name Specifies the name of the control VLAN.

Default
N/A.

Usage Guidelines
You must configure one control VLAN for each EAPS domain. The control VLAN is used
only to send and receive EAPS messages.

The control VLAN must be configured as follows:

• The VLAN must NOT be assigned an IP address, to avoid loops in the network.
• Only ring ports can be added as members of the control VLAN.

424 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

• The ring ports of the control VLAN must be tagged.

A control VLAN cannot belong to more than one EAPS domain. When the EAPS
domain is active, you cannot delete or modify the configuration of the control VLAN.

By default, EAPS protocol data units (PDUs) are automatically assigned to QoS profile
QP8. This ensures that the control VLAN messages reach their intended destinations.
You do not need to configure a QoS profile for the control VLAN.

The VLAN must already exist before you can add it as a control VLAN. If you attempt to
add a VLAN that does not exist, the switch displays a message similar to the following:
* Switch.8 # configure eaps megtest add control foo^%% Invalid input detected at '^'
marker.

To create the VLAN, use the create vlan command.

Example
The following command adds the control VLAN keys to the EAPS domain eaps_1.

configure eaps eaps_1 add control vlan keys

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure eaps add protected vlan

configure eaps name add protected {vlan} vlan_name

Description
Adds the specified protected VLAN to the specified EAPS domain.

Syntax Description
name Specifies the name of an EAPS domain.
vlan_name Specifies the name of the protected VLAN.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 425

Usage Guidelines Commands

Usage Guidelines
You must configure one or more protected VLANs for each EAPS domain. The
protected VLANs are the data-carrying VLANs.

A protected VLAN can be added to one or more EAPS domains.

When you configure a protected VLAN, the ring ports of the protected VLAN must be
tagged (except in the case of the default VLAN). As long as the ring is complete, the
master node blocks the protected VLANs on its secondary port.

The VLAN must already exist before you can add it as a protected VLAN. If you attempt
to add a VLAN that does not exist, the switch displays a message similar to the
following:
* Switch.5 # configure eaps megtest add protected foo^%% Invalid input detected at '^'
marker.

To create the VLAN, use the create vlan command.

Example
The following command adds the protected VLAN orchid to the EAPS domain eaps_1:

configure eaps eaps_1 add protected vlan orchid

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure eaps cfm

configure eaps cfm [add | delete] group group_name

Description
Notifies the CFM that EAPs is interested in notifications for the specified MEP and
RMEP pair.

Syntax Description
cfm Connectivity Fault Management.
add Add a MEP group.
delete Delete a MEP group.
group group_name MEP group to bind.

426 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
This command notifies CFM that EAPs is interested in notifications for this MEP and
RMEP pair. This MEP should already be bound to a physical port, so when notification is
received, EAPS associates that notification with a ring-port failure.

Example
The following command deletes the control VLAN keys from the EAPS domain eaps_1:

configure eaps cfm add

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on all ExremeXOS platforms; however, not all platforms
support hardware-based CFM. Platforms with no hardware-based CFM support are
limited to software-based CFM transmit intervals of 100 ms or higher. Hardware-based
intervals can go as low as 3.3 ms.

configure eaps config-warnings off

configure eaps config-warnings off

Description
Disables the loop protection warning messages displayed when configuring specific
EAPS parameters.

Syntax Description
This command has no arguments or variables.

Default
By default, loop protection warnings are enabled and displayed when configuring
specific EAPS parameters.

Switch Engine™ Command Reference Guide for version 32.7.1 427

Usage Guidelines Commands

Usage Guidelines
This is a global EAPS command. You configure the warning message display on a per
switch basis, not per EAPS domain.

When configuring the following EAPS parameters, the switch displays loop protection
warning messages:
• Adding EAPS primary or secondary ring ports to a VLAN
• Deleting a protected VLAN
• Disabling the global EAPS setting on the switch
• Disabling an EAPS domain
• Configuring an EAPS domain as a transit node
• Unconfiguring EAPS primary or secondary ring ports from an EAPS domain

We recommend that you keep the loop protection warning messages enabled. If you
have considerable knowledge and experience with EAPS, you might find the EAPS loop
protection warning messages unnecessary. For example, if you use a script to configure
your EAPS settings, disabling the warning messages allows you to configure EAPS
without replying to each interactive yes/no question.

To confirm the setting on the switch, use the following command:

show eaps {eapsDomain} {detail}

Example
The following command disables the loop protection warning messages:

configure eaps config-warnings off

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure eaps config-warnings on

configure eaps config-warnings on

Description
Enables the loop protection warning messages displayed when configuring specific
EAPS parameters.

428 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
This command has no arguments or variables.

Default
By default, loop protection warnings are enabled and displayed when configuring
specific EAPS parameters.

Usage Guidelines
This is a global EAPS command. You configure the warning message display on a per
switch basis, not per EAPS domain.

When configuring the following EAPS parameters, the switch displays loop protection
warning messages:
• Adding EAPS primary or secondary ring ports to a VLAN
• Deleting a protected VLAN
• Disabling the global EAPS setting on the switch
• Disabling an EAPS domain
• Configuring an EAPS domain as a transit node
• Unconfiguring EAPS primary or secondary ring ports from an EAPS domain

We recommend that you keep the loop protection warning messages enabled.

Example
The following command enables the loop protection warning messages:

configure eaps config-warnings on

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure eaps delete control vlan

configure eaps name delete control {vlan} vlan_name

Description
Deletes the specified control VLAN from the specified EAPS domain.

Switch Engine™ Command Reference Guide for version 32.7.1 429

Syntax Description Commands

Syntax Description
name Specifies the name of an EAPS domain.
vlan_name Specifies the name of the control VLAN.

Default
N/A.

Usage Guidelines
None.

Example
The following example deletes the control VLAN keys from the EAPS domain eaps_1:
configure eapseaps_1 delete control vlan keys

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure eaps delete protected vlan

configure eaps name delete protected {vlan} vlan_name

Description
Deletes the specified protected VLAN from the specified EAPS domain.

Syntax Description
name Specifies the name of an EAPS domain.
vlan_name Specifies the name of the protected VLAN.

Default
N/A.

430 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
To prevent loops in the network, you must delete the ring ports (the primary and the
secondary ports) from the protected VLAN before deleting the protected VLAN from
the EAPS domain. Failure to do so can cause a loop in the network.

The switch displays by default a warning message and prompts you to delete the VLAN
from the EAPS domain. When prompted, do one of the following:
• Enter y delete the VLAN from the specified EAPS domain.
• Enter n or press [Return] to cancel this action.

If you have considerable knowledge and experience with EAPS, you might find the
EAPS loop protection warning messages unnecessary. For more information, see the
configure eaps config-warnings off command.

Useful show Commands

Use the following show commands to display information about your EAPS domain,
including protected VLANs and primary and secondary ports:
• show vlan—This command displays summary information for all of the VLANs on
the device. If the VLAN is a protected VLAN, the P flag appears in the flag column.
To see more detailed information about the protected VLAN, use the following
command: show vlanvlan_name .
• show eaps—This command displays summary EAPS domain information, including
the name of the domain and the primary and secondary ports. To see more
detailed information, including the name of the protected VLAN and the primary
and secondary ports, use the show eapseapsDomain command.
• show vlan eaps—This command displays whether the VLAN is a control or partner
VLAN for an EAPS domain. This command also displays if the VLAN is not a member
of any EAPS domain.

Example
The following example deletes the protected VLAN orchid from the EAPS domain
eaps_1:
configure eapseaps_1delete protected vlan orchid

The switch displays the following warning message and prompts you to confirm this
action:
WARNING: Make sure EAPS ring-ports are deleted from the VLAN first. Otherwise deleting
the VLAN from the EAPS domain could cause a loop in the network! Are you sure you want to
remove the VLAN before deleting EAPS ring-ports.? (y/n)

Enter y to delete the VLAN from the specified EAPS domain. Enter n to cancel this
action.

Switch Engine™ Command Reference Guide for version 32.7.1 431

History Commands

History
This command was first available in ExtremeXOS 11.0.

The interactive messages were added in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure eaps failtime expiry-action

configure eaps name failtime expiry-action [open-secondary-port | send-
alert]

Description
Configures the action taken when the failtimer expires.

Syntax Description
name Specifies the name of an EAPS domain.
open-secondary-port Specifies to open the secondary port when the failtimer
expires.
send-alert Specifies that a critical message is sent to the syslog when
the failtimer expires.

Default
Default is send-alert.

Usage Guidelines
By default the action is to send an alert if the failtimer expires. Instead of going into
a Failed state, the master node remains in a Complete or Init state, maintains the
secondary port blocking, and writes a critical error message to syslog warning the user
that there is a fault in the ring. An SNMP trap is also sent.

If the EAPS ring contains non-EAPS devices, you must use the open-secondary-port
parameter.

Note
Use caution when setting the failtimer expiry action to open-secondary port.
Using this configuration, if the master node loses three consecutive hello
PDUs, the failtimer expires—but there might not be a break in the ring.
Opening the secondary port in this situation creates a loop.

432 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command configures the failtimer expiry action for EAPS domain eaps_1:

configure eapseaps_1 failtimeexpiry-action open-secondary-port

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure eaps failtime

configure eaps name failtime seconds milliseconds

Description
Configures the period after which the master node declares a failure if no hello PDUs
are received.

Syntax Description
name Specifies the name of an EAPS domain.
seconds Specifies the number of seconds the master node waits before the
failtimer expires. Default is 3 seconds, and the range is 0 to 300
seconds.
milliseconds Specifies the number of milliseconds to wait before the failtimer
expires. The range is 300 to 999 milliseconds.

Default
The default is 3 seconds.

Usage Guidelines
Use the failtime keyword and its associated seconds parameter to specify the amount
of time the master node waits before the failtimer expires. The failtime period (seconds
plus milliseconds) must be set greater than the configured value for hellotime. The
default value is three seconds.

Switch Engine™ Command Reference Guide for version 32.7.1 433

Example Commands

Increasing the failtime value reduces the likelihood of false failure detections caused by
network congestion.

Note
You configure the action taken when the failtimer expires by using the
configure eaps failtime expiry-action command.

In ExtremeXOS 11.0, the failtimer range was 2 to 60 seconds.

Example
The following command configures the failtimer value for the EAPS domain eaps_1 to 15
seconds:

configure eapseaps_1failtime15 0

The following command configures the failtimer value for the EAPS domain eaps_2 to
300 milliseconds:

configure eapseaps_2failtime0 300

History
This command was first available in ExtremeXOS 11.0.

The range for the failtimer was changed to 2 to 300 seconds in ExtremeXOS 11.1. The
default value for the failtimer remains unchanged.

The milliseconds parameter was added in ExtremeXOS 12.4.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure eaps fast-convergence

configure eaps fast-convergence[off | on]

Description
Enables EAPS to converge more quickly.

Syntax Description
off Turns fast-convergence off. Default is off.
on Turns fast-convergence on.

434 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Default is off.

Usage Guidelines
This command acts on the switch, not per domain.

In certain environments to keep packet loss to a minimum when the ring is broken,
configure EAPS with fast-convergence turned on. If fast convergence is turned on, you
can view the configuration with the show eaps command.

Note
If fast-convergence is turned on, the link filters on all EAPS ring ports are
turned off. This can result problems if the port’s hardware encountered a
problem and started “flapping” between link-up/link-down states.

Example
The following command configures fast convergence for all of the EAPS domains on
the switch:

configure eapsfast-convergence on

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure eaps hello-pdu-egress

configure eaps name hello-pdu-egress [primary-port | secondary-port]

Description
Configures the port through which a master node sends EAPS hello PDUs.

Syntax Description
name Specifies the name of an EAPS domain.

Default
Default is the primary port.

Switch Engine™ Command Reference Guide for version 32.7.1 435

Usage Guidelines Commands

Usage Guidelines
This command is provided for special network topologies that use spatial reuse and
require that all EAPS hello PDUs travel in the same direction on the ring.

Note
We recommend the default (primary-port) configuration for this command.

Example
The following command configures the master switch to send EAPS hello packets from
the secondary port:

configure eaps "domain12" hello-pdu-egress secondary-port

History
This command was first available in ExtremeXOS 12.4.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure eaps hellotime

configure eaps name hellotime seconds milliseconds

Description
Configures the period at which the master node sends EAPS hello PDUs to verify ring
connectivity.

Syntax Description
name Specifies the name of an EAPS domain.
seconds Specifies the number of seconds to wait between transmission of
hello PDUs on the control VLAN. The range is 0 to 15 seconds.
milliseconds Specifies the number of milliseconds to wait between transmission
of hello PDUs on the control VLAN. The range is 0 to 999
milliseconds.

Default
Default is 1 second.

436 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use the hellotime keyword and its associated parameters to specify the amount of
time the master node waits between transmissions of hello PDUs on the control VLAN.
Increasing the hellotime value results in a reduced load on the processor and less traffic
on the EAPS ring.

Note
The hello PDU timer value must be smaller than the fail timer value to prevent
false failure detection. If you change the hello PDU timer, verify that the fail
timer value remains larger.

This command applies only to the master node. If you configure the hello PDU timer
for a transit node, the timer value is ignored. If you later reconfigure that transit node as
the master node, the master node uses the configured hello PDU timer value.

In ExtremeXOS 11.0, the range is 1 to 15 seconds. If you are running ExtremeXOS 11.0 with
the hello timer value greater than 15 seconds and you upgrade to ExtremeXOS 11.1 or
later, you must modify the hello timer to be within the 1 to 15 seconds range.

Example
The following example configures the hellotime value for the EAPS domain eaps_1 to
300 milliseconds:
configure eap seaps_1 hellotime 0 300

History
This command was first available in ExtremeXOS 11.0.

The range for the hello timer was changed to 1 to 15 seconds in ExtremeXOS 11.1. The
default value for the hello timer remains unchanged.

Support for a specific number of milliseconds was added in ExtremeXOS 12.4.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure eaps mode

configure eaps name mode [master | transit]

Description
Configures the switch as either the EAPS master node or as an EAPS transit node for
the specified domain.

Switch Engine™ Command Reference Guide for version 32.7.1 437

Syntax Description Commands

Syntax Description
name Specifies the name of an EAPS domain.
master Specifies that this switch should be the master node for the
named EAPS domain.
transit Specifies that this switch should be the transit node for the
named EAPS domain.

Default
N/A.

Usage Guidelines
One node (or switch) on the ring must be configured as the master node for the
specified domain; all other nodes (or switches) on the ring are configured as transit
nodes for the same domain.

If you configure a switch to be a transit node for an EAPS domain, the switch displays
by default messages to:
• Remind you to configure a master node in the EAPS domain.
• Notify you that changing a master node to a transit node might cause a loop in the
network. If you have not assigned a new master node before changing the current
master node to a transit node, you might cause a loop in the network.

When prompted, do one of the following:

• Enter y to identify the switch as a transit node.
• Enter n or press [Return] to cancel this action.

If you have considerable knowledge and experience with EAPS, you might find the
EAPS loop protection warning messages unnecessary. For more information, see the
configure eaps config-warnings off command.

Example
The following example identifies this switch as the master node for the domain named
eaps_1:
configure eaps eaps_1 mode master

The following example identifies this switch as a transit node for the domain named
eaps_1:
configure eaps eaps_1 mode transit

The switch displays the following warning message and prompts you to confirm this
action:
WARNING: Make sure this specific EAPS domain has a Master node in the ring. If you change
this node from EAPS master to EAPS transit, you could cause a loop in the network. Are you
sure you want to change mode to transit? (y/n)

438 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

Enter y to identify the switch as a transit node. Enter n to cancel this action.

History
This command was first available in ExtremeXOS 11.0.

The interactive messages were added in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure eaps multicast add-ring-ports

configure eaps multicast add-ring-ports [on | off]

Description
Configures the switch to add previously blocked ring ports to existing multicast groups
when an EAPS topology change occurs.

Syntax Description
on Enables the multicast add-ring-ports feature.
off Disables the multicast add-ring-ports feature.

Default
Off.

Usage Guidelines
When this feature is set to on and an EAPS topology change occurs, multicast traffic
is fastpath forwarded using the switch hardware during the topology transition. The on
setting improves multicast forwarding performance during the transition.

Note
EAPS multicast flooding must be enabled before this feature will operate. For
information on enabling EAPS multicast flooding, see the configure eaps
multicast temporary-flooding command description.

When this feature is set to off and an EAPS topology change occurs, multicast traffic
is slowpath forwarded using the CPU during the topology transition. The off setting
reduces multicast forwarding performance during the transition.

Switch Engine™ Command Reference Guide for version 32.7.1 439

Example Commands

For other methods of supporting multicast traffic during an EAPS topology change, see
the descriptions for the following commands:
• configure eaps multicast send-igmp-query
• configure eaps multicast temporary-flooding

Example
The following example enables the add-ring-ports feature:
configure eaps multicast add-ring-ports on

History
This command was first available in ExtremeXOS 12.1.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure eaps multicast send-igmp-query

configure eaps multicast send-igmp-query [on | off]

Description
Configures the switch to send IGMP query messages to all protected VLANs when an
EAPS topology change occurs.

Syntax Description
on Enables the multicast send-igmp-query feature.
off Disables the multicast send-igmp-query feature.

Default
On.

Usage Guidelines
When this feature is set to on and an EAPS topology change occurs, the switch sends
IGMP query messages to all protected VLANs. If the protected VLANs in the node
detecting (and generating) the topology change do not have IP address, a query is
generated with the source IP address set to the querier address in that VLAN.

In a EAPS ring with many protected VLANs, the many responses can impact switch
performance. This is the default behavior and was the only method for supporting
multicast traffic during EAPS topology changes prior to release 12.1.2.

440 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

When this feature is set to off and an EAPS topology change occurs, the switch does
not automatically send IGMP queries to all protected VLANS during the topology
transition. The off setting improves switch performance during the transition, but you
should use one of the following commands to see that multicast traffic is supported
during and after the topology change:
• configure eaps multicast add-ring-ports
• configure eaps multicast temporary-flooding

Example
The following command disables the send-igmp-query feature:

configure eaps multicast send-igmp-query off

History
This command was first available in ExtremeXOS 12.1.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure eaps multicast temporary-flooding duration

configure eaps multicast temporary-flooding duration seconds

Description
Configures the duration for which the switch temporarily enables multicast flooding
when an EAPS topology change occurs.

Syntax Description
seconds Specifies the period (in seconds) for which the switch
enables multicast flooding.

Default
15 seconds.

Usage Guidelines
The flooding duration configuration applies only when the temporary-flooding feature
is enabled with the following command:
configure eaps multicast temporary-flooding

Switch Engine™ Command Reference Guide for version 32.7.1 441

Example Commands

Example
The following command configures the temporary-flooding feature duration for 30
seconds:

configure eaps multicast temporary-flooding duration 30

History
This command was first available in ExtremeXOS 12.1.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure eaps multicast temporary-flooding

configure eaps multicast temporary-flooding [on | off]

Description
Configures the switch to temporarily enable multicast flooding when an EAPS topology
change occurs.

Syntax Description
on Enables the multicast temporary-flooding feature.
off Disables the multicast temporary-flooding feature.

Default
Off.

Usage Guidelines
When this feature is set to on and an EAPS topology change occurs, the switch
temporarily enables multicast flooding to all protected VLANs for the duration specified
by the following command:
configure eaps multicast temporary-flooding duration

If you change the configuration to off, topology changes that occur after this command
do not result in temporary flooding. For example, if you change the configuration to off
while flooding is in progress for a protected VLAN or set of protected VLANs (due to an
EAPS topology change), the flooding continues for the configured duration period. New
topology changes on the protected VLANs do not cause flooding.

When this feature is set to off and an EAPS topology change occurs, the switch does
not enable flooding to all protected VLANS during the topology transition. The default

442 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

switch response for multicast traffic during an EAPS topology change is that defined by
the following command:
configure eaps multicast send-igmp-query

You can also use the following command to configure the switch response for multicast
traffic during an EAPS topology change:
configure eaps multicast add-ring-ports

Example
The following command enables the temporary-flooding feature:

configure eaps multicast temporary-flooding on

History
This command was first available in ExtremeXOS 12.1.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure eaps name

configure eaps old_name name new_name

Description
Renames an existing EAPS domain.

Syntax Description
old_name Specifies the current name of an EAPS domain.
new_name Specifies a new name for the EAPS domain.

Default
N/A.

Usage Guidelines
If you use the same name across categories (for example, STPD and EAPS names), we
recommend that you specify the identifying keyword as well as the actual name. If you
do not use the keyword, the system might return an error message.

Switch Engine™ Command Reference Guide for version 32.7.1 443

Example Commands

Example
The following command renames EAPS domain eaps-1 to eaps-5:

configure eaps eaps-1 name eaps-5

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure eaps port

configure eaps name [primary | secondary] port ports

Description
Configures a node port as the primary or secondary port for the specified EAPS
domain.

Syntax Description
name Specifies the name of an EAPS domain.
primary Specifies that the port is to be configured as the primary
port.
secondary Specifies that the port is to be configured as the secondary
port.
ports Specifies one port or slot and port.

Default
N/A.

Usage Guidelines
Each node on the ring connects through two ring ports. One port must be configured
as the primary port; the other must be configured as the secondary port.

The primary and secondary ports have significance only on a master node. The health-
check messages are sent out the primary port of the master node, and the master
node blocks the protected VLANs on the secondary port.

444 Switch Engine™ Command Reference Guide for version 32.7.1

 Messages Displayed when Adding EAPS Ring Ports to a
Commands VLAN

The master node’s secondary EAPS port cannot be configured on ports that are already
configured as follows:
• Shared-port
• ISC port

There is no distinction between the primary and secondary ports on a transit node.

Beginning with ExtremeXOS 11.1, if you have a primary or secondary port that is a
member of a load-shared group, you do not need to disable your EAPS domain and
remove that ring port when modifying the load-shared group. For more information
about configuring load sharing on your switch, see “Configuring Slots and Ports on a
Switch” in the Switch Engine 32.7.1 User Guide.

For complete information about software licensing, including how to obtain and
upgrade your license and what licenses are appropriate for this feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

Messages Displayed when Adding EAPS Ring Ports to a VLAN

If you attempt to add EAPS ring ports to a VLAN that is not protected by EAPS, the
switch prompts you by default to confirm this action. For example, if you use the
configure vlan vlan_name add ports port_list command, and the ports that
you are attempting to add to the VLAN are currently used by EAPS as either primary or
secondary ring ports, the switch displays the following message:
Make sure <vlan_name> is protected by EAPS. Adding EAPS ring ports to a VLAN could cause
a loop in the network. Do you really want to add these ports (y/n)

Enter y to add the ports to the VLAN. Enter n or press [Return] to cancel this action.

If you see this message, either configure the VLAN as an EAPS protected VLAN by using
the configure eaps add protected vlan command or add ports that the EAPS
domain does not use as primary or secondary ring ports.

If you have considerable knowledge and experience with EAPS, you might find the
EAPS loop protection warning messages unnecessary. For more information, see the
configure eaps config-warnings off.

Example
The following example adds port 1 to the EAPS domain eaps_1 as the primary port:
configure eapseaps_1primary port 1

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 445

configure eaps priority Commands

configure eaps priority

configure eaps name priority {high | normal}

Description
Configures an EAPS domain priority.

Syntax Description
name Specifies the name of an EAPS domain.

Default
Normal.

Usage Guidelines
Extreme Networks recommends that no more than 200 protected VLANs be
configured as high priority domains. Priority protection works best when the majority of
protected VLANs are configured for normal priority and a relatively small percentage of
the protected VLANs are configured as high priority domains.

When EAPS domains on two separate physical rings share a common link (shared-port
configuration) and have one or more protected VLANs in common, the domains must
be configured with the same domain priority.

When EAPS domain priority is configured on separate physical rings that are
connected to the same switch, the priorities on each ring are serviced independently.
For example, if there is a break on both Ring A and Ring B, the high priority domains
on each ring are serviced before the lower priority domains. However, the switch does
not attempt to process the high priority domains on Ring B before servicing the normal
priority domains on Ring A.

For a high priority domain to get priority over normal priority domains, all switches
in the EAPS domain must support high priority domains. If high priority domains are
configured on a switch that is in a ring with one or more switches that do not support
high priority domains (software releases before ExtremeXOS Release 12.5), the high
priority domain operates as a normal priority domain.

Example
The following command configures the eaps_1 domain as a high priority domain:

configure eapseaps_1 priority high

446 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure eaps shared-port common-path-timers

configure eaps shared-port port common-path-timers {[health-interval |
timeout] seconds}

Description
Configures the common path health interval or timeout value.

Syntax Description
port Specifies the port number of the common link port.
health-interval Specifies the interval for health check messages on the
common link.
timeout Specifies the timeout value for the common link.
seconds Specifies the amount of health interval, in seconds.

Default
N/A.

Usage Guidelines
This command allows you to configure the length of the common path health interval,
in seconds, for a given port. The range is from 1 to 10 seconds.

Example
The following command configures a common-link health interval of 5 seconds on port
1:1.

configure eaps shared-port 1:1 common-path-timers health-interval 5

The following command configures a segment timeout of 10 seconds on port 1:1.

configure eaps shared-port 1:1 common-path-timers timeout 10

Switch Engine™ Command Reference Guide for version 32.7.1 447

History Commands

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all platforms with the appropriate license. For complete
information about software licensing, including how to obtain and upgrade your
license and what licenses are appropriate for this feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure eaps shared-port link-id

configure eaps shared-port ports link-id id

Description
Configures the link ID of the shared port.

Syntax Description
ports Specifies the port number of the common link port.
id Specifies the link ID of the port. The link ID range is 1 to
65535.

Default
N/A.

Usage Guidelines
Each common link in the EAPS network must have a unique link ID. The controller and
partner shared ports belonging to the same common link must have matching link IDs.
No other instance in the network should have that link ID.

If you have multiple adjacent common links, we recommend that you configure
the link IDs in ascending order of adjacency. For example, if you have an EAPS
configuration with three adjacent common links, moving from left to right of the
topology, configure the link IDs from the lowest to the highest value.

Example
The following command configures the EAPS shared port 1:1 to have a link ID of 1.
configure eaps shared-port 1:1 link-id 1

History
This command was first available in ExtremeXOS 11.1.

448 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all platforms with the appropriate license. For complete
information about software licensing, including how to obtain and upgrade your
license and what licenses are appropriate for this feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure eaps shared-port mode

configure eaps shared-port ports mode controller | partner

Description
Configures the mode of the shared port.

Syntax Description
ports Specifies the port number of the shared port.
controller Specifies the controller mode. The controller is the end of
the common link responsible for blocking ports when the
common link fails thereby preventing the superloop.
partner Specifies partner mode. The partner is responsible only for
sending and receiving health-check messages.

Default
N/A.

Usage Guidelines
The shared port on one end of the common link must be configured to be the
controller. This is the end responsible for blocking ports when the common link fails
thereby preventing the superloop.

The shared port on the other end of the common link must be configured to be the
partner. This end does not participate in any form of blocking. It is responsible only for
sending and receiving health-check messages.

Example
The following command configures the shared port 1:1 to be the controller.

configure eaps shared-port 1:1 mode controller

History
This command was first available in ExtremeXOS 11.1.

Switch Engine™ Command Reference Guide for version 32.7.1 449

Platform Availability Commands

Platform Availability
This command is available on all platforms with the appropriate license. For complete
information about software licensing, including how to obtain and upgrade your
license and what licenses are appropriate for this feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure eaps shared-port segment-timers expiry-action

configure eaps shared-port port segment-timers expiry-action [segment-
down | send-alert]

Description
Configures the action taken when the segment timeout timer expires.

Syntax Description
port Specifies the port number of the common link port.
segment-down Marks the segment as DOWN if the segment timer expires.
No link-status-query is sent to verify that links are down.
send-alert If the segment timer expires, the switch keeps segments
up, but sends a warning message to the log. The segment
fail flag is set, an SNMP trap is sent, and a link-status-query
is sent to verify if any links are down.

Default
Default is send-alert.

Usage Guidelines
By default, the action is to send an alert if the segment timeout timer expires. Instead
of the segment going into a failed state and being marked as down, the segment
remains in a segment up state with the failed flag set. The switch writes a critical error
message to the syslog warning the user that there is a fault in the segment. An SNMP
trap is also sent.

Note
Use caution when setting the segment-timeout expiry action to segment-
down. Using this configuration, if the controller or partner node loses three
consecutive hello PDUs, the failtimer expires—but there might not be a break
in the segment. Opening a blocked port in this situation creates a loop.

The following describes some general recommendations for using this command:
• When you configure your Extreme Networks switches as the partner and controller,
respectively, make sure that their segment timer configurations are identical.

450 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

For example, if you have a partner switch with the segment-timeout expiry action
set to send-alert, make sure the controller switch has its segment-timeout expiry
action set to send-alert.

However, if you have a partner switch with the segment-timeout expiry action set to
send-alert, and the controller switch does not have a segment timer configuration,
you must configure the partner switch’s segment-timeout expiry action to segment-
down.
• If you have a network containing non-Extreme Networks switches or non-EAPS
devices, set the segment-timeout expiry action to segment-down.

The following events can cause a ring segment failure:

• There is a hardware failure.
• The controller or partner received a Link Down message from the partner or
controller, respectively.
• The segment timer expires and the expiry action was set to segment-down. This
means that either the controller or partner did not receive health check messages
during the defined segment timeout period.

To view shared-port information, including shared-port segment status, use the

following command:

show eaps shared-port {port}{detail}

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all platforms with the appropriate license. For complete
information about software licensing, including how to obtain and upgrade your
license and what licenses are appropriate for this feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure eaps shared-port segment-timers health-interval

configure eaps shared-port port segment-timers health-interval seconds

Description
Configures the shared-port health interval timeout.

Syntax Description
port Specifies the port number of the common link port.
seconds Specifies the amount of health interval, in seconds.

Switch Engine™ Command Reference Guide for version 32.7.1 451

Default Commands

Default
N/A.

Usage Guidelines
This command allows you to configure the length of the shared-port health interval
timeout, in seconds, for a given port.

Example
The following command configures a shared-port health interval timeout of 10 seconds
on port 1:1.

configure eaps shared-port 1:1 segment-timers health-interval 10

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all platforms with the appropriate license. For complete
information about software licensing, including how to obtain and upgrade your
license and what licenses are appropriate for this feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure eaps shared-port segment-timers timeout

configure eaps shared-port port segment-timers timeout seconds

Description
Configures the shared-port timeout.

Syntax Description
port Specifies the port number of the common link port.
seconds Specifies the amount of health interval, in seconds.

Default
N/A.

452 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This command allows you to configure the length of the shared-port timeout, in
seconds, for a given port.

Example
The following command configures a shared-port timeout of 10 seconds on port 1:1.

configure eaps shared-port 1:1 segment-timers timeout 10

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all platforms with the appropriate license. For complete
information about software licensing, including how to obtain and upgrade your
license and what licenses are appropriate for this feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure edp advertisement-interval

configure edp advertisment-interval timer holddown-interval timeout

Description
Sets the advertisement interval and hold down interval for EDP.

Syntax Description
timer Specifies the advertisement interval in seconds.
timeout Specifies the hold down interval in seconds.

Default
The default setting for timer is 60 seconds, and for timeout is 180 seconds.

Usage Guidelines
Extreme Discover Protocol (EDP) is used to gather information about neighbor Extreme
Networks switches. EDP-enabled ports advertise information about the Extreme switch
to other switches on the interface and receive advertisements from other Extreme
switches. Information about other Extreme switches is discarded after the hold down
interval timeout value is reached without receiving another advertisement.

Switch Engine™ Command Reference Guide for version 32.7.1 453

Example Commands

Example
The following command configures the EDP advertisement-interval to 2 minutes and
the hold down interval to 6 minutes:

configure edp advertisement-interval 120 holddown-interval 360

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure elrp-client dynamic-vlans

configure elrp-client dynamic-vlans {mvrp | netlogin | vm-tracking |
policy | fabric-attach | all} [on | off]

Description
This command enables/disables Extreme Loop Recognition Protocol (ELRP) over
various types of dynamic VLANs.

Syntax Description
dynamic-vlans ELRP configuration options for dynamically created VLANs.
mvrp Specifies that the command applies to dynamic VLANs
created by Multiple VLAN Registration Protocol (MVRP)
only.
netlogin Specifies that the command applies to dynamic VLANs
created by Network Login only.
vm-tracking Specifies that the command applies to dynamic VLANs
created by virtual machine MAC tracking only.
policy Specifies that the command applies to dynamic VLANs
created by One Policy.
fabric-attach Specifies that the command applies to dynamic VLANs
created by Fabric Attach.
all (Default) Specifies that the command applies to all types of
dynamic VLANs.
on Enable ELRP for dynamic VLANs.
off Disables ELRP for dynamic VLANs.

454 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
ELRP for dynamic VLANs is "off" by default. If the type of dynamic VLAN is not specified,
the command applies to all types of dynamic VLANs.

Example
The following example enables ELRP for all types of dynamic VLANs:
configure elrp-client dynamic-vlans on

The following example disables ELRP for VM tracking dynamic VLANs:

configure elrp-client dynamic-vlans vm-tracking off

The following example enables ELRP for Netlogin dynamic VLANs:

configure elrp-client dynamic-vlans netlogin on

The following example enables ELRP for One Policy dynamic VLANs:
configure elrp-client dynamic-vlans policy on

The following example disables ELRP for One Policy dynamic VLANs:
configure elrp-client dynamic-vlans policy off

History
This command was first available in ExtremeXOS 22.2.

The policy and fabric-attach keywords were added in ExtremeXOS 32.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure elrp-client dynamic-vlans action

configure elrp-client dynamic-vlans {mvrp | netlogin | vm-tracking |
policy | fabric-attach | all} [{interval sec} {action [{log | trap |
log-and-trap} {disable-port {[{egress | ingress} {duration seconds |
permanent}] | none}}]}]

Description
This command sets actions to be taken after Extreme Loop Recognition Protocol
(ELRP) on dynamic VLANs detects a loop.

Switch Engine™ Command Reference Guide for version 32.7.1 455

Syntax Description Commands

Syntax Description
dynamic-vlans ELRP configuration options for dynamically created VLANs.
mvrp Specifies that the command applies to dynamic VLANs
created by Multiple VLAN Registration Protocol (MVRP)
only.
netlogin Specifies that the command applies to dynamic VLANs
created by Network Login only.
vm-tracking Specifies that the command applies to dynamic VLANs
created by virtual machine MAC tracking only.
policy Specifies that the command applies to dynamic VLANs
created by One Policy.
fabric-attach Specifies that the command applies to dynamic VLANs
created by Fabric Attach.
all (Default) Specifies that the command applies to all types of
dynamic VLANs.
interval Specifies setting the time interval between successive
ELRP polls.
sec Sets the time interval in seconds between successive ELRP
polls. Range is 1–600. Default = 1.
action Action to be taken after ELRP poll result.
log Print ELRP poll result to system log.
trap Send SNMP trap.
log-and-trap Print ELRP poll result to system log and send SNMP trap.
disable-port Disable port where looped PDU was transmitted or
received.
egress Disable port where looped PDU was transmitted.
ingress Disable port where looped PDU was received (default).
duration Specifies setting the time period that the port is kept
disabled before re-enabling.
seconds Sets the time in seconds that the port is kept disabled
before re-enabling. Range is 15–600. Default = 30.
permanent Keep port disabled permanently. You must intervene to
re-enable.
none Removes any previously set actions.

Default
If the type of dynamic VLAN is not specified, the command applies to all types of
dynamic VLANs.

If the time duration is not set for the period between ELRP polls, the default is one
second.

If not specified, the port that the looped PDU was received on is disabled.

456 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

If not specified, the disabled port is kept disabled for 30 seconds before it is re-enabled.

Example
The following example enables ELRP for all types of dynamic VLANs with a time interval
between ELRP polls of 2 seconds:
configure elrp-client dynamic-vlans interval 2

The following example enables ELRP for MVRP VLANs with SNMP trap set when a loop
is detected:
configure elrp-client dynamic-vlans mvrp action trap

The following example enables ELRP for all types of dynamic VLANs and disables the
egress port where the loop is detected permanently:
configure elrp-client dynamic-vlans action disable-port egress permanent

The following example enables ELRP for VM-tracking VLANs and disables the ingress
port where the loop is detected for 100 seconds:
configure elrp-client dynamic-vlans vm-tracking action disable-port ingress duration 100

The following example enables ELRP for Fabric Attach VLANs and disables the ingress
port where the loop is detected for 100 seconds:
configure elrp-client dynamic-vlans fabric-attach action disable-port ingress duration 100

History
This command was first available in ExtremeXOS 22.3.

The policy and fabric-attach keywords were added in ExtremeXOS 31.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure elrp-client dynamic-vlans client/uplink ports/remote-

endpoints vxlan
configure elrp-client dynamic-vlans [netlogin | vm-tracking] [client-
ports | uplink-ports | remote-endpoints vxlan] [on | off]

Description
This command turns Extreme Loop Recognition Protocol (ELRP) on/off for client ports
or uplink ports for dynamic VLANs.

Switch Engine™ Command Reference Guide for version 32.7.1 457

Syntax Description Commands

Syntax Description
netlogin Specifies that the command applies to dynamic VLANs
created by Network Login only.
vm-tracking Specifies that the command applies to dynamic VLANs
created by virtual machine MAC tracking only.
client-ports Specifies client ports only.
uplink-ports Specifies uplink ports only.
remote-endpoints Specifies remote endpoints that are part of this VLAN.
vxlan Specifies VXLAN remote endpoints that are part of this
VLAN.
on Enable ELRP for dynamic VLANs.
off Disables ELRP for dynamic VLANs.

Default
ELRP for dynamic VLANs is "off" by default.

Example
The following example enables ELRP for Netlogin dynamic VLANs on uplink ports only:
configure elrp-client dynamic-vlans netlogin uplink-ports on

The following example enables ELRP for XNV dynamic VLANs on VXLAN remote
endpoints that belong to the VLAN:
configure elrp-client dynamic-vlans vm-tracking remote-endpoints vxlan on

History
This command was first available in ExtremeXOS 22.2.

Remote endpoint capability was added in ExtremeXOS 22.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure elrp-client disable ports

configure elrp-client disable-ports [exclude | include] [ ports | eaps-
ring-ports | remote-endpoints vxlan | inter-vlan-loop]

Description
Creates an ELRP exclude port list.

458 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
exclude Specifies that selected ports are to be excluded from ELRP
disabling.
include Specifies that selected ports are to be included in ELRP
disabling.
ports Specifies one or more ports to be excluded or included.
eaps-ring-ports Specifies whether EAPS ring ports are to be excluded or
included.
remote-endpoints Specifies remote endpoints, if any, that are part of this
VLAN.
vxlan Specifies VXLAN remote endpoints that are part of this
VLAN.
inter-vlan-loop Excludes inter-VLAN loop detected ports.

Default
All ports, together with EAPS ring ports and VXLAN remote endpoints, are included by
default; that is, they are disabled if a loop is detected on that port.

Usage Guidelines
Use this command to specify ports, EAPS ring ports, or VXLAN remote endpoints that
are to be part of an ELRP exclude port list. Use the exclude option to add ports to the
exclude port list. Use the include option to remove them from the list.

When ELRP detects a loop and has been configured to automatically disable the port
where a looped ELRP PDU is received and an exclude port list has been configured, it
will check to determine if that port is on the exclude port list. If that port is on the list,
ELRP will not disable it; if it is not on the list, it will be disabled.

To display the ports that are include in the exclude port list, use the show elrp
disabled-ports command.

To remove the exclude port list, use the unconfigure elrp-client disable ports
command.

Example
The following example adds port 2:1 to an ELRP exclude port list:
configure elrp-client disable-ports exclude 2:1,2:3

History
This command was first available in ExtremeXOS 12.5.3.

VXLAN remote endpoint option added in ExtremeXOS 22.4.

Switch Engine™ Command Reference Guide for version 32.7.1 459

Platform Availability Commands

The inter-vlan-loop option for excluding inter-VLAN loop detected ports was added
in ExtremeXOS 30.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure elrp-client hardware-assist

configure elrp-client hardware-assist loopback-port [port | none]

Description
Configures or unconfigures a front panel port as the designated loopback port for
hardware-assisted ELRP (Extreme Loop Recovery Protocol).

Syntax Description
elrp-client Configures ELRP client.
hardware-assist Selects configuring hardware-assisted ELRP.
loopback-port Designates selecting a loopback port for hardware-assisted
ELRP.
port Selects the loopback port. The port must be an unused
front panel port.
none Unconfigures a loopback port.

Default
N/A.

Usage Guidelines
The loopback port must be an unused front panel port. The selected loopback port
cannot be part of a VLAN. The loopback port cannot be changed or unconfigured if
hardware-assisted ELRP mode is enabled. To disable hardware-assisted ELRP, use the
command disable elrp-client .

Example
The following example configures port 7 as the loopback port for hardware-assisted
ELRP:
# configure elrp-client hardware-assist loopback-port 7

The following example unconfigures the loopback port for hardware-assisted ELRP:
# configure elrp-client hardware-assist loopback-port none

460 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure elrp-client inter-vlan-loop-detection

configure elrp-client inter-vlan-loop-detection [on | off]

Description
Turns on/off Extreme Loop Recovery Protocol (ELRP) inter-VLAN loop detection.

Syntax Description
inter-vlan-loop- ELRP detects loops between untagged ports on different
detection VLANs on the same switch.
on Turns on Inter-VLAN loop detection. (Default)
off Turns off Inter-VLAN loop detection.

Default
Inter-VLAN loop detection is on by default.

Usage Guidelines
It is common in networks for you to accidentally inter-connect two different VLANs
by looping together two untagged ports (one in each respective VLAN). This type of
configuration results in an outage, and it is difficult for the average user to detect.

If desired, you can then include or exclude the inter-VLAN loops to be disabled using
the configure elrp-client disable-ports [exclude | include] [ ports |
eaps-ring-ports | remote-endpoints vxlan | inter-vlan-loop] command.

Example
The following example turns on Inter-VLAN loop detection:
# configure elrp-client inter-vlan-loop-detection on

History
This command was first available in ExtremeXOS 30.1.

Switch Engine™ Command Reference Guide for version 32.7.1 461

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure elrp-client one-shot

configure elrp-client one-shot {vlan [vlan_name | all} ports [ports |
all |none] {remote-endpoints vxlan all} {interval interval {seconds |
milliseconds}} {retry count} {log | print | print-and-log]}

Description
Starts one-time, non-periodic ELRP packet transmission on the specified ports of the
VLAN using the specified count and interval.

Syntax Description
vlan_name Specifies a VLAN name.
all Specifies all VLANs.
ports Specifies the set of VLAN ports for packet transmission.
remote-endpoints Specifies remote endpoints that are part of this VLAN.
vxlan Specifies VXLAN remote endpoints that are part of this
VLAN.
interval Time interval between two successive ELRP PDUs.
interval Interval value between 1–64 seconds or 100–64,000
milliseconds. Default is 1 second.
seconds Specifies that time interval is in the unit of seconds.
milliseconds Specifies that time interval is in the unit of milliseconds.
all Specifies all ports of this VLAN for packet transmission.
count Specifies the number of times ELRP packets must be
transmitted. The range is 1 to 255 times. The default is 3
times.
log Specifies that a message should be logged in the system
log file when ELRP packets are received back indicating
detection of network loop, or no packets are received
within the specified duration.
print Specifies that a message should be printed to the console
when ELRP packets are received back indicating detection
of network loop, or no packets are received within the
specified duration.
print-and-log Specifies that a message should be logged in the system
log file and printed to the console when ELRP packets are
received back indicating detection of network loop, or no
packets are received within the specified duration.

462 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Second—The interval between consecutive packet transmissions is 1 second.

Count—The number of time ELRP packets must be transmitted is 10.

Usage Guidelines
This command starts one-time, non-periodic ELRP packet transmission on the
specified ports of the VLAN using the specified count and interval. If any of these
transmitted packets is returned, indicating loopback detection, the ELRP client can
perform a configured action such as logging a message in the system log file or
printing a log message to the console. There is no need to send a trap to the SNMP
manager for non-periodic requests.

Note
You can also use the command run elrp on page 2531 to perform one-time
ELRP packet transmission.

Use the configure elrp-client periodic command to configure periodic

transmission of ELRP packets.

The ELRP client must be enabled globally in order for it to work on any VLANs. Use the
enable elrp-client command to globally enable the ELRP client.

The ELRP client can be disabled globally so that none of the ELRP VLAN configurations
take effect. Use the disable elrp-client command to globally disable the ELRP
client.

Example
The following example starts one-time, non-periodic ELRP packet transmission on all
ports of the VLAN sales, uses the default interval and transmission times, and sends
messages to the console:
configure elrp-client one-shot sales ports all interval 1 seconds retry 3 print

History
This command was first available in ExtremeXOS 11.1.

The ability to specify the time interval in milliseconds was introduced in ExtremeXOS
22.4.

VXLAN remote endpoint option added in ExtremeXOS 22.4.

The all option for VLANs was added in ExtremeXOS 30.1.

Switch Engine™ Command Reference Guide for version 32.7.1 463

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure elrp-client periodic

configure elrp-client periodic {vlan} vlan_name ports [ports | all |
none] {remote-endpoints vxlan all} {interval interval {seconds |
milliseconds}} {log | log-and-trap | trap} {disable-port {egress |
ingress} {duration {seconds} | permanent}}

Description
Starts periodic ELRP packet transmission on the specified ports of the VLAN or VXLAN
remote tunnel endpoints (RTEPs) using the specified interval.

Syntax Description
vlan Specifies a VLAN name.
vlan_name Specifies a VLAN name.
ports Specifies the set of VLAN ports for packet transmission.
all Specifies all ports for packet transmission.
none Specifies no ports for packet transmission. This option
allows you to configure (unambiguously) ELRP on only
VXLAN RTEPs.
remote-endpoints Specifies to include the remote endpoints, if any, in this
VLAN. Only supported with software ELRP.
vxlan Specifies VXLAN remote endpoints.
interval Time interval between two successive ELRP PDUs.
interval Software ELRP interval range between 1–600 seconds or
1,000–600,000 ms. Hardware-assisted ELRP interval range
is between 3–600,000 ms. Default is 1 second.
seconds Specifies that time interval is in the unit of seconds.
milliseconds Specifies that time interval is in the unit of milliseconds.
log Specifies that a message should be logged in the system
log file when ELRP packets are received back indicating
detection of network loop, or no packets are received
within the specified duration.
log-and-trap (Default) Specifies that a message should be logged in
the system log file and trap message should be sent to
the SNMP manager when ELRP packets are received back
indicating detection of network loop, or no packets are
received within the specified duration.
trap Specifies that a trap message should be sent to the SNMP
manager when ELRP packets are received back indicating
detection of network loop, or no packets are received
within the specified duration.

464 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

disable-port Specifies that the port should be disabled where the

looped PDU is received.
egress Disable port where looped PDU was transmitted. Only
supported with software ELRP.
duration Specifies a hold time that the port is kept disabled before
re-enabling.
seconds The number of seconds the port is kept disabled.
permanent Specifies that the port is disabled permanently. User
intervention is required to enable.

Default
The default interval between consecutive packet transmissions is 1 second.

If a duration in seconds is not specified, the default is permanent.

If not specified, log-and-trap action is the default.

Usage Guidelines
This command starts periodic ELRP packet transmission on the specified ports of
the VLAN using the specified interval. If any of these transmitted packets is returned,
indicating loopback detection, the ELRP client performs a configured action of logging
a message in the system log file and/or sending a trap to the SNMP manager.

Beginning with ExtremeXOS 12.4, you have the option to automatically disable the port
where the looped packet arrives and to specify the time interval for which the port
remains disabled. When that specified time expires, the port is automatically enabled.

Should a loop occur on multiple ports, only the first port in the VLAN on which the PDU
is received is disabled. The second port is ignored for 1 or 2 seconds and then if another
PDU is received, that port is disabled until the loop is gone. This prevents shutting
down all ports in the VLAN.

Use either the configure elrp-client one-shot or the run elrp command to
configure non-periodic, one-time transmission of ELRP packets.

The ELRP client must be enabled globally in order for it to work on any VLANs. Use the
enable elrp-client command to globally enable the ELRP client.

The ELRP client can be disabled globally so that none of the ELRP VLAN configurations
take effect. Use the disable elrp-client command to globally disable the ELRP
client.

Use the show elrp command to check the ELRP status and the show elrp disabled-
ports command to view details of ELRP disabled ports.

For the interval option with hardware-assisted ELRP, hardware-assisted ELRP uses
ACL meter to rate limit the PDU TX rate, which has a granularity of 8 Kbps, so for any

Switch Engine™ Command Reference Guide for version 32.7.1 465

Example Commands

interval configured for longer than 70ms in hardware-assisted ELRP mode, the actual
interval is around 70ms. This is determined by hardware capabilities of the switch.

Example
The following example starts periodic ELRP packet transmission on slot 3, port 2 of
VLAN marketing, sends packet transmissions every 2 seconds, sends messages to the
log, and should a loop be detected, disables the port for 5 seconds:
configure elrp-client periodic marketing ports 3:2 interval 2 seconds log disable-port
duration 5

History
This command was first available in ExtremeXOS 11.1.

The disable port feature was added in ExtremeXOS 12.4.

The ability to specify the time interval in milliseconds was introduced in ExtremeXOS
22.4.

The ability to specify VXLAN RTEPs was introduced in ExtremeXOS 22.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure elsm ports hellotime

configure elsm ports port_list hellotime hello_time

Description
Configures the ELSM hello timer by specifying the time between consecutive hello
messages for the specified ports.

Syntax Description
port_list Specifies the port or ports for which the ELSM hello timer
should be configured.
hello_time Specifies the time in seconds between consecutive hello
messages. Use the same value for the hello interval on peer
ports. The default value is 1 second, and the range is 1 to 128
seconds.

Default
The default is 1 second.

466 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
ELSM works between two connected ports, and each ELSM instance is based on a
single port.

When you enable ELSM on the specified ports, the ports participate in ELSM with their
peers and begin exchanging ELSM hello messages.

ELSM uses two types of hello messages to communicate the health of the network to
other ELSM ports:
• Hello+ — The ELSM-enabled port receives a hello message from its peer and no
problem is detected.
• Hello- — The ELSM-enabled port does not receive a hello message from its peer.

ELSM also has hello transmit states. The hello transmit states display the current state
of transmitted ELSM hello messages. For more information about the hello transmit
states, see the show elsm ports command.

A high hello timer value can increase the time it takes for the ELSM-enabled port to
enter the Up state. The down timer is (2 + hold threshold) * hello timer. Assuming
the default value of 2 for the hold threshold, configuring a hello timer of 128 seconds
creates a down timer of (2 + 2) 128, or 512 seconds. In this scenario it would take 512
seconds for the port to transition from the Down to the Up state.

If you modify the hello timer on one port, we recommend that you use the same hello
timer value on its peer port.

Example
The following command specifies 5 seconds between consecutive ELSM hello
messages for slot 2, ports 1-2 on the switch:

configure elsm ports 2:1-2:2 hellotime 5

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure elsm ports hold-threshold

configure elsm ports port_list hold-threshold hold_threshold

Description
Configures the number of Hello+ messages required by the specified ELSM-enabled
ports to transition from the Down-Wait state to the Up state.

Switch Engine™ Command Reference Guide for version 32.7.1 467

Syntax Description Commands

Syntax Description
port_list Specifies the port or ports for which the ELSM hold
threshold should be configured.
hold_threshold Specifies the number of Hello+ messages required to
transition from the Down-Wait state to the Up state. The
default is 2 messages, and the range is 1 to 40 messages.

Default
The default is 2 Hello+ messages.

Usage Guidelines
The port begins in the Down state, so the first received Hello+ message transitions the
ELSM-enabled port from the Down state to the Down-Wait state. After that transition,
the configured hold-threshold value determines the number of Hello+ messages
required to transition from Down-Wait state to the Up state.

The ELSM hold threshold determines the number of Hello+ messages the ELSM peer
port must receive to transition from the Down-Wait state to the Up state. For example,
a threshold of 1 means the ELSM port must receive at least one Hello+ message to
transition from the Down-Wait state to the Up state.

After the down timer expires, the port checks the number of Hello+ messages against
the hold threshold. If the number of Hello+ messages received is greater than or equal
to the configured hold threshold, the ELSM receive port moves from the Down-Wait
state to the Up state.

If the number of Hello+ messages received is less than the configured hold threshold,
the ELSM receive port moves from the Down-Wait state back to the Down state and
begins the process again.

If you modify the hold threshold on one port, we recommend that you use the same
hold threshold value on its peer port.

You configure the hold threshold on a per-port basis, not on a per-switch basis.

Example
The following command specifies that two Hello+ messages are required for the ELSM
receive ports configured on slot 2, ports 1-2, to transition from the Down-Wait state to
the Up state:

configure elsm hold-threshold 2 ports 2:1-2:2

History
This command was first available in ExtremeXOS 11.4.

468 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure elsm ports uptimer-threshold

configure elsm ports port_list uptimer-threshold uptimer_threshold

Description
Configures the number of Hello+ messages required by the specified ELSM-enabled
ports to transition from the Up state to the Down state.

Syntax Description
port_list Specifies the port or ports for which the ELSM hold
threshold should be configured.
uptimer_threshold Specifies the number of Hello+ messages required to
transition from the Up- state to the Down state. The default
is 6messages, and the range is 3 to 60 messages.

Default
The default is 6 Hello+ messages.

Usage Guidelines
The ELSM up timer begins when the ELSM-enabled port enters the UP state. Each time
the port receives a Hello+ message, the timer restarts. Up timer is Uptimer_threshold *
hello timer. When the Up timer expires, it transits from UP state to DOWN state.

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure erps add control vlan

configure erps ring-name add control {vlan} vlan_name

Description
Add a control VLAN on the ERPS ring.

Switch Engine™ Command Reference Guide for version 32.7.1 469

Syntax Description Commands

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
control VLAN that carries ERPS control traffic.
vlan_name Alphanumeric string identifying the VLAN to be used for
control traffic.

Default
N/A.

Usage Guidelines
Use this command to add a control VLAN on the ERPS ring. This is the VLAN that
carries ERPS control traffic.

Note
Other VLAN types such as VMAN, SVLAN, CVLAN and BVLAN will not be used
for control traffic. A control VLAN cannot be deleted from a ring that has CFM
configured.

Example
The following command adds a control VLAN named “vlan10” to an ERPS ring named
“ring1”:

configure erps ring1 add control vlan vlan10

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

configure erps add protected vlan

configure erps ring-name add protected {vlan} vlan_name

Description
Add a protected VLAN on the ERPS ring. This is a data VLAN that ERPS will protect.

470 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
vlan_name Alphanumeric string identifying the data VLAN to be
added that ERPS will protect. This can be a VLAN, SVLAN,
BVLAN or VMAN.

Default
N/A.

Usage Guidelines
Use this command to add a protected data VLAN on the ERPS ring. This VLAN will be
protected by ERPS, and it can be a VLAN, SVLAN, BVLAN or VMAN.

Note
The SVLAN-BVLAN combination cannot both be added to the same ring or
sub-ring.

Example
The following command adds a protected VLAN named “vlan10” to an ERPS ring
named “ring1”:

configure erps ring1 add protected vlan vlan10

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

configure erps control-mac

configure erps ring-name control-mac [auto | default]

Description
Configures ERPS control MAC (either default or auto) on a particular ERPS ring
instance.

Switch Engine™ Command Reference Guide for version 32.7.1 471

Syntax Description Commands

Syntax Description
erps Specifies ERPS (ITU-T G.8032).
ring-name Specifies the alphanumeric string that identifies the ERPS
ring/sub-ring.
control-mac Destination MAC used in R-APS PDUs .
auto Use ring ID-based MAC address (01:19:A7:00:00:ring-id).
default Use default MAC address (01:19:A7:00:00:01).

Default
By default, if an ERPS ring instance is created with a user-defined ring ID, the control
MAC used by ring instance is auto (01:19:A7:00:00:ring-id).

By default, if an ERPS ring instance is created without a user-defined ring ID, the
control MAC used by the ring instance is default (01:19:A7:00:00:01).

Usage Guidelines
As per the ITU G.8032 standard, destination MAC used in R-APS PDUs are of 2 types:
• 01:19:A7:00:00:01 (default)
• 01:19:A7:00:00:ringId (auto)

Note
This command is only applicable on ERPS ring instances created with user-
defined ring ID.

Example
The following example configures the control MAC of an ERPS ring instance created
with a user-defined ring ID:
# configure erps Ring2 control-mac auto

The following example configures the control MAC of an ERPS ring instance created
without a user-defined ring ID:
# configure erps Ring1 control-mac auto
Error: This cli is applicable only when the erps ring is created with a user
defined ringId. The default
control-mac is used here.

History
This command was first available in ExtremeXOS 32.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

472 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure erps cfm port group

configure erps cfm port group

configure erps ring_name cfm port [east | west] [add | delete] group
group_name

Description
Associates or disassociates fault monitoring entities on the ERPS ring ports.

Syntax Description
ring_name Alphanumeric string that identifies the ERPS ring.
east East port.
west West port.
add Associates a CFM Down-MEP entity.
delete Disassociates a CFM Down-MEP entity.
group Specifies a CFM Down-MEP group.
group_name Specifies the name of the Down MEP group.

Default
N/A.

Usage Guidelines
Use this command to associate or disassociate fault monitoring entities on the ERPS
ring ports.

Example
The following command associates fault monitoring on the group "group1":

configure erps ring1 cfm port east add group1

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all platforms running ExtremeXOS.

configure erps cfm protection group

configure erps ring_name cfm protection [add delete] group cfm_group

Switch Engine™ Command Reference Guide for version 32.7.1 473

Description Commands

Description
Associates or disassociates a CFM UP MEP group for subring protection across the
main ring.

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
add Associates a CFM Up-MEP entity.
delete Disassociates a CFM Up-MEP entity.
group Specifies a CFM Up-MEP group.

Default
N/A.

Usage Guidelines
Use this command to associate or disassociate a CFM UP MEP group for subring
protection across the main ring.

When an UP MEP is configured for protection of a subring, the Manual Switch event
will be enforced on the subring port on the interconnected nodes.As per Appendix X
of the standard, the MS is issued when the node type and the multiple failure type
are the same. ExtremeXOS implementation currentlyconfigures the node type to be
the same as the fault type. So the user will notice both the subring ports of the two
interconnected nodes to be held inMS when multiple failures on the main ring occur.
When the multiple failure clears this MS is also cleared.

Example
The following command associates a CFM UP MEP group for subring protection on the
group "group1":

configure erps ring1 cfm protection add group1

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all platforms running ExtremeXOS.

configure erps delete control vlan

configure erps ring-name delete control {vlan} vlan_name

474 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Delete a control VLAN on the ERPS ring.

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
vlan_name Alphanumeric string identifying the VLAN used for control
traffic.

Default
N/A.

Usage Guidelines
Use this command to delete a control VLAN from the ERPS ring. This is the VLAN that
carries ERPS control traffic.

Note
Other VLAN types such as VMAN, SVLAN, CVLAN and BVLAN will not be used
for control traffic.
A control VLAN cannot be deleted from a ring that has CFM configured.

Example
The following command deletes a control VLAN named “vlan10” from an ERPS ring
named “ring1”:

configure erps ring1 delete control vlan vlan10

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

configure erps delete protected vlan

configure erps ring-name delete protected {vlan} vlan_name

Description
Delete a protected data VLAN from the ERPS ring.

Switch Engine™ Command Reference Guide for version 32.7.1 475

Syntax Description Commands

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
vlan_name Alphanumeric string identifying the data VLAN to be
deleted from the ERPS ring.

Default
N/A.

Usage Guidelines
Use this command to delete a protected VLAN from the ERPS ring.

Example
The following command deletes a protected VLAN named “vlan10” from an ERPS ring
named “ring1”:

configure erps ring1 delete protected vlan vlan10

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

configure erps dynamic-state

configure erps ring-name dynamic-state [force-switch | manual-switch |
clear] port slot:port

Description
Configure or clear force-switch or manual-switch for the ERPS ring/sub-ring.

Syntax Description
dynamic-state Configure force/manual/clear switch on the active ERPS
ring.
force-switch Force-switch operation.
manual-switch Manual-switch operation.
clear Clears force-switch/manual-switch.

476 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
Use this command to configure or clear force-switch or manual-switch for the ERPS
ring/sub-ring.

Note
In non-revertive mode, in the "Pending" state, you can use the clear option of
this command to return to the "Idle" state where the blocked link is manually
reverted to the Ring Protection Link (RPL).

Example
The following command clears force-switch and manual-switch on an ERPS ring
named "ring1":
configure erps ring1 dynamic-state clear

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure erps name

configure erps old-ring-name name new-ring-name

Description
Rename the ERPS ring/sub-ring.

Syntax Description
old-ring-name Alphanumeric string that identifies the ERPS ring.
new-ring-name New alphanumeric string identifying the ERPS ring.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 477

Usage Guidelines Commands

Usage Guidelines
Use this command to rename the ERPS ring or sub-ring.

Example
The following command an ERPS ring from “ring1” to “ring2”:

configure erps ring1 name ring2

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

configure erps neighbor port

configure erps ring-name neighbor-port port

Description
Add RPL (ring protection link) neighbor configuration for the ERPS ring.

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
port The slot:port number for RPL neighbor.

Default
N/A.

Usage Guidelines
Use this command to add RPL neighbor configuration for the ERPS ring.

Note
This command implicitly makes the node on which it is configured the RPL
neighbor.

478 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command adds RPL neighbor on port 5 to an ERPS ring named “ring1”:

configure erps ring1 neighbor-port 5

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

configure erps notify-topology-change

configure {erps} ring-name notify-topology-change {eaps} domain_name

Description
Add an ERPS sub-ring to the EAPS domain.

Syntax Description
ring-name Alphanumeric string identififying the ERPS sub-ring.
domain_name Alphanumeric string identifying the EAPS domain.

Default
N/A.

Usage Guidelines
Use this command to add an ERPS sub-ring to the EAPS domain.

Example
Example output not yet available and will be provided in a future release.

History
This command was first available in ExtremeXOS 15.1.

Switch Engine™ Command Reference Guide for version 32.7.1 479

Platform Availability Commands

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

configure erps protection-port

configure erps ring-name protection-port port

Description
Add ring protection link (RPL) owner configuration for the ERPS ring.

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
port The slot:port number for the ring protection link (RPL)
owner.

Default
N/A.

Usage Guidelines
Use this command to add ring protection link (RPL) owner configuration for the ERPS
ring.

Note
This command implicitly makes the node on which it is configured the RPL
owner.

Example
The following command adds RPL owner configuration on port 5 to an ERPS ring
named “ring1”:

configure erps ring1 protection-port 5

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

480 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure erps revert

configure erps revert

configure {erps} ring-name revert [ enable | disable ]

Description
Add or delete ERPS revert operation along with the “wait-to-restore” time interval.

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
enable Enable revert mode to ERPS ring.
disable Disable revert mode from ERPS ring.

Default
The default is the revertive mode (enable).

Usage Guidelines
Use this command to enable/disable a G.8032 ring to revert to the original ring
protection link (RPL) block state.

Example
The following command disables revert mode from an ERPS ring named “ring1”:

configure erps ring1 revert disable

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

configure erps ring-ports east | west

configure erps ring-name ring-ports [east | west] port

Description
Add ring ports on the ERPS ring. Ths ring ports connect the switch to the ERPS ring.

Switch Engine™ Command Reference Guide for version 32.7.1 481

Syntax Description Commands

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
east Add the ring port to the east port of the switch.
west Add the ring port to the west port of the switch.
port The slot:port number for the ring port.

Default
N/A.

Usage Guidelines
Use this command to add ring ports on the ERPS ring. The ring ports can be added to
the east or west port of the switch. The ring ports connect the switch to the ERPS ring.

Example
The following command adds port 5 as a ring port on the east port of the switch for an
ERPS ring named “ring1”:

configure erps ring1 add ring-ports east 5

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

configure erps subring-mode

configure erps ring_name subring-mode [no-virtualChannel |
virtualChannel]

Description
Configures sub-ring mode.

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
no-virtualChannel No Virtual Channel required to complete it's control path.
virtualChannel Virtual Channel required to complete it's control path.

482 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
Use this command to add or delete ERPS sub-rings.

Example
The following example configures a virtual channel for the control path:

configure erps ring1 subring-mode virtualChannel

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all platforms that are running ExtremeXOS.

configure erps sub-ring

configure {erps} ring-name [add | delete] sub-ring-name sub_ring

Description
Add or delete a sub-ring to the main ring.

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
add Add sub-ring.
delete Delete sub-ring.
sub_ring Alphanumeric string identifying the ERPS sub-ring.

Default
N/A.

Usage Guidelines
Use this command to add or delete ERPS sub-rings.

Switch Engine™ Command Reference Guide for version 32.7.1 483

Example Commands

Example
The following example adds sub-ring “ring2” to “ring1”:

configure erps ring1 add sub-ring-name ring2

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

configure erps timer guard

configure {erps} ring-name timer guard [ default | milliseconds ]

Description
Configure a guard timer to control when the node should act on received R-APS (ring
automatic protection switching) messages.

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
default The default value, 500 milliseconds.
milliseconds The interval for the guard timer in milliseconds, with a
range of 10 to 2000.

Default
The default is 500 milliseconds.

Usage Guidelines
Use this command to configure a guard timer to control when the node should act on
received R-APS messages.

Example
The following command sets the guard timer to 1000 milliseconds for an ERPS ring
named “ring1”:

configure erps ring1 timer guard 1000

484 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

configure erps timer hold-off

configure {erps} ring-name timer hold-off [ default | milliseconds ]

Description
Configure a hold-off timer to control when a signal fault is relayed.

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
default The default value, 0 milliseconds.
milliseconds The interval for the hold-off time in milliseconds, with a
range of 0 to 10000.

Default
The default is 0 milliseconds.

Usage Guidelines
Use this command to configure a hold-off timer to control when a signal fault is
relayed.

Example
The following command sets the hold-off timer to 1000 milliseconds for an ERPS ring
named “ring1”:

configure erps ring1 timer hold-off 1000

History
This command was first available in ExtremeXOS 15.1.

Switch Engine™ Command Reference Guide for version 32.7.1 485

Platform Availability Commands

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

configure erps timer periodic

configure {erps} ring-name timer periodic [ default | milliseconds ]

Description
Configure a periodic timer to control the interval between signal failures.

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
default The default value, 5000 milliseconds.
milliseconds The interval for the periodic time in milliseconds, with a
range of 2000 to 7000.

Default
The default is 5000 milliseconds.

Usage Guidelines
Use this command to configure a periodic timer to control the interval between signal
failure.

Example
The following command sets the periodic timer to 6000 milliseconds for an ERPS ring
named “ring1”:

configure erps ring1 timer periodic 6000

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

486 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure erps timer wait-to-block

configure erps timer wait-to-block

configure {erps} ring-name timer wait-to-block [ default | milliseconds]

Description
Configure a wait-to-block timer for revertive operations on RPL owner initiated
reversion.

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
default The default value, 5500 milliseconds.
milliseconds The time interval to wait before restoring, with a range of
5000 to 7000 milliseconds.

Default
The default is 5500 milliseconds.

Usage Guidelines
Use this command to configure a wait-to-block timer for revertive operations on RPL
owner-initiated reversion.

Example
The following command sets the wait-to-block timer to 6000 milliseconds for an ERPS
ring named “ring1”:

configure erps ring1 timer wait-to-block 6000

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

configure erps timer wait-to-restore

configure {erps} ring-name timer wait-to-restore [ default |
milliseconds ]

Switch Engine™ Command Reference Guide for version 32.7.1 487

Description Commands

Description
Configure a time interval to wait before restoring.

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
default The default value, 300000 milliseconds.
milliseconds The time interval to wait before restoring, with a range of 0
to 720000 milliseconds.

Default
The default is 300000 milliseconds.

Usage Guidelines
Use this command to configure a time interval to wait before restoring.

Example
The following command sets the wait-to-restore timer to 3000 milliseconds for an
ERPS ring named “ring1”:

configure erps ring1 timer wait-to-restore 3000

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

configure erps topology-change

configure erps ring-name [add |delete] topology-changering-list

Description
Identify the rings to which topology change events need to be propagated.

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
add Add rings/sub-rings to topology change propagation list.

488 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

delete Delete rings/sub-rings from topology change propagation

list.
ring-list List of ERPS rings/sub-rings to which topology change
needs to be propagated.

Default
N/A.

Usage Guidelines
Use this command to add or delete ERPS rings/sub-rings from the topology change
propagation list.

Example
Example output not yet available and will be provided in a future release.

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

configure esrp add elrp-poll ports

configure esrp esrpDomain add elrp-poll ports [ports | all]

Description
Configures the ports of an ESRP domain where ELRP packet transmission is requested
by ESRP.

Syntax Description
esrpDomain Specifies an ESRP domain name.
ports Specifies list of slots and ports.
all Specifies all ports in the ESRP domain.

Default
All ports of an ESRP domain have ELRP transmission enabled.

Switch Engine™ Command Reference Guide for version 32.7.1 489

Usage Guidelines Commands

Usage Guidelines
This command allows you to configure the ports in your network that might experience
loops, such as ports that connect to master, slave, or ESRP-aware switches, to receive
ELRP packets. You do not need to send ELRP packets to host ports.

Example
The following command enables ELRP packet transmission for slot 2, ports 3-5 on ESRP
domain esrp1:
configure esrp esrp1 add elrp-poll ports 2:3-2:5

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp add master

configure esrp esrpDomain add master vlan_name

Description
Adds a master VLAN to an ESRP domain.

Syntax Description
esrpDomain Specifies the name of an ESRP domain.
vlan_name Specifies the name of the master VLAN.

Default
N/A.

Usage Guidelines
You must configure one master VLAN for each ESRP domain. A master VLAN can
belong to one ESRP domain only. An ESRP domain contains one master and zero or
more member VLANs.

The master VLAN:

• Exchanges ESRP PDUs, hello messages, and data between a pair of ESRP-enabled
switches.

490 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

• Contains the total number of active physical ports that are counted when
determining the master ESRP domain. The switch with the highest number of active
ports takes priority.

Master VLANs can have their own set of ports, and member VLANs can have a different
set of ports. The state of the ESRP device determines whether the ports in the master
and member VLANs are in the forwarding or blocking state.

Example
The following command adds VLAN purple to the ESRP domain esrp1 as the master
VLAN:

configure esrp esrp1 add master purple

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp add member

configure esrp esrpDomain add member vlan_name

Description
Adds a member VLAN to an ESRP domain.

Syntax Description
esrpDomain Specifies the name of an ESRP domain.
vlan_name Specifies the name of the member VLAN.

Default
N/A.

Usage Guidelines
You can configure zero or more member VLANs for each ESRP domain. An ESRP
domain contains one master and zero or more member VLANs.

Switch Engine™ Command Reference Guide for version 32.7.1 491

Example Commands

Master VLANs can have their own set of ports, and member VLANs can have a different
set of ports. The state of the ESRP device determines whether the ports in the master
and member VLANs are in the forwarding or blocking state.

Example
The following command adds VLAN green to the ESRP domain esrp1 as a member
VLAN:

configure esrp esrp1 add member vlan green

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp add track-environment

configure esrp esrpDomain add track-environment failover priority

Description
Configures an ESRP domain to track environmental failures.

Syntax Description
esrpDomain Specifies an ESRP domain name.
priority Specifies a number between 0 and 254. The default priority
is 255. See the following "Usage Guidelines" section for
more information.

Default
No environmental tracking.

Usage Guidelines
Environmental tracking tracks power supply temperature status.

If a failure is detected, the ESRP domain priority steps to the failover-priority value
specified. By setting the failover priority to be lower than the normal priority of the
domain, it causes the affected domain to go into slave mode.

492 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

The range of the priority value is 0 to 254. Setting the priority to 255 configures the
switch to slave mode, and to be ineligible to become the master. The switch remains in
slave mode even when the VLAN fails over from the current master.

To make effective use of this feature, the normal priority of the ESRP domain must be
higher than the failover priority of this command.

Example
The following command enables environmental failure tracking, and specifies that the
ESRP priority for ESRP domain esrp1 be set to 10 upon an environmental failure.

configure esrp esrp1 add track-environment failover 10

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp add track-iproute

configure esrp esrpDomain add track-iproute ipaddress/masklength

Description
Configures an ESRP domain to track a route entry in the system’s routing table.

Syntax Description
esrpDomain Specifies an ESRP domain name.
ipaddress Specifies the IPv4 address of the route entry to be tracked.
masklength Specifies the subnet of the route entry to be tracked.

Default
Disabled.

Usage Guidelines
The track-ip metric consists of the total number of tracked IPv4 routes that are up or
functional.

Switch Engine™ Command Reference Guide for version 32.7.1 493

Example Commands

An ESRP domain can track eight IPv4 routes.

Note
ESRP route tracking is not supported on IPv6 networks.

Example
The following command enables IPv4 route failure tracking for routes to the specified
subnet:

configure esrp esrp1 add track-iproute 192.168.46.0/24

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp add track-ping

configure esrp esrpDomain add track-ping ipaddress {frequency seconds}
{miss misses} {success successes}

Description
Configures an ESRP domain to track an external gateway using ping.

Syntax Description
esrpDomain Specifies an ESRP domain name.
ipaddress Specifies the IPv4 address of the external gateway.
frequency Specifies setting the interval between ping requests.
seconds Sets the value for the interval in seconds between ping
requests. The range is 1 to 600 seconds. Default is 15.
miss Specifies the number of consecutive ping fails required for
tracking fail.
misses Sets the number of consecutive failed pings to declare
tracking has failed. Range is 1 to 256. Default is 4.
success Specifies setting the number of consecutive ping
successes required for tracking success.
successes Sets the number of consecutive successful pings to declare
tracking has succeeded. Range is 1 to 256. Default is 4.

494 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
No ping tracking.

Ping successes required for tracking to succeed is 4 by default.

Ping fails required for tracking to fails is 4 by default.

The interval between ping requests is 15 seconds by default.

Usage Guidelines
The tracked-ping metric consists of the total number of stations that are successfully
tracked using ping. ESRP uses an aggregate of tracked pings and traced routes to track
an external gateway.

An ESRP domain can track eight stations.

Note
ESRP ping tracking is not supported on IPv6 networks.

To change any of the options for track-ping, you must delete track-ping on the ESRP
domain (configure esrp esrpDomain delete track-ping ipaddress ), and then
configure it as desired.

To view track-ping options, use the command show esrp { {name} | {type [vpls-
redundancy | standard]} } .

Example
The following command enables ping tracking for the external gateway at 10.207.29.17,
pinging every 10 seconds, and considering the gateway to be unreachable if no
response is received to 5 consecutive pings:
configure esrp esrp1 add track-ping 10.207.29.17 frequency 10 miss 5

History
This command was first available in ExtremeXOS 11.0.

The success option was added in ExtremeXOS 22.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp add track-vlan

configure esrp esrpDomain add track-vlan vlan_name

Switch Engine™ Command Reference Guide for version 32.7.1 495

Description Commands

Description
Configures an ESRP domain to track port connectivity to a specified VLAN.

Syntax Description
esrpDomain Specifies an ESRP domain name.
vlan_name Specifies the VLAN to be tracked.

Default
Disabled.

Usage Guidelines
The track-vlan metric is derived from the total number of active physical ports on the
VLAN being tracked by the ESRP domain.

If more than one VLAN shares a physical link, each VLAN counts the physical link.

The ESRP switch should have a higher priority number than its neighbors to ensure
master election.

An ESRP domain can track one VLAN, and the tracked VLAN should not be a member
of any other ESRP domain in the system.

Example
The following command enables ESRP domain esrp1 to track port connectivity to VLAN
engineering:

configure esrp esrp1 add track-vlan engineering

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp aware add selective-forward-ports

configure esrp domain aware add selective-forward-ports port_list {group
group number}

496 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Enables selective forwarding by creating an aware port list and adds additional ports to
the list.

Syntax Description
domain Specifies an ESRP domain name.
port_list Specifies the ports to be added to the aware port list.
group number Specifies the ESRP group within the given domain name

Default
The group number defaults to '0'.

Usage Guidelines
An ESRP-aware switch floods ESRP PDUs from all ports in an ESRP-aware VLAN. This
flooding creates unnecessary network traffic because some ports forward ESRP PDUs
to switches that are not running the same ESRP groups. You can select the ports
that are appropriate for forwarding ESRP PDUs by configuring selective forwarding
on an ESRP-aware VLAN and thus reduce this excess traffic. Configuring selective
forwarding creates a port list of only those ports that forward to the ESRP groups that
are associated with an ESRP-aware VLAN. This ESRP-aware port list is then used for
forwarding ESRP PDUs.

Use this command to create or add to an existing port list for the ESRP groups
associated with an ESRP-aware VLAN.

Example
The following command configures esrp domain (d1) to forward ESRP PDUs on ports
5:1, 5:2, and 6:2.

configure esrp d1 aware add selective-forward-ports 5:1,5:2,6:2 group 0

History
This command was first available in Extreme XOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 497

configure esrp aware delete selective-forward-ports Commands

configure esrp aware delete selective-forward-ports

configure esrp domain aware delete selective-forward-ports all|port_list
{group group number }

Description
Disables all or part of selective forwarding by deleting ports from the ESRP-aware port
list.

Syntax Description
domain Specifies an ESRP domain name.
all Specifies that all of the ports are to be disabled.
port_list Specifies the ports to be disabled from the ESRP-aware
port list.
group number Specifies the ESRP group within the given domain name

Default
The group number defaults to '0'.

Usage Guidelines
By configuring selective forwarding, you create an ESRP-aware port list of only those
ports that forward to the ESRP groups that are associated with an ESRP-aware VLAN.
That port list is used for forwarding ESRP PDUs from the selected ports only of an
ESRP-aware switch.

Use this command to delete one or more or all of the ports from an ESRP-aware port
list. Deleting all of the ports puts the domain back to the default state.

Example
The following command configures esrp domain (d1) to exclude ESRP PDUs on ports
5:1, 5:2, and 6:2.

configure esrp d1 aware delete selective-forward-ports 5:1,5:2,6:2 group 0

History
This command was first available in Extreme XOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

498 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure esrp delete elrp-poll ports

configure esrp delete elrp-poll ports

configure esrp esrpDomain delete elrp-poll ports [ports | all]

Descriptioin
Disables ELRP packet transmission on ports of an ESRP domain.

Syntax Description
esrpDomain Specifies an ESRP domain name.
ports Specifies list of slots and ports in the ESRP domain.
all Specifies all ports in the ESRP domain.

Default
All ports of an ESRP domain have ELRP transmission enabled.

Usage Guidelines
If you have host ports on an ESRP domain, you do not need to send ELRP packets to
those ports.

If you change your network configuration, and a port no longer connects to a master,
slave, or ESRP-aware switch, you can disable ELRP transmission on that port.

Example
The following command disables ELRP packet transmission for slot 2, ports 3-5 on ESRP
domain esrp1:

configure vlan esrp1 delete elrp-poll ports 2:3-2:5

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp delete master

configure esrp esrpDomain delete master vlan_name

Switch Engine™ Command Reference Guide for version 32.7.1 499

Description Commands

Description
Deletes the specifies master VLAN from the specified ESRP domain.

Syntax Description
esrpDomain Specifies the name of an ESRP domain.
vlan_name Specifies the name of the master VLAN.

Default
N/A.

Usage Guidelines
You must disable the ESRP domain before removing the master VLAN. To disable the
ESRP domain, use the disable esrp {esrpDomain} command.

If you attempt to remove the master VLAN before disabling the ESRP domain, the
switch displays an error message similar to the following:

ERROR: Failed to delete master vlan for domain "esrp1" ; ESRP is enabled!

If this happens, disable the ESRP domain and re-issue the configure esrp delete
master command.

Example
The following command deletes the master VLAN purple from the ESRP domain esrp1:

configure esrp esrp1 delete master purple

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp delete member

configure esrp esrpDomain delete member vlan_name

Description
Deletes a member VLAN from the specified ESRP domain.

500 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
esrpDomain Specifies the name of an ESRP domain.
vlan_name Specifies the name of the member VLAN.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes the member VLAN green from the ESRP domain esrp1:

configure esrp esrp1 delete member vlan green

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp delete track-environment

configure esrp esrpDomain delete track-environment

Descriptioin
Disables environmental failure tracking for an ESRP domain.

Syntax Description
esrpDomain Specifies an ESRP domain name.

Default
No environmental tracking.

Usage Guidelines
None.

Switch Engine™ Command Reference Guide for version 32.7.1 501

Example Commands

Example
The following command disables environmental failure tracking for ESRP domain esrp1:

configure esrp esrp1 delete track-environment

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp delete track-iproute

configure esrp esrpDomain delete track-iproute ipaddress/masklength

Description
Disables route entry tracking for an ESRP domain.

Syntax Description
esrpDomain Specifies an ESRP domain name.
ipaddress Specifies the IPv4 address of a tracked route entry.
masklength Specifies the subnet of a tracked route entry.

Default
Disabled.

Usage Guidelines
If you disable route tracking for a failed route, the ESRP domain recovers from the
forced standby state.

If you disable route tracking for a route that is up and functional, there is no impact on
the ESRP state.

Example
The following command disables tracking of routes to the specified subnet for ESRP
domain esrp1:

configure esrp esrp1 delete track-iproute 192.168.46.0/24

502 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp delete track-ping

configure esrp esrpDomain delete track-ping ipaddress

Description
Disables the tracking of an external gateway using ping.

Syntax Description
esrpDomain Specifies an ESRP domain name.
ipaddress Specifies the IPv4 address of the external gateway.

Default
No ping tracking.

Usage Guidelines
If you disable ping tracking for a failed ping, the ESRP domain recovers from the forced
standby state.

If you disable route tracking for a successful ping, there is no impact on the ESRP state.

Example
The following command disables ping tracking for the external gateway at 10.207.29.17:

configure esrp esrp1 delete track-ping 10.207.29.17

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 503

configure esrp delete track-vlan Commands

configure esrp delete track-vlan

configure esrp esrpDomain delete track-vlan vlan_name

Description
Disables the tracking of port connectivity to a specified VLAN.

Syntax Description
esrpDomain Specifies an ESRP domain name.
vlan_name Specifies the VLAN to be tracked.

Default
Disabled.

Usage Guidelines
If you delete a VLAN that is down, the ESRP domain recovers from the forced standby
state.

Example
The following command disables the tracking of port connectivity to VLAN
engineering:

configure esrp esrp1 delete track-vlan engineering

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp domain-id

configure esrp esrpDomain domain-id number

Description
Assigns an ESRP domain ID to an ESRP domain.

504 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
esrpDomain Specifies the name of an ESRP domain.
number Specifies the number to use for the ESRP domain ID. The
user-configured ID range is 4096 through 65,535.

Default
If the master VLAN is tagged, ESRP uses that VLANid for the ESRP domain ID. If the
master VLAN is untagged, you must specify the ESRP domain ID.

Usage Guidelines
Before you enable a specific ESRP domain, it must have a domain ID. A domain ID is
either a user-configured number or the VLANid of the tagged master VLAN. If you do
not have a domain ID, you cannot enable ESRP on that domain.

Each switch participating in ESRP for a particular domain must have the same domain
ID configured.

The number parameter range for user-configured domain IDs is 4096 through 65,535.

If the master VLAN is tagged, you can use that VLANid for the ESRP domain ID. The
range for VLAN tags is 2 through 4095. Tag 1 is assigned to the default VLAN.

Example
The following command assigns the domain ID 5000 to ESRP domain esrp1:

configure esrp esrp1 domain-id 5000

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp election-policy

configure esrp esrpDomain election-policy [ports > track > priority |
ports > track > priority > mac | priority > mac | priority > ports >
track > mac | priority > track > ports > mac | sticky > ports > track
> priority | sticky > ports > track > priority > mac | sticky > ports
> weight > track > priority > mac | sticky > priority > mac | sticky
> priority > ports > track > mac | sticky > priority > track > ports
> mac | sticky > track > ports > priority | sticky > track > ports >

Switch Engine™ Command Reference Guide for version 32.7.1 505

Description Commands

priority > mac | track > ports > priority | track > ports > priority
> mac]

Description
Configures the election algorithm on the switch.

Syntax Description
esrpDomain Specifies an ESRP domain name.
ports > track > Specifies that this ESRP domain should consider election
priority factors in the following order: Active ports, tracking
information, ESRP priority.
ports > track > Specifies that this ESRP domain should consider election
priority > mac factors in the following order: Active ports, tracking
information, ESRP priority, MAC address.

Note: This is the default election algorithm for standard

mode.

priority > mac Specifies that this ESRP domain should consider election
factors in the following order: ESRP priority, MAC address.
priority > ports > Specifies that this ESRP domain should consider election
track > mac factors in the following order: ESRP priority, active ports,
tracking information, MAC address.
priority > track > Specifies that this ESRP domain should consider election
ports > mac factors in the following order: ESRP priority, tracking
information, active ports, MAC address.
sticky > ports > Specifies that this ESRP domain should consider election
track > priority factors in the following order: Stickiness, active ports,
tracking information, ESRP priority.
sticky > ports > Specifies that this ESRP domain should consider election
track > priority > factors in the following order: Stickiness, active ports,
mac tracking information, ESRP priority, MAC address.
sticky > ports > Specifies that this ESRP domain should consider election
weight > track > factors in the following order: Stickiness, active ports, port
priority > mac weight, tracking information, ESRP priority, MAC address.

Note: Beginning with ExtremeXOS 11.1 and later, this is the

default election algorithm for extended mode.

sticky > priority > Specifies that this ESRP domain should consider election
mac factors in the following order: Stickiness, ESRP priority,
MAC address.
sticky > priority > Specifies that this ESRP domain should consider election
ports > track > mac factors in the following order: Stickiness, ESRP priority,
active ports, tracking information, MAC address.
sticky > priority > Specifies that this ESRP domain should consider election
track > ports > mac factors in the following order: Stickiness, ESRP priority,
tracking information, active ports, MAC address.

506 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

sticky > track > Specifies that this ESRP domain should consider election
ports > priority factors in the following order: Stickiness, tracking
information, active ports, ESRP priority.
sticky > track > Specifies that this ESRP domain should consider election
ports > priority > factors in the following order: Stickiness, tracking
mac information, active ports, ESRP priority, MAC address.
track > ports > Specifies that this ESRP domain should consider election
priority factors in the following order: Tracking information, active
ports, ESRP priority.
track > ports > Specifies that this ESRP domain should consider election
priority > mac factors in the following order: Tracking information, active
ports, ESRP priority, MAC address.

Default
In extended mode, the default election algorithm is sticky > ports > weight > track >
priority > mac.

In standard mode, the default election algorithm is ports > track > priority > mac.

Usage Guidelines
The election algorithm determines the order of precedence of the election factors used
to determine the ESRP Master. The election factors are:
• Stickiness (sticky): the switch with the higher sticky value has higher priority. When
an ESRP domain claims master, its sticky value is set to 1 (available in extended
mode only).
• Active Ports (ports): the number of active ports (the switch with the highest number
takes priority)
• Tracking Information (track): whether the switch is using ESRP tracking. A switch
using tracking has priority.
• ESRP Priority (priority): a user-defined priority number between 0 and 254. A higher
number has higher priority. The default priority setting is 0. A priority setting of
255 makes an ESRP switch a standby switch that remains in slave mode until you
change the priority setting. We recommend this setting for system maintenance. A
switch with a priority setting of 255 never becomes the master.
• MAC address (mac): the switch MAC address. A higher-number address has priority.
• Active port weight (weight)—The switch that has the highest port weight takes
precedence. The bandwidth of the port automatically determines the port weight
(available only in extended mode). ESRP does not count ports with a weight of 0
(known as don’t count ports) regardless of ESRP running in extended or standard
mode.

The election algorithm must be the same on all switches for a particular ESRP domain.
The election algorithms that use sticky are and weight are available in extended mode
only.

Switch Engine™ Command Reference Guide for version 32.7.1 507

Factors to Consider Commands

In ExtremeXOS 11.0, the extended mode default election algorithm is: sticky > ports >
track > priority > mac > weight. This election algorithm is not supported in ExtremeXOS
11.1.

Factors to Consider
The ports-track-priority or track-ports-priority options can be used to ensure that there
is no failback if the original Master recovers (the Master has the same ports, tracks and
priority, but a higher MAC).

Any of the options with sticky can also be used to ensure that there is no failback if
the original master recovers. With sticky, if an event causes the ESRP master to failover,
ESRP assigns the new master with the sticky count of 1. After sticky is set on the master,
regardless of changes to its neighbor’s election algorithm, the new master retains
its position. For example, adding active ports to the slave does not cause the new
master to failback to the original master, even if the slave has more active ports than
the master. Sticky algorithms provide for fewer network interruptions than non-sticky
algorithms. Sticky is set on the master switch only.

ESRP re-election can occur if sticky is set on the master and a local event occurs.
During this time, if the current master has lower election parameters, the backup can
become the new master.

Switch Behavior
If a switch is master, it actively provides Layer 3 routing services to other VLANs,
and Layer 2 switching between all the ports of that VLAN. Additionally, the switch
exchanges ESRP packets with other switches that are in slave mode.

If a switch is in slave mode, it exchanges ESRP packets with other switches on that
same VLAN. When a switch is in slave mode, it does not perform Layer 3 routing or
Layer 2 switching services for the VLAN.

Updating the Election Algorithm

ESRP uses the default election policy for extended mode. If you have an ESRP domain
operating in standard mode, the domain ignores the sticky and weight algorithms.
To change the election algorithm, you must first disable the ESRP domain and then
configure the new election algorithm. If you attempt to change the election algorithm
without disabling the domain first, an error message appears.

To disable the ESRP domain, use the following command:

disable esrp {esrpDomain}

To modify the election algorithm, use the following command:

configure esrp esrpDomain election-policy [ports > track > priority |
ports > track > priority > mac | priority > mac | priority > ports >
track > mac | priority > track > ports > mac | sticky > ports > track
> priority | sticky > ports > track > priority > mac | sticky > ports

508 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

> weight > track > priority > mac | sticky > priority > mac | sticky >
priority > ports > track > mac | sticky > priority > track > ports > mac
| sticky > track > ports > priority | sticky > track > ports > priority
> mac | track > ports > priority | track > ports > priority > mac]

If you attempt to use an election algorithm not supported by the switch, an error
message similar to the following appears:

ERROR: Specified election-policy is not supported!

Supported Policies:
1. sticky > ports > weight > track > priority > mac
2. ports > track > priority
3. sticky > ports > track > priority
4. ports > track > priority > mac
5. sticky > ports > track > priority > mac
6. priority > mac
7. sticky > priority > mac
8. priority > ports > track > mac
9. sticky > priority > ports > track > mac
10. priority > track > ports > mac
11. sticky > priority > track > ports > mac
12. track > ports > priority
13. sticky > track > ports > priority
14. track > ports > priority > mac
15. sticky > track > ports > priority > mac

Example
The following example configures the election algorithm to use tracking information as
the first criteria for determining the ESRP master switch for ESRP domain esrp1:
configure esrp esrp1 election-policy track > ports > priority > mac

History
This command was first available in ExtremeXOS 11.0.

The default election algorithm for extended mode was updated to sticky > ports >
weight > track > priority > mac, and the weight election factor was used in ExtremeXOS
11.1. The sticky > ports > track > priority > mac > weight election algorithm is not
supported in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp elrp-master-poll disable

configure esrp esrpDomain elrp-master-poll disable

Description
Disables the use of ELRP by ESRP in the master state.

Switch Engine™ Command Reference Guide for version 32.7.1 509

Syntax Description Commands

Syntax Description
esrpDomain Specifies an ESRP domain name.

Default
Disabled.

Usage Guidelines
Use this command to disable the use of ELRP by ESRP in the master state. When
you disable ELRP, the ESRP master switch no longer transmits ELRP PDUs to detect
network loops.

Example
The following command disables the use of ELRP in the master state on ESRP domain
elrp1:

configure esrp elrp1 esrp elrp-master poll disable

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp elrp-master-poll enable

configure esrp esrpDomain elrp-master-poll enable {interval interval}

Description
Enables the use of ELRP by ESRP in the master state, and configures how often the
master checks for loops in the network.

Syntax Description
esrpDomain Specifies an ESRP domain name.
interval Specifies how often, in seconds, successive ELRP packets
are sent. The default is 1 second. The range is 1 to 64
seconds.

510 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
• Use of ELRP in the master state—disabled
• Interval—1 second

Usage Guidelines
Use this command to enable the use of ELRP by ESRP in the master state. When an
ESRP-enabled switch is in the master state, and you enable elrp-master-poll, the switch
periodically sends ELRP PDUs at the configured interval level. If a loop is detected in
the network, the transmitted PDUs are received by the switch. The ESRP master switch
then transitions to the slave state to break the network loop.

We recommend that you enable both premaster and master polling when using ELRP
with ESRP. To enable premaster polling, use the configure esrp esrpDomain elrp-
premaster-poll enable {count count | interval interval} .

If you attempt to configure master polling before premaster polling, the switch displays
an error message similar to the following:
ERROR: Premaster-poll should be enabled before enabling master-poll!

If this happens, first configure premaster polling followed by master polling (if
required).

Specify the interval parameter to configure how often successive ELRP PDUs are sent
while in the master state. If you do not specify an interval value, the default value is
used.

Example
The following command enables the use of ELRP in the master state on ESRP domain
elrp1:

configure esrp elrp1 esrp elrp-master poll enable

The following command configures the ESRP master to check for loops in the network
every 3 seconds:

configure esrp elrp1 esrp elrp-master-poll enable interval 3

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 511

configure esrp elrp-premaster-poll disable Commands

configure esrp elrp-premaster-poll disable

configure esrp esrpDomain elrp-premaster-poll disable

Description
Disables the use of ELRP by ESRP in the pre-master state.

Syntax Description
esrpDomain Specifies an ESRP domain name.

Default
Disabled.

Usage Guidelines
Use this command to disable the use of ELRP by ESRP in the pre-master state. When
you disable ELRP in the pre-master state, the ESRP pre-master switch no longer
transmits ELRP PDUs to detect network loops prior to changing to the master state.

Example
The following command disables the use of ELRP in the pre-master state on the ESRP
domain elrp1:

configure esrp elrp1 esrp elrp-premaster poll disable

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp elrp-premaster-poll enable

configure esrp esrpDomain elrp-premaster-poll enable {count count |
interval interval}

Description
Enables the use of ELRP by ESRP in the pre-master state, and configures how many
times the switch sends ELRP PDUs and how often the switch sends ELRP PDUS in the
pre-master state.

512 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
esrpDomain Specifies an ESRP domain name.
count Specifies the number of times the switch sends ELRP
PDUs. The default is 3. The range is 1 to 32.
interval Specifies how often, in seconds, the ELRP PDUs are sent.
The default is 1 second. The range is 1 to 32 seconds.

Default
• Use of ELRP in the pre-master state—disabled
• Count—3 times
• Interval—1 second

Usage Guidelines
Use this command to enable the use of ELRP by ESRP in the pre-master state to
prevent network loops from occurring. When an ESRP-enabled switch is in the pre-
master state (waiting to become the master), and you enable elrp-premaster-poll, the
switch periodically sends ELRP PDUs at the configure level for a specified number of
times. If there is a loop in the network, the transmitted PDUs are received by the switch.
If this happens, the ESRP pre-master switch does not transition to the master state;
rather, the switch transitions to the slave state.

We recommend that you enable both premaster and master polling when using ELRP
with ESRP. To enable master polling, use the configure esrp esrpDomain elrp-
master-poll enable {interval interval} .

If you attempt to configure master polling before premaster polling, the switch displays
an error message similar to the following:
ERROR: Premaster-poll should be enabled before enabling master-poll!

If this happens, first configure premaster polling followed by master polling (if
required).

If you do not specify the optional count or interval parameters, the default values are
used.

If the sender does not receive packets, there is no loop in the network.

Example
The following command enables the use of ELRP—with the default settings—in the
pre-master state on ESRP domain elrp1:

configure esrp elrp1 esrp elrp-premaster poll enable

Switch Engine™ Command Reference Guide for version 32.7.1 513

History Commands

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp group

configure esrp esrpDomain group number

Description
Configures the group number to be used for the ESRP domain.

Syntax Description
esrpDomain Specifies an ESRP domain name.
group number Specifies the ESRP group number to which this ESRP
domain should be added. The range is 0 through 31.

Default
The default group number is 0.

Usage Guidelines
Each group runs an instance of ESRP within the same VLAN or broadcast domain. A
maximum of seven ESRP groups can be defined within the same networked broadcast
domain. In addition, a maximum of seven distinct ESRP groups can be supported on a
single ESRP switch. You can configure a maximum of 32 ESRP groups in a network.

The range for the group_number parameter is 0 through 31.

The most typical application for multiple ESRP groups is when two or more sets of
ESRP switches are providing fast-failover protection within a common subnet for two
or more groups of users. An additional use for ESRP groups is ESRP Host Attach; ESRP
VLANs that share the same ESRP HA ports must be members of different ESRP groups.

You must first disable an ESRP domain before you modify an existing or add a new
group number. If you try to modify the group number without disabling the ESRP
domain, an error message similar to the following is displayed:

ERROR: can't change ESRP group for active domain "esrp1"!

To disable an ESRP domain, use the disable esrp {esrpDomain} command.

514 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command configures ESRP domain esrp1 to be a member of ESRP group
2:

configure esrp esrp-1 group 2

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp mode

configure esrp mode [extended | standard]

Description
Configures the mode of operation for ESRP on the switch.

Syntax Description
extended Specifies ESRP extended mode for devices running both non-
Universal and modern NOS versions.
standard Specifies ESRP standard mode for devices running modern NOS
versions.

Default
The default mode is extended.

Example
The following command configures ESRP to run in standard mode:

configure esrp mode standard

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 515

configure esrp name Commands

configure esrp name

configure esrp esrpDomain name new-name

Description
Renames an existing ESRP domain.

Syntax Description
esrpDomain Specifies the current name of an ESRP domain.
new-name Specifies a new name for the ESRP domain.

Default
N/A.

Usage Guidelines
The maximum length for a name is 32 characters. Names can contain alphanumeric
characters and underscores ( _ ) but cannot be any reserved keywords, for example,
esrp. Names must start with an alphabetical character, for example, a, Z.

You can rename an ESRP domain regardless of its current state.

Example
The following command renames ESRP domain esrp1 to esrp3:

configure esrp esrp1 name esrp3

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp ports mode

configure esrp ports ports mode [host | normal]

Description
Configures the ESRP port mode for ESRP host attach.

516 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
ports Specifies one or more ports or slots and ports that should
be configured.
host Specifies that the ports should be configured as host ports.
normal Specifies that the ports should be configured as normal
ports.

Default
The default port mode is normal.

Usage Guidelines
Ports configured as normal ports do not accept or transmit Layer 2 or Layer 3 traffic
when the local ESRP device is a slave.

Ports configured as host ports allow the network to continue operation independent
of ESRP status. The command sets the port to forward, allowing those ports directly
attached to the slave’s hosts to communicate with other hosts that are connected
to the master. If you use load sharing with the ESRP HA feature, configure the load-
sharing group first and then enable Host Attach on the group.

A Layer 2 connection for VLANs between ESRP switches is required.

An ESRP Host Attach port cannot be a mirroring port, software-controlled redundant

port, or Netlogin port.

Example
The following command configures ports 1 through 5 on slot 3 as host ports:

configure esrp port 3:1-3:5 mode host

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp ports no-restart

configure esrp ports ports no-restart

Switch Engine™ Command Reference Guide for version 32.7.1 517

Description Commands

Description
Disables port restart for a port.

Syntax Description
ports Specifies one or more ports or slots and ports.

Default
N/A.

Usage Guidelines
None.

Example
The following command disables port restart for ports 7-9 in slot 3 in the ESRP master
domain:

configure esrp port 3:7-3:9 no-restart

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp ports restart

configure esrp ports ports restart

Description
Configures ESRP to restart ports if there is a state change and the downstream switch
is from another vendor.

Syntax Description
ports Specifies one or more ports or slots and ports.

Default
N/A.

518 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
If an ESRP domain becomes a slave, ESRP disconnects member ports that have
port restart enabled. The disconnection of these ports causes downstream devices
to remove the ports from their FDB tables. After 3 seconds the ports re-establish
connection with the ESRP-enabled device. This feature allows you to use ESRP in
networks that include equipment from other vendors.

If switch becomes a slave, ESRP disconnects the physical links of member ports that
have port restart enabled.

An ESRP restart port cannot be a mirroring port, software-controlled redundant port, or

Netlogin port.

Example
The following command enables port restart for ports 7-9 in slot 3 on the ESRP master
domain:

configure esrp port 3:7-3:9 restart

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp ports weight

configure esrp ports ports weight [auto | port-weight]

Description
Assigns the port weight for the specified ESRP port(s).

Syntax Description
ports Specifies one or more ports or slots and ports.
auto Specifies the switch to calculate the weight of a port based on the
port’s bandwidth and link speed.
port-weight Specifies an ESRP port weight of 0. With a port weight of 0, the
ports are not counted.

Switch Engine™ Command Reference Guide for version 32.7.1 519

Default Commands

Default
The switch automatically calculates the weight of a port based on the bandwidth of the
port.

Usage Guidelines
Use this command to override the automatically calculated port weight.

The port-weight parameter specifies a weight of 0. With this configuration, ESRP does
not count host ports and normal ports as active. With a weight of 0, ESRP experiences
fewer state changes due to frequent client activities like rebooting and unplugging
laptops. A don’t-count port cannot be a mirroring, software-controlled redundant port,
or a Netlogin port.

For load shared ports, configure one master port in the load-share group with the port
weight. A single command specifies the weight for the entire load shared group. You
can specify any port from the load share group in the command. A load-shared port
has an aggregate weight of all of its member ports. If you add or delete a member port
(or trunk), the weight of the master load-shared port is updated. For more information
about load sharing, see Configuring Slots and Ports on a Switch.

Example
The following command configures port 1 on slot 3 with a weight of 0:

configure esrp port 3:1 weight 0

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp priority

configure esrp esrpDomain priority number

Description
Configures the ESRP priority.

Syntax Description
esrpDomain Specifies an ESRP domain number.
number Specifies a number between 0 and 255.

520 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
The default ESRP priority is 0.

Usage Guidelines
The ESRP priority is one of the factors used by the ESRP election algorithm in
determining which switch is the Master switch.

The range of the priority value is 0 to 254, with 0 being the lowest priority, 254 being
the highest. If the ESRP priority is the determining criteria for the election algorithm,
the highest priority value determines which switch acts as master for a particular ESRP
domain.

Setting the priority to 255 configures the switch to slave mode, and to be ineligible to
become the master. The switch remains in slave mode even when the ESRP domain
fails over from the current master. This feature is typically used to ensure a switch
cannot become the ESRP master while it is offline for servicing.

Example
The following command configures the ESRP priority to the highest priority on ESRP
domain esrp1:

configure esrp esrp1 priority 254

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp timer hello

configure esrp esrpDomain timer hello seconds

Description
Configures the ESRP hello timer value.

Syntax Description
esrpDomain Specifies an ESRP domain name.
seconds Specifies the number of seconds between keep-alive packets. The
range is 1 to 255 seconds.

Switch Engine™ Command Reference Guide for version 32.7.1 521

Default Commands

Default
The default hello timer is 2 seconds.

Usage Guidelines
The timer specifies the interval, in seconds, for exchanging keep-alive packets between
the ESRP switches for this ESRP domain. A lower value specifies a more frequent
exchange of keep-alive messages, resulting in the faster detection of a failover
condition. The timer setting must be configured identically for the ESRP domain across
all participating switches. To see the hello settings, use the show esrp { {name} |
{type [vpls-redundancy | standard]} } command.

The seconds range is 1 to 255.

If your configuration contains more than 2,000 ESRP VLANs and 256,000 FDB entries,
we recommend a timer setting greater than 3 seconds.

To view the hello timer settings, use the show esrp { {name} | {type [vpls-
redundancy | standard]} } command.

In a large ESRP configuration, the slave ESRP domain might inadvertently become the
master ESRP domain. This can occur when FDB entries are flushed during a master-
slave transition. To avoid this we recommend the general neighbor and hello timeout
guidelines listed in Table 7 on page 523, which is described in the description for the
configure esrp timer neighbor command.

Example
The following command configures the ESRP hello timer to 4 seconds for the ESRP
domain esrp1:

configure esrp esrp1 timer hello 4

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp timer neighbor

configure esrp esrpDomain timer neighbor seconds

Description
Configures the ESRP neighbor timeout value.

522 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
esrpDomain Specifies an ESRP domain name.
seconds Specifies the number of seconds after which an ESRP
neighbor times out. The range is 6 to 1024 seconds.

Default
The default neighbor timeout is 8 seconds (four times the hello timer).

Usage Guidelines
The neighbor timeout specifies the amount of time that ESRP waits before considering
the neighbor down. The neighbor value must be at least 3 times the hello timer
value. Entering a value outside of that range generates an error message similar to
the following:
operation Failed. Valid timer relationship "neighbor timeout >=
3*hello ; neutral timeout >= 2*hello ; premaster timeout >= 3*hello"!

The seconds range is 3*hello to 1024 seconds.

To view the neighbor timer settings, use the show esrp { {name} | {type [vpls-
redundancy | standard]} } command.

In a large ESRP configuration, the slave ESRP domain might inadvertently become the
master ESRP domain. This can occur when FDB entries are flushed during a master-
slave transition. To avoid this we recommend the general neighbor and hello timeout
guidelines listed in following table.

Table 7: General Neighbor and Hello Timeout

Number of Domains Number of VLANs Suggested Neighbor and Hello Timeout
64 or less 1000 Use the default timer values
64 1000 to 3000 hello >=3, neighbor >=9
128 3000 hello >=4, neighbor >=12

Example
The following command configures the ESRP neighbor timeout to 14 seconds for the
ESRP domain esrp1:

configure esrp esrp1 timer neighbor 14

History
This command was first available in ExtremeXOS 11.0.

Switch Engine™ Command Reference Guide for version 32.7.1 523

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp timer neutral

Configures the ESRP neutral timeout value.
configure esrp esrpDomain timer neutral seconds

Description
Configures the ESRP neutral timeout value.

Syntax Description
esrpDomain Specifies an ESRP domain name.
seconds Specifies the number of seconds after which an ESRP
domain. The range is 4 to 1024 seconds.

Default
The default neutral timeout is 4 seconds (two times the hello timer).

Usage Guidelines
After you create, configure, and enable the ESRP domain, it enters the neutral state.
The neutral timeout specifies the amount of time the ESRP domain stays in this
temporary state before entering the slave state. The neutral value must be at least 2
times the hello timer value. Entering a value outside of that range generates an error
message similar to the following:
operation Failed. Valid timer relationship "neighbor timeout >=
3*hello ; neutral timeout >= 2*hello ; premaster timeout >= 3*hello"!

The seconds range is 2*hello to 1024.

To view the neutral timer settings, use the show esrp { {name} | {type [vpls-
redundancy | standard]} } command.

Example
The following command configures the ESRP neutral timeout to 8 seconds for the
ESRP domain esrp1:

configure esrp esrp1 timer neutral 8

History
This command was first available in ExtremeXOS 11.0.

524 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp timer premaster

configure esrp esrpDomain timer premaster seconds

Description
Configures the ESRP pre-master timeout value.

Syntax Description
esrpDomain Specifies an ESRP domain name.
seconds Specifies the maximum length of time, in seconds, that the
transitioning master VLAN remains in the pre-master state.
The range is 6 to 1024.

Default
The default timeout is 6 seconds (three times the hello timer).

Usage Guidelines
The premaster timer specifies how long the ESRP domain stays in the pre-master state.
The pre-master timer expires if the neighbor agrees to be the slave. The premaster
value must be at least three times the hello timer value. Entering a value outside of that
range generates an error message similar to the following:
operation Failed. Valid timer relationship "neighbor timeout >=
3*hello ; neutral timeout >= 2*hello ; premaster timeout >= 3*hello"!

The seconds range is 3*hello-1024.

To view the pre-master timer settings, use the show esrp { {name} | {type [vpls-
redundancy | standard]} } command.

Caution
Configure the pre-master state timeout only with guidance from Extreme
Networks personnel. Misconfiguration can severely degrade the performance
of ESRP and your switch.

Example
The following command configures the pre-master timeout to 10 seconds for the ESRP
domain esrp1:

configure esrp esrp-1 timer premaster 10

Switch Engine™ Command Reference Guide for version 32.7.1 525

History Commands

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure esrp timer restart

configure esrp esrpDomain timer restart seconds

Description
Configures the ESRP restart timer value.

Syntax Description
esrpDomain Specifies an ESRP domain name.
seconds Specifies the maximum length of time, in seconds, that the
neighbor ESRP switch remains in its current state during
an hitless failover. The range is 2 to 1024.

Default
The default restart timer value is 2 seconds.

Usage Guidelines
The restart timer specifies the amount of time that the neighbor ESRP switch remains
in its current state during a hitless failover. This timer prevent the slave ESRP switch
from trying to become master during a hitless failover.

The seconds range is 2-1024.

To view the restart settings, use the show esrp { {name} | {type [vpls-redundancy
| standard]} } command.

Example
The following command configures the restart timer value to 40 seconds for the ESRP
domain esrp1:

configure esrp esrp-1 timer restart 40

History
This command was first available in ExtremeXOS 11.0.

526 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure failsafe-account
configure failsafe-account {[deny | permit] [all | control | serial |
ssh {vr vr-name} | telnet {vr vr-name}]}

Description
Configures a name and password for the failsafe account, or restricts access to specified
connection types.

Syntax Description
deny Prohibits failsafe account usage over the specified
connection type(s).
permit Allows a failsafe account to be used over the specified
connection type(s).
all Specifies all connection types.
control Specifies internal access between nodes in a SummitStack.
serial Specifies access over the switch console port.
ssh Specifies access using SSH on specified or all virtual
routers.
telnet Specifies access using Telnet on specified or all virtual
routers.

Default
The failsafe account is always configured.

The default connection types over which failsafe account access is permitted are the
same as if permit all is configured.

Usage Guidelines
The failsafe account is the account of last resort to access your switch.

If you use the command with no parameters, you are prompted for the failsafe account
name and prompted twice to specify the password for the account. The password does
not appear on the display at any time. You are not required to know the current failsafe
account and password in order to change it.

If you use the command with the permit or deny parameter, the permitted connection
types are altered as specified.

Switch Engine™ Command Reference Guide for version 32.7.1 527

Example Commands

The failsafe account or permitted connection types are immediately saved to NVRAM
on active nodes in a SummitStack.

Note
The information that you use to configure the failsafe account cannot be
recovered by Extreme Networks. Technical support cannot retrieve passwords
or account names for this account. Protect this information carefully.

Once you enter the failsafe account name, you are prompted to enter the password.
Once you successfully log in to the failsafe account, you are logged in to an admin-level
account.

Example
The following example restricts usage of the failsafe account to the series console port:

# configure failsafe-account deny all

# configure failsafe-account permit serial
# configure failsafe-account permit control

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure fabric attach management-vlan

configure fabric attach management-vlan [vlan_id | vlan_name | untagged
| none | forward [on | off] ]

Description
Specifies the VLAN advertised to Fabric Attach clients for them to use as the
management VLAN.

Syntax Description
management-vlan Specifies setting he VLAN advertised to Fabric Attach
clients for them to use as the management VLAN. (Default
is none.)
vlan_id Specifies the Management VLAN ID tag (1 and 4,094).
vlan_name Specifies the Management VLAN name. The VLAN must be
a tagged VLAN.
untagged Management traffic should be sent untagged.

528 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

none No Fabric Attach Management VLAN is in use.

forward Configures whether Fabric Attach proxy switches send
Management VLAN data to clients.
on Fabric Attach proxy switches send Management VLAN
data to clients (default).
off Fabric Attach proxy switches do not send Management
VLAN data to clients.

Default
Unless configured, there is no Management VLAN by default.

If not specified, the Fabric Attach proxy switches send Management VLAN data to
clients.

Usage Guidelines
Configuring the Fabric Attach Management VLAN is only relevant when operating as a
Fabric Attach Server. It has no effect when operating as a client or proxy.

Fabric Attach Management VLAN forwarding configuration is relevant for all FA modes.

The management VLAN is advertised to Fabric Attach proxies and clients.

The specified VLAN configuration on the Fabric Attach server is restricted to only
tagged VLANs.

Example
The following example sets the Management VLAN to a VLAN named "VLAN1" and
specifies tagged traffic:
# configure fabric attach management-vlan VLAN1

History
This command was first available in ExtremeXOS 22.5.

The option to configure whether Fabric Attach proxy switches send Management VLAN
data to clients was added in ExtremeXOS 30.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure fabric attach management-vlan ports

configure fabric attach management-vlan ports [port_list | all] forward
[on | off]

Switch Engine™ Command Reference Guide for version 32.7.1 529

Description Commands

Description
Configures the Fabric Attach management VLAN propagation on a specific port.

Syntax Description
management-vlan Specifies setting he VLAN advertised to Fabric Attach
clients for them to use as the management VLAN. (Default
is none.)
ports Specifies the port to configure.
port_list Specifies a list of ports to configure.
all Specifies configuring all ports in the system.
forward Configures whether Fabric Attach proxy switches send
Management VLAN data to clients.
on Fabric Attach proxy switches send Management VLAN
data to clients (default).
off Fabric Attach proxy switches do not send Management
VLAN data to clients.

Default
All ports are configured to propagate the management VLAN.

When disabled, the port will not send out the management VLAN information in the
element TLV Support.

Usage Guidelines
This command is only used when operating as a Fabric Attach server. It has no effect
when operating as a client or proxy.

Example
The following example disables Fabric Attach port 25 from sending Management VLAN
data to clients.
# configure fabric attach management-vlan port 25 forward off

History
This command was first available in ExtremeXOS 31.3.

Platform Availability
This command is available on all Universal switches supported in this document.

530 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure fabric attach ports

configure fabric attach ports

configure fabric attach ports [port_list | all] enable | disable]

Description
Configures the Fabric Attach state per port.

Syntax Description
ports Specifies the port to configure.
port_list Specifies a list of ports to configure.
all Specifies configuring all ports in the system.
enable Specifies enabling Fabric Attach settings (default).
disable Specifies disabling Fabric Attach settings.

Default
All ports are configured to transmit and receive Fabric Attach attributed by default.

Usage Guidelines
Use this command to enable or disable a port from adding the Fabric Attach TLVs to
the LLDP packet.

Example
The following example disables Fabric Attach port 25:
# configure fabric attach port 25 disable

History
This command was first available in ExtremeXOS 31.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure fabric attach port authentication

configure fabric attach ports [port_list | all] authentication [ disable
| enable | key {key | default | encrypted encrypted_key}]

Description
Configures Fabric Attach authentication.

Switch Engine™ Command Reference Guide for version 32.7.1 531

Syntax Description Commands

Syntax Description
ports Specify configuring ports.
port_list Specifies list of ports to configure.
all Configures all ports in the system.
authentication Configures Fabric Attach authentication.
disable Disable authentication setting (default).
enable Enable authentication setting.
key Configures Fabric Attach authentication key.
key Specifies the authentication key.
default Configures Fabric Attach authentication key to the default
key. (Default when no ‘key’ is specified.)
encrypted Configures Fabric Attach authentication key with
encrypted key.
encrypted_key Specifies the encrypted authentication key.

Default
By default, all ports are configured to authentication disabled state.

If no key is specified, the default key is used.

Usage Guidelines
When enabled, the default key is used until configured otherwise. If the authentication
fails, the Fabric Attach information is dropped whether or not authentication is enabled
on the receiving port.

When Fabric Attach authentication is configured on ports that are part of an , all ports
on that MLAG must have the same Fabric Attach authentication configuration.

To view Fabric Attach authentication configuration, use the show fabric attach
ports [port_list | all] authentication {detail} command. To view Fabric
Attach authentication status, use the show lldp {port [all | port_list]}
neighbors {detailed} command.

Example
The following example disables Fabric Attach authentication on all ports:
# configure fabric attach ports all authentication disable

The following example sets Fabric Attach authentication on port 1 with the default key:
# configure fabric attach ports 1 authentication key default

532 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The following example sets Fabric Attach authentication on port 1 with the key "12345".
# configure fabric attach port 1 authentication key
Key: 12345
Reenter Key: 12345

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure fabric attach uplink

configure fabric attach uplink [port | none]

Description
Configures the uplink port for and enables Fabric Attach standalone proxy operation.

Syntax Description
uplink Uplink port for standalone proxy operation.
port Enables standalone proxy operation using the specified
port as the uplink.
none Removes uplink port and disables standalone proxy
operation (default).

Default
Standalone proxy mode is disabled (none) by default.

Usage Guidelines
Fabric Attach standalone proxy allows for Fabric Attach proxy functionality in
environments without a Fabric Attach server.

The Fabric Attach standalone proxy does not send provisioning requests upstream.
A Fabric Attach standalone proxy automatically accepts requests from Fabric Attach
clients and assumes that the upstream network has been provisioned appropriately.
Disabling Fabric Attach standalone proxy mode resets configured NSI/VLAN binding
data to its default state and enables full Fabric Attach Proxy operation. In Fabric Attach
standalone proxy mode, you must provide the Fabric Attach server uplink information,
which is typically gathered through Fabric Attach server discovery. After you provide
this information, Fabric Attach standalone proxy mode operates as if a Fabric Attach
server has been discovered and is accepting NSI/VLAN binding requests. The binding

Switch Engine™ Command Reference Guide for version 32.7.1 533

Example Commands

clean-up is similar to a Fabric Attach server timeout event, and occurs when the static
uplink is deleted and when Fabric Attach standalone proxy operation is disabled.

To confirm standalone poxy mode, use the show fabric attach statistics
command with either the agent or elements option.

Example
The following example enables proxy mode and specifies port 10 as the uplink port:
# configure fabric attach uplink 10

The following example disables proxy mode:

# configure fabric attach uplink none

History
This command was first available in ExtremeXOS 30.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure fabric attach zero-touch-client

configure fabric attach zero-touch-client client [vlan [vlan_name |
vlan_id] [nsi nsi | isid isid] {priority [priority | dot1p]} {enable
| disable} | none] | enable | disable]

Description
Configures the Fabric Attach Zero Touch Client.

Syntax Description
zero-touch-client Specifies Zero Touch Client.
client Specifies the type of Fabric Attach client.
vlan Specifies the VLAN on which to configure Zero Touch
Clients.
vlan_name Specifies the VLAN name. The VLAN must be a tagged
VLAN.
vlan_id Specifies the VLAN ID tag (1 and 4,094).
nsi Network Service Identifier.
nsi Specifies the Network Service Identifier. Range is
1-16777215.
insi Individual Network Service Identifier

534 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

insi Specifies the Individual Network Service Identifier. Range is

1-16777215.
priority Specifies the Zero Touch port priority for untagged packets.
priority Specifies the priority number to be used for untagged
packets. Range is 0-7.
dot1p Specifies the use of dot1p port priority for untagged
packets (default).
none Specifies no Zero Touch Client VLAN in use.
enable Specifies enabling Zero Touch Clients.
disable Specifies disabling Zero Touch Clients (default).

Default
Unless configured, all clients are configured to disabled state without a mapping.

Usage Guidelines
This command is only used when operating as a Fabric Attach server. It has no effect
when operating as a client or proxy.

The specified VLAN configuration on the Fabric Attach server is restricted to only
tagged VLANs.

Example
The following example configures the Fabric Attach Zero Touch Client "switch" with a
VLAN named "V2000" and Individual Service Identifier of 2000 with a priority of 1 for
untagged packets:
# configure fabric attach zero-touch-client switch vlan v2000 nsi 2000 priority 1

History
This command was first available in ExtremeXOS 31.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure fdb agingtime

configure fdb agingtime seconds

Description
Configures the FDB aging time for dynamic entries.

Switch Engine™ Command Reference Guide for version 32.7.1 535

Syntax Description Commands

Syntax Description
agingtime If agingtime is set to 0, all aging entries in the database are
defined as static, nonaging entries.
seconds Specifies the FDB aging time, in seconds. A value of 0
indicates that the entry should never be aged out. All other
platforms support the value 0 (no aging) and a range of 15
to 1,000,000 seconds.

Default
300.

Usage Guidelines
If the aging time is set to 0 (zero), all dynamic entries in the database become static,
nonaging entries. This means that they do not age out, but non-permanent static
entries can be deleted if the switch is reset.

The software flushes the FDB table once the aging timeout parameter is reached, even
if the switch is running traffic and populating addresses in the FDB table.

Example
The following example sets the FDB aging time to 3,000 seconds:
# configure fdb agingtime 3000

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure fdb mac-tracking ports

configure fdb mac-tracking {[add|delete]} ports [port_list|all]

Description
Enables or disables MAC address tracking for all MAC addresses on the specified ports.

Syntax Description
add Enables MAC address tracking for the specified ports.
delete Disables MAC address tracking for the specified ports.

536 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

port_list Specifies a list of ports on which MAC address tracking is to

be enabled or disabled.
all Specifies that MAC address tracking is to be enabled or
disabled on all ports.

Default
No ports are enabled for MAC address tracking.

Usage Guidelines
MAC address tracking events on enabled ports generate EMS messages and can
optionally generate SNMP traps.

Note
When a MAC address is configured in the tracking table, but detected on a
MAC tracking enabled port, the per MAC address statistical counters are not
updated.

Example
The following example enables MAC address tracking for all MAC addresses on port 2:1:
configure fdb mac-tracking add ports 2:1

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure fdb static-mac-move packets

configure fdb static-mac-move packets count

Description
Configures the number of EMS and SNMP reports that can be generated each second
for MAC addresses that are duplicates of statically configured MAC addresses.

Syntax Description
count Specifies the number of duplicate MAC address events that
are reported each second. The range is 1 to 25.

Switch Engine™ Command Reference Guide for version 32.7.1 537

Default Commands

Default
2.

Usage Guidelines
None.

Example
The following example configures the switch to report up to five duplicate MAC address
events per second:
# configure fdb static-mac-move packets 5

History
This command was first available in ExtremeXOS 12.7.

Platform Availability
This command is available on all Universal switches supported in this document.

configure fdb vlan vxlan

configure fdb { mac_addr | broadcast | unknown-unicast | unknown-
multicast } vlan vlan_name [ add | delete ] vxlan { vr vr_name }
{ipaddress} remote_ipaddress

Description
This command allows you to add or remove remote VTEPs to a MAC address.

Syntax Description
mac_addr Forwarding destination(s) for this MAC.
broadcast Forwarding destination(s) for broadcast traffic.
unknown-unicast Forwarding destination(s) for unknown unicast traffic.
unknown-multicast Forwarding destination(s) for unknown multicast traffic.
add Add to configuration.
delete Delete from configuration.
vr VR/VRF instance the IPv4 address is configured on.
vr_name An existing VR/VRF name.
ipaddress Configure the IP address of the remote tunnel endpoint to
which the MAC needs to be bound.
remote_ipaddress IPv4 address of the remote tunnel endpoint.

538 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
VR-Default.

Usage Guidelines
You must first use the [create | delete] fdb command to add the first remote
VTEP, and then issue this command to add additional remote VTEPs for the same MAC.
You cannot add a remote VTEP to a static entry that has ports or blackhole configured.
When the last VTEP is deleted, ExtremeXOS deletes the FDB entry for that MAC.

Example
# configure fdb 01:00:5e:00:00:01 vlan vlan101 add vxlan ipaddress 30.30.30.1
# configure fdb broadcast vlan vlan101 add vxlan vr VR-Default ipaddress 30.30.30.1
# configure fdb unknown-unicast vlan vlan101 delete vxlan ipaddress 20.20.20.1

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is supported on the ExtremeSwitching 5320, 5420, 5520, 5720 series
switches, and stacks with 5320, 5420, 5520, 5720 slots only.

configure flow-redirect add nexthop

configure flow-redirect flow_redirect_name add nexthop ipaddress
priority number

Description
Adds a nexthop for the named flow redirection policy.

Syntax Description
flow_redirect_name Specifies the name of the flow redirection policy.
ipaddress Specifies the IPv4 or IPv6 address of a new nexthop.
number Specifies the priority value for the nexthop.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 539

Usage Guidelines Commands

Usage Guidelines
Use this command to add a new nexthop for the named flow redirection policy. You
can specify an IPv4 address or an IPv6 unicast IP address (IPv6 multicast addresses
are not supported). After you enter an IP address, the redirection policy only accepts
addresses from the same family as the first address specified. For example, if the first IP
address added is an IPv6 unicast address, you cannot add an IPv4 address to the policy.

The priority value can range from a low of 1 to a high of 4096. The nexthop with the
highest priority among multiple ones is preferred as the working nexthop. When each
added nexthop has the same priority, the first one configured is preferred.

Example
The following example adds a nexthop 10.1.1.1 for the flow redirection policy flow10 with
a priority of 100:
configure flow-redirect flow10 add nexthop 10.1.1.1 priority 100.

History
This command was first available in ExtremeXOS 12.1.

Support for IPv6 flow-redirection policies was added in ExtremeXOS 12.7.

The maximum number of flow redirects was increased to 4096 in ExtremeXOS 16.1.

Platform Availability
This command is available for IPv4 and IPv6 flow-redirection policies on the platforms
listed for the Policy Based Routing feature in the Switch Engine 32.7.1 Feature License
Requirements document.

configure flow-redirect delete nexthop

configure flow-redirect flow_redirect_name delete nexthop {ipaddress |
all }

Description
Deletes a single or all nexthops for the named flow redirection policy.

Syntax Description
flow_redirect_name Specifies the name of the flow redirection policy.
ipaddress Specifies the IPv4 or IPv6 address of the nexthop.
all Specifies that all configured nexthps are to be deleted.

540 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
Use this command to delete a nexthop for the named flow redirection policy. If the
deleted nexthop is the working nexthop for the policy-based routing entry, another is
selected from the remaining active next hops, based on priority.

Example
The following command deletes the nexthop 10.1.1.1 from the flow redirection policy
flow10:

configure flow-redirect flow10 delete nexthop 10.1.1.1

The following command deletes all configured nexthop's from the flow redirection
policy exflow:

configure flow-redirect exflow delete nexthop all

History
This command was first available in ExtremeXOS 12.1.

Support for IPv6 flow-redirection policies was added in ExtremeXOS 12.7.

Platform Availability
This command is available for IPv4 and IPv6 flow-redirection policies on the platforms
listed for the Policy Based Routing feature in the Switch Engine 32.7.1 Feature License
Requirements document.

configure flow-redirect health-check

configure flow-redirect flow_redirect_name health-check [ping | arp |
neighbor-discovery]

Description
Configures health checking for a specific flow redirection policy.

Syntax Description
flow_redirect_name Specifies the name of the flow redirection policy.
ping Specifies ping health checking.

Switch Engine™ Command Reference Guide for version 32.7.1 541

Default Commands

arp Specifies ARP health checking for IPv4.

neighbor-discovery Specifies Neighbor Discovery health checking for IPv6.

Default
Ping is the default.

Usage Guidelines
Use this command to configure health checking for a specific named flow redirection
policy.

Example
The following command specifies arp health checking for the flow redirection policy
flow10:
# configure flow-redirect flow10 health-check arp

History
This command was first available in ExtremeXOS 12.1.

Support for IPv6 flow-redirection policies was added in ExtremeXOS 12.7.

Platform Availability
This command is available for IPv4 and IPv6 flow-redirection policies on the platforms
listed for the Policy Based Routing feature in the Switch Engine 32.7.1 Feature License
Requirements document.

configure flow-redirect nexthop

configure flow-redirect flow_redirect_name nexthop ip_address ping
health-check interval seconds miss number {success successes}

Description
Configures the ping interval, miss count, and success for a nexthop in the flow
redirection policy.

Syntax Description
flow_redirect_name Specifies the name of the flow redirection policy.
ip_address Specifies the IPv4 or IPv6 address of the nexthop.
seconds Specifies the number of seconds between pings. The
default is “2”.

542 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

number Specifies the number of misses allowed. The default is “2”.

success Specifies a number of consecutive ping successes required
to declare that a nexthop is up.
successes Sets the value for the number of consecutive successful
pings to declare that a nexthop is up. Range is 1 to 256. The
default is 4.

Default
The default for ping interval is 2 seconds.

The default for number of misses is 2.

The default for number of successes is 4.

Usage Guidelines
Use this command to set a ping interval, miss count, and ping success. When the
ping response is not received within the interval seconds * (number +1), the nexthop
is considered to be dead and a new candidate is selected from the remaining active
nexthops.

Example
The following command configures a ping interval of 3 seconds, miss count of 3, and
success count of 3 for the nexthop 10.1.1.1 in the flow redirection policy flow 3:
# configure flow-redirect flow3 nexthop 10.1.1.1 ping health-check interval 3 miss 3
success 3

History
This command was first available in ExtremeXOS 12.1.

Support for IPv6 flow-redirection policies was added in ExtremeXOS 12.7.

The success option was added in ExtremeXOS 22.7.

Platform Availability
This command is available for IPv4 and IPv6 flow-redirection policies on the platforms
listed for the Policy Based Routing feature in the Switch Engine 32.7.1 Feature License
Requirements document.

configure flow-redirect no-active

configure flow-redirect flow_redirect_name no-active [drop|forward]

Switch Engine™ Command Reference Guide for version 32.7.1 543

Description Commands

Description
Configures packets to either follow the normal routing table or be dropped.

Syntax Description
flow_redirect_name Specifies the name of the flow redirection policy.
drop Specifies that the packets are to be dropped.
forward Specifies that the packets are to follow the normal routing
table.

Default
The default is forward.

Usage Guidelines
Use this command to set a drop or forward configuration for packets to be applied
when all configured next hops become unreachable.

Example
The following command configures packets of the flow redirection policy flow3 to be
dropped when all configured next hops become unreachable:

configure flow-redirect flow3 no-active drop

History
This command was first available in ExtremeXOS 12.1.

Support for IPv6 flow-redirection policies was added in ExtremeXOS 12.7.

Platform Availability
This command is available for IPv4 and IPv6 flow-redirection policies on the platforms
listed for the Policy Based Routing feature in the Switch Engine 32.7.1 Feature License
Requirements document.

configure flow-redirect vr
configure flow-redirect flow_redirect_name vr vr_name

Description
Configures a virtual router for a flow redirection policy.

544 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
flow_redirect_name Specifies the name of the flow redirection policy.
vr_name Specifies the name of the virtual router.

Default
The default virtual router is VR-Default.

Usage Guidelines
Because ACLs do not recognize the virtual router concept, one policy-based routing
can be used for multiple virtual routing entries when a VLAN-based virtual router is
used for one port. This configuration of a VR into a flow-redirect makes a policy-based
routing work for a specific VR.

Example
The following command configures virtual router mgmt for flow redirection policy
flow3:

configure flow-redirect flow3 vr mgmt

History
This command was first available in ExtremeXOS 12.1.

Support for IPv6 flow-redirection policies was added in ExtremeXOS 12.7.

Platform Availability
This command is available for IPv4 and IPv6 flow-redirection policies on the platforms
listed for the Policy Based Routing feature in the Switch Engine 32.7.1 Feature License
Requirements document.

configure flowmon collector

configure flowmon collector collector_name

Description
Configures a created collector where Flow Monitor sends information.

Switch Engine™ Command Reference Guide for version 32.7.1 545

Syntax Description Commands

Syntax Description
collector Specifies to send flow information to a collector.
collector_name Specifies the name of the created collector. Range is 32
characters.

Default
N/A.

Usage Guidelines
You must configuresrc-ipv4-address, which is a dotted decimal representation of the
local address. If not configured, the collector cannot be activated.

You must configure dst-ipv4-address, which is a dotted decimal representation of

the IPv4 address of a collector. If not configured, the collector cannot be activated.

Optional configuration parameters include the following:

• src-udp-port is the source port number used in the UDP header. If not specified,
the switch will assign a port number.
• dst-udp-port is the destination port number used in the UDP header. The default
value is 4,739.
• vr-name is the name of the virtual router used to route to the collector.
• export-mtu is the maximum size of a template or an IPFIX report. Default is 512
bytes, range is 512 <= <export-mtu> <= 9,216.
• refresh-time is the time between sends to the collector of template data in
seconds (default value is 600 seconds). Minimum value is 60 seconds. This value
must be coordinated with the collector by the user.

Example
The following command configures a created collector with no additional parameters:
# configure flowmon collector ctest dst-ipv4-address 21.1.1.100 src-ipv4-address 21.1.1.1

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on ExtremeSwitching 5420, 5520, and 5720 series switches.

configure flowmon group

configure flowmon group group_name

546 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures a created group where Flow Monitor sends information.

Syntax Description
group Specifies the Flow Monitor group.
group_name Specifies the assigned name of the Flow Monitor group.
Range is 32 characters.

Default
N/A.

Usage Guidelines
Optional configuration parameters include the following:
• max-flow-age is the maximum age of any flow related to the group in milliseconds.
The minimum value is 100ms. The default value is 60,000ms (one minute), and the
maximum value is 4294967295ms (a 32-bit unsigned integer). Flow aging cannot be
disabled.
• limit is the maximum number of flows allowed in the flow database for this group.
The minimum value is 32 and the maximum value is the maximum number of flows
for the switch type.
• k-mirror specifies the mirror_name. If flow-class-id is specified, then k-mirror
cannot be specified. The user can clear the k-mirror using the none option. Traffic is
mirrored to the same collector assigned to the group.
• flow-class-id_value is a user-assigned number between 5 and 255. If k-mirror is
specified, then this value cannot be specified. The user can clear the value by using
the none option.

Example
The following command configures the Flow Monitor group with the name 'src-ipv4-
address':
# configure flowmon group src-ipv4-address

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on ExtremeSwitching 5420, 5520, and 5720 series switches.

Switch Engine™ Command Reference Guide for version 32.7.1 547

configure flowmon group collector Commands

configure flowmon group collector

configure flowmon group group_name [add | delete] collector
collector_name

Description
Configures a relationship between a Flow Monitor collector and a group.

Syntax Description
group Specifies the Flow Monitor group.
group_name Specifies the assigned name of the Flow Monitor group.
Range is 32 characters.
add Specifies to add a collector to a group.
delete Specifies to delete a collector from a group.
collector Specifies to the collector.
collector_name Specifies the name of the created collector. Range is 32
characters.

Default
N/A.

Usage Guidelines
Only one collector can be added to a group, but the same collector can be added to
multiple groups.

The system will reject any attempt to add a collector to a group that already contains a
collector.

The system will also reject any attempt to delete a collector from a group that was not
previously added to the group.

Example
The following command adds a collector with the name 'src-ipv4-address' to the group
with the name 'max-flow-age':
# configure flowmon group max-flow-age add collector src-ipv4-address

History
This command was first available in ExtremeXOS 32.2.

548 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on ExtremeSwitching 5420, 5520, and 5720 series switches.

configure flowmon group key

configure flowmon group group_name [add | delete] key key_name

Description
Configures a relationship between a Flow Monitor key and a group.

Syntax Description
group Specifies the Flow Monitor group.
group_name Specifies the assigned name of the Flow Monitor group.
Range is 32 characters.
add Specifies to add a key to a group.
delete Specifies to delete a collector from a group.
key Specifies the key.
key_name Specifies the name of the created key. Range is 32
characters.

Default
N/A.

Usage Guidelines
While a key is being added to a group, the key can't be modified.

Flow Monitor creates a template key portion that matches the key. Flow Monitor then
searches for a match to see if that template key portion has already been created. If not,
Flow Monitor saves the new template key portion and relates it to the group. If the key
has already been created, Flow Monitor checks the group to see if that template key
portion is already related to the group. If a different template key portion is related to
the group, then the add fails. If not, the template key portion (either newly created or
pre-existing) is related to the key.

If the group is already enabled, the key is installed in the hardware. Keys can be added
to or deleted from a group regardless of the state of the group.

When a key is to be deleted from a group, the key is disassociated from the key
template portion. The key is then disassociated from the group. If the group has no
more keys associated with it and the group is disabled, the group is then disassociated
from the template key portion.

Switch Engine™ Command Reference Guide for version 32.7.1 549

Example Commands

Example
The following command adds a key with the name 'src-ipv4-address' to the group with
the name 'max-flow-age':
# configure flowmon group max-flow-age add key src-ipv4-address

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on ExtremeSwitching 5420, 5520, and 5720 series switches.

configure flowmon key ipv4

configure flowmon key key_name ipv4

Description
Configures a Flow Monitor key with IPv4 parameters.

Syntax Description
key Specifies the Flow Monitor key.
key_name Specifies the name of the key being configured with
parameters. Range is 32 characters.

Default
N/A.

Usage Guidelines
Optional configuration parameters include the following:
• src-ipv4-addr is a source IPv4 subnetwork address given in dotted decimal
notation format.
• src-ipv4-mask is a source IPv4 subnetwork mask value given in dotted decimal
notation format.
• dst-ipv4-addr is a destination IPv4 subnetwork address given in dotted decimal
notation format.
• dst-ipv4-mask is a destination IPv4 subnetwork mask value given in dotted
decimal notation format.
• port_no is either a source or destination TCP or UDP port number.
• protocol is the protocol field value carried in IPv4 packets.

550 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

• next_header is the protocol field value carried in IPv6 packets.

• port-list is a list of ports given in standard CLI format, fore example, 1:1-48, 3:5,
and 4:6 represent ports 1 through 48 on slot 1, port 5 on slot 3, and port 6 on
slot 4, respectively. Flows otherwise matching the key received on any other port
will not generate a group assignment. If all (the default value) is specified or the
port-list option is omitted, then the key will be installed on all available user ports
that support Flow Monitor, including on any new hardware inserted into the stack.
• key_name_other is used with either the before or after keyword. It specifies the
name of a different key from the one being configured. before implies that the
configuring key will be higher priority than the other key, and after indicates that
the other key will be higher priority than the one being configured. The insertion is
immediately before or after the other key regardless of other keys that have been
configured.

If a specific port list indicates a slot where Flow Monitor is not supported, the command
will be rejected.

Example
The following command creates a key named 'k1' with no additional IPv4 parameters:
# configure flowmon key k1 ipv4'

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on ExtremeSwitching 5420, 5520, and 5720 series switches.

configure flowmon key ipv6

configure flowmon key key_name ipv6

Description
Configures a Flow Monitor key with IPv6 parameters.

Syntax Description
key Specifies the Flow Monitor key.
key_name Specifies the name of the key being configured with
parameters. Range is 32 characters.

Switch Engine™ Command Reference Guide for version 32.7.1 551

Default Commands

Default
N/A.

Usage Guidelines
Optional configuration parameters include the following:
• src-ipv6-addr is a source IPv4 subnetwork address given in dotted decimal
notation format.
• src-ipv6-mask is a source IPv4 subnetwork mask value given in dotted decimal
notation format.
• dst-ipv6-addr is a destination IPv4 subnetwork address given in dotted decimal
notation format.
• dst-ipv6-mask is a destination IPv4 subnetwork mask value given in dotted
decimal notation format.
• port_no is either a source or destination TCP or UDP port number.
• protocol is the protocol field value carried in IPv4 packets.
• next_header is the protocol field value carried in IPv6 packets.
• port-list is a list of ports given in standard CLI format, fore example, 1:1-48, 3:5,
and 4:6 represent ports 1 through 48 on slot 1, port 5 on slot 3, and port 6 on
slot 4, respectively. Flows otherwise matching the key received on any other port
will not generate a group assignment. If all (the default value) is specified or the
port-list option is omitted, then the key will be installed on all available user ports
that support Flow Monitor, including on any new hardware inserted into the stack.
• key_name_other is used with either the before or after keyword. It specifies the
name of a different key from the one being configured. before implies that the
configuring key will be higher priority than the other key, and after indicates that
the other key will be higher priority than the one being configured. The insertion is
immediately before or after the other key regardless of other keys that have been
configured.

If a specific port list indicates a slot where Flow Monitor is not supported, the command
will be rejected.

Example
The following command creates a key named 'k2' with no additional IPv6 parameters:
# configure flowmon key k2 ipv6

History
This command was first available in ExtremeXOS 32.2.

552 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on ExtremeSwitching 5420, 5520, and 5720 series switches.

configure forwarding internal-tables

configure forwarding internal-tables [ l2-and-l3 | more [l2 | l3-and-
ipmc | routes {ipv6-mask-length [64 | 128]}]]

Description
Customizes the internal hardware forwarding tables based on the customer’s network
requirements.

Syntax Description
forwarding Configure settings for hardware forwarding.
internal-tables Configure settings for internal lookup tables.
l2-and-l3 Program the internal lookup tables for layer-2 MAC FDB
and layer-3 hosts and IP multicast (default).
more Configure the internal lookup tables for additional entries
of specified types.
l2 Program the internal lookup tables for additional layer-2
MAC FDB entries.
l3-and-ipmc Program the internal lookup tables for additional layer-3
hosts and IP multicast.
routes Programs the internal lookup tables for additional IPv4
routes and IPv6 routes (mask 0–64) using Algorithmic
Longest-Prefix Match (ALPM). This option is only available
on the ExtremeSwitching 5520 series switch or stack.
ipv6-mask-length Optimizes ALPM route capacity by choosing the maximum
number of bits in the IPv6 route subnet mask length.
64 Maximizes IPv4 route capacity (default).
IPv6 routes mask length:
• 0–64 bits use ALPM hardware
• 65–128 use ACL hardware without route sharing

128 Maximizes IPv6 route capacity for mask length 65–128 bits.
All routes use ALPM hardware with route sharing.

Default
For internal tables: l2-and-l3.

For IPv6 mask length: 64.

Switch Engine™ Command Reference Guide for version 32.7.1 553

Usage Guidelines Commands

Usage Guidelines
Use this command to customize the internal hardware forwarding tables based on the
customer’s network requirements.

The ExtremeSwitching 5520 has hardware forwarding tables internal to the switch
chips that can be partitioned in a flexible manner.

To display the current configuration, use the show forwarding configuration

command.

Example
By default, the internal tables have L2 and L3 capacity whose relative size is similar to
existing products. The default is:
# configure forwarding internal-tables l2-and-l3

There are three other choices. You can elect to have more L2 hardware table entries:
# configure forwarding internal-tables more l2

Or, you can choose to have more L3 unicast and multicast entries:
# configure forwarding internal-tables more l3-and-ipmc

The following example configures the switch to use ALPM to increase IPv4 and IPv6
route scaling:
# configure forwarding internal-tables more routes

The current and configured values are shown in the output of the show command:
# show forwarding configuration

L2 and L3 Forwarding table hash algorithm:

Configured hash algorithm: crc32
Current hash algorithm: crc32

L3 Dual-Hash configuration:
Configured setting: on
Current setting: on
Dual-Hash Recursion Level: 1

Hash criteria for IP unicast traffic for L2 load sharing and ECMP route sharing
Sharing criteria: L3_L4

IP multicast:
Group Table Compression: on
Local Network Forwarding: slow-path
Lookup-Key: (SourceIP, GroupIP, VlanId)

Internal lookup tables:

Configured Setting: more l2
Current Setting: l2-and-l3
NOTE: A save and reboot are required before the configured setting will take effect.

Switch Settings:
Switching mode: store-and-forward

L2 Protocol:

554 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

Fast convergence: on

Rate Limit:
Overhead Bytes: 20

Fabric Flow Control:

Fabric Flow Control: auto
ARP and ND Settings:
ARP Suppression Filters: per-port
ND Suppression Filters: per-port

History
This command was first available in ExtremeXOS 15.4.

The routes option was added in ExtremeXOS 22.2.

The ipv6-mask-length option was added in ExtremeXOS 22.5.

Platform Availability
ExtremeSwitching 5520, 5720, 7520, and 7720 (standalone or in a stack).

configure forwarding flow-control fabric

configure forwarding flow-control fabric [auto | off]

Description
Allows the fabric configuration to be turned off.

Syntax Description
auto Automatically configures fabric flow control based on the
priority flow control RX configuration.
off Unconfigures the fabric flow control.

Default
Auto.

Usage Guidelines
Use this command to turn off fabric configuration or return it to the default auto mode.

Switch Engine™ Command Reference Guide for version 32.7.1 555

Example Commands

Example
The following command turns off the fabric configuration:

configure forwarding flow-control fabric off

The following command returns fabric configuration to the auto mode:

configure forwarding flow-control fabric auto

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure forwarding hash-algorithm

configure forwarding hash-algorithm [crc16 | crc32]

Description
Modifies hardware table utilization by configuring the hash algorithm or dual-hash
settings.

Syntax Description
crc16 Specifies the CRC16 hash algorithm.
crc32 Specifies the CRC32 hash algorithm. This is the default
setting.

Default
In ExtremeXOS 11.5, the default hash algorithm is crc32.

In ExtremeXOS 11.4 and earlier, the default hash algorithm is crc16.

Usage Guidelines
Note
Modify the hardware table hash algorithm only with the guidance of Extreme
Networks technical personnel.

The switch uses a hash algorithm to decide where to store the addresses in the
hardware table. The standard, default hash algorithm works well for most systems;

556 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Upgrading to ExtremeXOS 11.5

however, for some addresses with certain patterns, the hardware may attempt to store
address information in the same section of the hardware.

If you are running ExtremeXOS 11.4 or earlier and experience a full hardware table that
affects Layer 2, IP local host, and IP multicast forwarding, you see messages similar to
the following in the log:
<Info:HAL.IPv4Adj.Info> : adj 136.159.188.109: IP add error is Table full for new or
newly resolved ARP, egress valid <Info:HAL.IPv4Adj.Info> : adj 136.159.188.109: returned
-17 for L3 table bucket 181 <Warn:HAL.IPv4Mc.Warning> : Could not allocate a hardware
S,G,V entry (889f4648,effffffa,70) - hardware table resource exceeded (rv=-17).

If you are running ExtremeXOS 11.5 or later and experience a full hardware table that
affects Layer 2, IP local host, and IP multicast forwarding, you see messages similar to
the following in the log:
<HAL.IPv4Adj.L3TblFull> MSM-A: IPv4 unicast entry not added. Hardware L3 Table full.

In the previously described situations, you can configure a different hash algorithm
to select a different section of the hardware to store addresses. You must save
your configuration and reboot the switch to modify the hash algorithm used by the
hardware table. Typically, the dual-hash feature improves hash utilization. You must
save your configuration and reboot the switch to turn dual-hash on or off.

Upgrading to ExtremeXOS 11.5

When you upgrade to ExtremeXOS 11.5, the hash algorithm automatically becomes
crc32. For example, if you saved a configuration using an image from ExtremeXOS 11.4
or earlier with the hash algorithm set to crc16, when ExtremeXOS 11.5 loads, the hash
algorithm becomes crc32. To change the hash algorithm to crc16, use the configure
forwarding hash-algorithm crc16 and save your switch configuration.

Example
The following example modifies the hardware table hash algorithm to crc16:
configure forwarding hash-algorithm crc16

The switch displays the following message to describe the change and to prompt you
to save your configuration and reboot the switch:
Configured hash alorithm has been changed to ‘crc16’ with L3 dual-hash support ‘on’ for
applicable HW.
Warning: This command will only take effect after a save and reboot

The switch displays the following message:

Configured hash algorithm has been changed to ‘crc32’ with L3 dual-hash support ‘off’ for
applicable HW.
Warning: This command will only take effect after a save and reboot.

To display the results, use the show forwarding configuration command.

History
This command was first available in ExtremeXOS 11.3.2.

Switch Engine™ Command Reference Guide for version 32.7.1 557

Platform Availability Commands

The default hash algorithm was changed to crc32 in ExtremeXOS 11.5.

Platform Availability
This command is available only on all platforms.

configure forwarding hash-recursion-level

configure forwarding hash-recursion-level 0-3

Description
Modifies hardware table utilization by configuring the dual hashing recursion level.

Syntax Description
0-3 Sets the maximum number of L3 hash buckets to modify
to make room for a new entry.

Default
The default is “1.”

Usage Guidelines
This command allows you to select the dual hashing “recursion level” for hardware with
the dual-hash feature. The setting applies only if dual-hash is configured or defaulted to
“on” using the configure forwarding hash-algorithm command.

The configured recursion level is the maximum number of existing hash entries to
move in an attempt to add a new hash entry. A higher recursion level may provide
better hash utilization at the expense of additional CPU processing. This command
does not require a system reboot. However, the new recursion level takes effect only for
addresses added after the command is issued.

Example
The following command modifies the dual-hash recursion level to modify up to two L3
hash buckets in an attempt to add a new entry:

configure forwarding hash-recursion-level 2

History
This command was first available in ExtremeXOS 12.1.

558 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure forwarding ipmc all

configure forwarding ipmc all [flood | learn]

Description
Enables you to forward packets for the mDNS, LLMNR, and UPnP protocols to the VLAN
for learning.

Syntax Description
flood Specifies to forward all (mDNS, LLMNR, and UPnP) to
VLAN. (Default).
learn Specifies to send all (mDNS, LLMNR, and UPnP) to the CPU
for learning.

Default
flood

Usage Guidelines
Use this command to enable mDNS, LLMNR, and UPnP for flood or learn state.

When flood to VLAN is enabled, an ACL filter is installed, and one ACL entry is
consumed for each of the three protocols.

When in learn mode, no ACL filters are installed, and no ACL resources are consumed.

Use the llmnr, mdns, and upnp keywords to specify separate protocols.

Example
The following command enables all three protocols to flood to VLAN:
configure forwarding ipmc all flood

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 559

configure forwarding ipmc compression Commands

configure forwarding ipmc compression

configure forwarding ipmc compression {group-table | off}

Description
Enables or disables compression of entries in the IP multicast group table to facilitate
improved IP multicast scaling.

Syntax Description
group-table Enables compression.
off Disables compression.

Default
group-table.

Usage Guidelines
Compression of IP multicast group table entries allows the switch to process more
multicast traffic using the faster switch hardware instead of the relatively slower
switch software. Compression requires additional processing. Disable this feature if you
suspect a problem exposed by IP multicast compression.

When you enable or disable this feature, all IP multicast entries are flushed, and this
can result in a temporary loss of multicast traffic while the IP multicast entries are
relearned.

To display the compression feature configuration, enter the command:

show forwarding configuration

Example
The following command disables compression:
configure forwarding ipmc compression off

History
This command was first available in ExtremeXOS 12.2.

Platform Availability
This command is available on all Universal switches supported in this document.

560 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure forwarding ipmc llmnr

configure forwarding ipmc llmnr

configure forwarding ipmc llmnr [flood | learn]

Description
Enables you to forward packets for the LLMNR protocol to the VLAN for learning.

Syntax Description
flood Specifies to forward LLMNR to VLAN. (Default).
learn Specifies to send LLMNR to the CPU for learning.

Default
flood

Usage Guidelines
Use this command to enable LLMNR to a flood or learn state.

When flood to VLAN is enabled, an actual ACL filter is installed, and one ACL entry is
consumed.

When in learn mode, no ACL filters are installed, and no ACL resources are consumed.

Example
The following command enables LLMNR to flood to VLAN:
configure forwarding ipmc llmnr flood

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure forwarding ipmc local-network-range

configure forwarding ipmc local-network-range [fast-path | slow-path]

Description
Sets how forwarding of packets to local network IP multicast addresses (224.0.0.x) is
handled.

Switch Engine™ Command Reference Guide for version 32.7.1 561

Syntax Description Commands

Syntax Description
fast-path Specifies fast-path forwarding.
Fast-path forwarding dictates that packets traversing the
switch do not require processing by the CPU. Fast path
packets are forwarded entirely by ASICs and are sent at
wire speed rate. This consumes additional system ACL
per-port or per-VLAN, depending on configure igmp
snooping filters [per-port | per-vlan] selections.
slow-path Specifies slow-path forwarding (default). Packets are
processed by the CPU.

Default
Slow-path forwarding is the default configuration.

Example
The following example sets up fast-path forwarding for local network IP multicast
addresses:
configure forwarding ipmc local-network-range fast-path

History
This command was first available in ExtremeXOS 15.3.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure forwarding ipmc lookup-key

configure forwarding ipmc lookup-key [group-vlan | source-group-vlan |
mac-vlan | mixed-mode]

Description
Enables you to choose the lookup-key for multicast forwarding.

Syntax Description
group-vlan Specifies that IP multicast forwarding database entries are
programmed as (*,GroupIP,VlanId).
source-group-vlan Specifies that IP multicast forwarding database entries are
programmed as (SourceIP, GroupIP, VlanId). (Default).

562 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

mac-vlan Specifies that IP multicast forwarding database entries are

programmed as (Mac, VlanId).
mixed-mode Specifies that IP multicast forwarding database entries
are programmed as follows: L3 cache entries (PIM/MVR/
PVLAN) use source-group-vlan; L2 cache entries
(IGMP/MLD/PIM snooping) use mac-vlan.

Default
source-group-vlan.

Usage Guidelines
Use this command to choose the lookup-key for multicast forwarding. The following
restrictions apply to this command:

The configure forwarding ipmc lookup-key mac-vlan command is disallowed

under the following conditions.
• If IPMC forwarding is enabled on at least on one VLAN
• If MVR is enabled either globally or on a VLAN

Similarly, enabling the above two features are disallowed,when the ipmc lookup-key
is mac-vlan. The following warning message is displayed when the mac-valn option
is specified:
Warning: Usage of multicast IP addresses that could result in overlapping MAC
addresses should be avoided. Example: Using 225.1.1.1, 226.1.1.1 and 225.129.1.1 should
be avoided. Either one of the addresses could be used. Using multicast with PVLAN
should be avoided with this forwarding option.

• Mixed-mode: configure forwarding ipmc lookup-key mixed-mode

• The configure igmp snooping forwarding-mode [group-vlan | source-group-
vlan] command was introduced to support (*, G, V) forwarding before the IPMC
compression feature was introduced. Because we are introduced IPv6 multicast
support in ExtremeXOS 15.2, this command is deprecated, and the new configure
forwarding ipmc lookup-key command now covers both IPv4 and IPv6.

The following warning message appears when the mixed mode option is specified:
Warning: Usage of multicast IP addresses that could result in overlapping MAC addresses
should be avoided for snooping (IGMP/MLD/PIM snooping) controlled traffic.
Example: Using 225.1.1.1, 226.1.1.1 and 225.129.1.1 should be avoided. Either one of the
addresses could be used.

Example
The following command specifies that IP multicast forwarding database entries are
programmed as (*,GroupIP,VlanId):
configure forwarding ipmc lookup-key group-vlan

Switch Engine™ Command Reference Guide for version 32.7.1 563

History Commands

To display the ipmc lookup-key configuration, enter the command:

show forwarding configuration

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure forwarding ipmc mdns

configure forwarding ipmc mdns [flood | learn]

Description
Enables you to forward packets for the mDNS protocol to the VLAN for learning.

Syntax Description
flood Specifies to forward mDNS to VLAN. (Default).
learn Specifies to send mDNS to the CPU for learning.

Default
flood

Usage Guidelines
Use this command to enable mDNS for flood or learn state.

When flood to VLAN is enabled, an actual ACL filter is installed, and one ACL entry is
consumed.

When in learn mode, no ACL filters are installed, and no ACL resources are consumed.

Example
The following command enables mDNS to flood to VLAN:
configure forwarding ipmc mdns flood

History
This command was first available in ExtremeXOS 32.2.

564 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure forwarding ipmc upnp

configure forwarding ipmc upnp [flood | learn]

Description
Enables you to forward packets for the UPnP protocol to the VLAN for learning.

Syntax Description
flood Specifies to forward UPnP to VLAN. (Default).
learn Specifies to send UPnP to the CPU for learning.

Default
flood

Usage Guidelines
Use this command to enable UPnP for flood or learn state.

When flood to VLAN is enabled, an actual ACL filter is installed, and one ACL entry is
consumed.

When in learn mode, no ACL filters are installed, and no ACL resources are consumed.

Example
The following command enables UPnP to flood to VLAN:
configure forwarding ipmc upnp flood

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure forwarding L2-protocol blocking-type

configure forwarding L2-protocol blocking-type [ ingress-filtering |
spanning-tree-group]

Switch Engine™ Command Reference Guide for version 32.7.1 565

Description Commands

Description
Configures L2 protocol port blocking type.

Syntax Description
ingress-filtering Specifies blocking based on hardware VLAN membership
(default).
spanning-tree-group Specifies blocking based on hardware spanning tree group
state.

Default
ingress-filtering

Usage Guidelines
Consider using the spanning-tree-group option with OnePolicy or Instant Port Profile
if STP is enabled.

Example
The following command configures the L2-Protocol blocking-type spanning-tree-
group:
configure forwarding L2-protocol blocking-type spanning-tree-group

History
This command was first available in version 32.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure forwarding L2-protocol fast-convergence

configure forwarding L2-protocol fast-convergence on | off

Description
Configures the switch to flooding the unicast traffic during L2 protocol convergence.

566 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
on Used to avoid flooding the unicast traffic during L2
protocol convergence. (default)
off Used to Temporarily flooding unicast traffic during L2
protocol convergence.

Default
On.

Usage Guidelines
Use this command to influence the L2-protocol convergence when topology changes
in the network to minimize the congestion.

Example
The following command will influence the L2-Protocol control traffic:
configure forwarding L2-protocol fast-convergence off

History
This command was first available in ExtremeXOS 15.1.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure forwarding rate-limit overhead-bytes

configure forwarding rate-limit overhead-bytes overhead_bytes

Description
This command allows you to select the number of overhead bytes that will be included
in the rate calculation.

Syntax Description
rate-limit Rate limiting features.
overhead_bytes Number of overhead bytes used in rate-limit and meter
calculations.

Default
20 bytes to include the preamble and inter-frame gap.

Switch Engine™ Command Reference Guide for version 32.7.1 567

Example Commands

Example
The following example displays the output of the show forwarding configuration
command with the rate limit information included.
L2 and L3 Forwarding table hash algorithm:
Configured hash algorithm: crc32
Current hash algorithm: crc32

L3 Dual-Hash configuration:
Configured setting: on
Current setting: on
Dual-Hash Recursion Level: 1

Hash criteria for IP unicast traffic for L2 load sharing and ECMP route sharing
Sharing criteria: L3_L4

IP multicast:
Group Table Compression: on
Local Network Forwarding: slow-path
Lookup-Key: (SourceIP, GroupIP, VlanId)

Internal lookup tables:

Configured Setting: l2-and-l3
Current Setting: l2-and-l3

Switch Settings:
Switching mode: store-and-forward

L2 Protocol:
Fast convergence: on

Rate Limit:
Overhead Bytes: 20

Fabric Flow Control:

Fabric Flow Control: auto

ARP and ND Settings:

ARP Suppression Filters: per-port
ND Suppression Filters: per-port

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure forwarding sharing

configure forwarding sharing [L3 | L3_L4]

Description
Identifies the fields that are used to select ECMP routes and load-sharing group ports.

568 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
L3 Uses only Layer 3 IP addresses to select ECMP routes and
load-sharing ports.
L3_L4 Uses Layer 3 IP addresses and Layer4 TCP/UDP port
numbers, if present, to select ECMP routes and load-
sharing ports.

Default
L3_L4.

Usage Guidelines
This command configures the criteria used to select ECMP routes and load-sharing
group ports.

For ECMP routes, the configured criteria selects the next hop gateway. The L3 option
uses only the source and destination IP addresses to select the next hop gateway.
The L3_L4 option uses the Layer4 TCP or UDP port and the source and destination IP
addresses to select the next hop gateway.

For load-sharing groups (link aggregation groups), the configured criteria selects
the load-sharing group port. The load-sharing groups can be configured to use the
following address-based algorithms:
• L2—Specifies port selection based on Layer 2 information.
• L3—Specifies port selection based on Layer 3 information.
• L3_L4—Specifies port selection based on Layer 3 and Layer4 information.

This command affects all the load-sharing groups that use either the L3 or L3_L4 link
aggregation algorithm. If the L3 option is specified, all the load-sharing groups that are
configured with either the L3 or the L3_L4 address-based link aggregation algorithm
use just the Layer 3 IP addresses for the egress port selection. Similarly if the L3_L4
option is specified, all the load-sharing groups that are configured with either L3 or
L3_L4 address-based link aggregation algorithm use the Layer 3 IP addresses and
Layer4 port number for the egress port selection.

Selecting the L3 option over L3_L4 can be useful in a network where IP fragments are
present, since only the first fragment contains the Layer4 TCP or UDP port number.
If the L3 option is selected, all IP fragments in a given TCP or UDP session use
the same ECMP gateway or load-sharing group port, potentially avoiding inefficient
packet reordering by the destination. If IP fragments are not prevalent, better traffic
distribution can be achieved by selecting L3_L4.

To display the forwarding sharing feature configuration, enter the command: show
forwarding configuration

Switch Engine™ Command Reference Guide for version 32.7.1 569

Example Commands

Example
The following example modifies the sharing selection criteria to use just the Layer 3 IP
addresses:
configure forwarding sharing L3

The following example modified the sharing selection criteria to use the Layer 3 and
Layer 4 information:
configure forwarding sharing L3_L4

History
This command was first available in ExtremeXOS 11.6.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure forwarding suppression filters

configure forwarding iparp suppression filters [per-port |per-vlan]

Description
This command controls the way the hardware filters are installed for VXLAN ARP
suppression.

Syntax Description
iparp Selects IP ARP.
suppression ARP suppression. Requests may be proxied.
filters Control the way ARP suppression hardware filters are
installed.
per-port Install ARP suppression hardware filters on a per-port basis
(default).
per-vlan Install ARP suppression hardware filters on a per-VLAN
basis.

Default
By default, per-port option is assumed.

Example
The following example sets IP ARP suppression filtering per-VLAN:
configure forwarding iparp suppression filters per-vlan

570 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 22.3.

Platform Availability
This command is supported on the ExtremeSwitching 5420, 5520 series switches, and
stacks with 5320, 5420, 5520, 5720 slots only.

configure forwarding vpex ipmc replication

configure forwarding vpex ipmc replication [ controlling-bridge | bpe ]

Description
Configures Extended Edge Switching optimized IP multicast replication mode.

Syntax Description
forwarding Designates configuring hardware capabilities.
vpex Designates configuring Extended Edge Switching
capabilities.
ipmc Designates configuring IP multicast forwarding settings.
replication Designates configuring the way hardware replicates IP
multicast packets.
controlling-bridge Sets IP multicast replication to be performed at the
controlling bridge (CB) (default).
bpe Sets IP multicast replication to be performed at the bridge
port extender (BPE).

Default
By default, IP multicast replication is done on the CB.

Usage Guidelines
IP multicast (IPMC) replication involves generating multiple copies of incoming IPMC
traffic to subscribed receivers. Without IPMC replication, in Extended Edge Switching, if
there are “N” receivers on the BPEs , “N” copies are generated by the CB, which is not
efficient. IPMC replication allows the CB to send one copy of the packet to the BPE, and
then let the BPE do the replication.

You can configure the replication mode with this command. The default replication
is at the CB, but you can configure replication at the BPE. You might want to switch
to CB-based IPMC replication for debugging in the event of a problem or scalability,
because replication on the BPE uses a hardware resource on the CB that is limited.

Switch Engine™ Command Reference Guide for version 32.7.1 571

Example Commands

To see the current IP multicast replication mode, use the command show forwarding
configuration.

Example
The following example configures the IPMC replication to BPE mode:
# configure forwarding vpex ipmc replication bpe

History
This command was first available in ExtremeXOS 30.6.

Platform Availability
This command is available on ExtremeSwitching 5420 and 5520 series switches, and
Extreme 7520-48Y switches.

configure forwarding vpex vlan-port-filter

configure forwarding vpex vlan-port-filter [hash-table | port-group]

Description
Selects the way VLAN membership is implemented for Extended Edge Switching
extended ports.

Syntax Description
vpex
Specifies Extended Edge Switching.
vlan-port-filter Select hardware mechanism to enforce VLAN port
membership.
hash-table Use hash table for VLAN port membership when different
VLANs do not share many ports (default).
port-group Use port group for VLAN port membership when different
VLANs share many ports and there is a requirement for large
VLAN scale.

Default
Hash table is the default behavior.

572 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
In Extended Edge Switching hardware, the extended ports are represented as virtual
ports. The VLAN membership of extended ports can be implemented in two ways:
• Hash table with VLAN and virtual port as key. Note that hash tables can lead to hash
collisions at higher scale. (Default)
• Virtual port group. Programming the same group number in the VLAN table and
virtual port table indicates membership. The hardware has 64 virtual port groups.
You should select this option if many VLANs share the same extended ports.

Note that changing this configuration at run time could result in temporary loss of
traffic while the tables are reprogrammed. It is preferable to identify which option
works best for the particular topology and leave the setting unchanged during runt
ime or schedule the change during a maintenance window.

To see what setting you have selected with this command, see show forwarding
configuration on page 2787.

Example
The following example selects a virtual port group to define VLAN membership:
# configure forwarding vpex vlan-port-filter port-group

History
This command was first available in ExtremeXOS 22.6.

Platform Availability
This command is available on ExtremeSwitching 5420 and 5520 series switches, and
Extreme 7520-48Y switches.

configure identity-management role

configure identity-management role role_name { tag [ tag | none] } {vr
vr_name | none ] }

Description
This command defines VLAN/VR membership to an identity management role.

Syntax Description
role_name Name of the role.
tag VLAN tag for dynamic VLAN creation for this role.
tag VLAN tag between 1 and 4094.
vr Virtual router name for dynamic VLAN creation for this role.

Switch Engine™ Command Reference Guide for version 32.7.1 573

Default Commands

vr_name Virtual router name.

none None.

Default
N/A.

Usage Guidelines
Use this command to configure VLAN tag and the VR in which the dynamic VLAN has
to be created for a role. By default the dynamic VLAN is created in VR-Default if the VR
is not configured. The identity is placed in the base VLAN if no VLAN tag is configured
for this role. The configured VLAN tag and VR can be set to none to unconfigure the
same. VR-Mgmt is not allowed to configure. The VLAN tag and VR is applicable only to
the user created roles.

Example
The following example configures role "r1" and tag 100:
# configure identity-management role "r1" tag 100 vr "VR-Default"

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure identity-management role-based-vlan

configure identity-management role-based-vlan [add | delete] ports
[port_list | all]

Description
This command defines

Syntax Description
role-based vlan Associates the identity to a specific VLAN based on the
identity's role.
add Adds ports to the Identity Management role-based vlan
enabled portlist.
delete Deletes ports from the Identity Management role-based
vlan enabled portlist.

574 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

ports Configures Identity Management role-based VLAN on

ports.
port_list Configures Identity Management role-based VLAN on
specified port list.
all Configures Identity Management role-based VLAN on all
ports.

Default
N/A.

Usage Guidelines
Use this command to configure the role-based VLAN feature for Identity Management
enabled ports. This command requires the ports to be part of a base VLAN. Enabling
role-based VLAN on Identity Management enabled ports allows the identity to be
placed in the correct VLAN mapped to the role as configured by the administrator.

Note
You cannot enable the Identity Manager role-based VLAN feature on Netlogin
enabled ports.

Example
The following example configures Identity Management on ports 1-3, and 5.
# configure identity-management role-based-vlan add ports 1-3,5

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure identity-management access-list

configure identity-management access-list source-address [mac | ip]

Description
Configures the access-list source-address type.

Switch Engine™ Command Reference Guide for version 32.7.1 575

Syntax Description Commands

Syntax Description
mac Specifies MAC addresses.
ip Specifies IP addresses.

Default
MAC addresses.

Usage Guidelines
The identity management feature can install ACLs for identities based on the source
MAC or source IP address. By default the MAC address of the identity is used to install
the ACLs. Every network entity has a MAC address, but not all network devices have an
IP address, so we recommend that you use the default mac selection to install ACLs for
network entities based on the source MAC address.

You must disable the identity management feature with the disable identity-
management command before you use this command.

Example
The following command configures the identity management feature to use MAC-
based ACLs:

* Switch.4 # configure identity-management access-list source-address mac

History
This command was first available in ExtremeXOS 12.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure identity-management blacklist

configure identity-management blacklist add [mac mac_address {macmask}
| ip ip_address {netmask} | ipNetmask] | user user_name] configure
identity-management blacklist delete [all | mac mac_address {macmask}
| ip ip_address {netmask} | ipNetmask] | user user_name]

Description
Adds or deletes an entry in the identity manager blacklist.

576 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
add Adds the specified identity to the blacklist.
delete Deletes the specified identity from the blacklist.
all Specifies that all identities are to be deleted from the
blacklist. This option is available only when the delete
attribute is specified.
mac_address Specifies an identity by MAC address.
macmask Specifies a MAC address mask. For example:
FF:FF:FF:00:00:00.
ip_address Specifies an identity by IP address.
netmask Specifies a mask for the specified IP address.
ipNetmask Specifies an IP network mask.
user_name specifies an identity by user name.

Default
N/A.

Usage Guidelines
The software supports up to 512 entries in the blacklist. When you add an identity to the
blacklist, the switch searches the whitelist for the same identity. If the identity is already
in the whitelist, the switch displays an error.

It is possible to configure an identity in both lists by specifying different attributes in

each list. For example, you can add an identity username to the blacklist and add the
MAC address for that user’s laptop in the whitelist. Because the blacklist has priority
over the whitelist, the username is denied access to the switch from all locations.

If you add a new blacklist entry that is qualified by a MAC or IP address, the identity
manager does the following:
• Reviews the identities already known to the switch. If the new blacklist entry is an
identity known on the switch, all existing ACLs (based on user roles or whitelist
configuration) for the identity are removed.
• When a blacklisted MAC-based identity is detected or already known, a Deny All ACL
is programmed for the identity MAC address for the port on which the identity is
detected.
• When a blacklisted IP-based identity is detected or already known, a Deny All ACL
is programmed for the identity IP address for the port on which the identity is
detected.
• The ACL for blacklisted MAC and IP addresses precedes any ACLs based on user
names (including Kerberos snooping) that may have been previously configured on
the port. This ensures that a Kerberos exchange cannot complete when initiated for
blacklisted identities.

Switch Engine™ Command Reference Guide for version 32.7.1 577

Example Commands

If you add a new blacklist entry that is qualified by a username (with or without a
domain name), the identity manager does the following:
• Reviews the identities already known to the switch. If the new blacklist entry is an
identity known on the switch, a Deny All ACL is programmed for the identity MAC
address on all ports to which the identity is connected.
• When a new blacklisted username-based identity accesses the switch, a Deny All
ACL is programmed for the identity MAC address on the port on which the identity
was detected.
• The ACL for a blacklisted username follows any ACLs based on Kerberos snooping.
This ensures that a Kerberos exchange for another user can complete when initiated
from the same MAC address.

Note
Identity manager programs ingress ACLs. Blacklisted devices can receive
traffic from the network, but they cannot send traffic into the network.

Deny All ACLs for blacklisted entries exist as long as the identity remains in the identity
manager database.

If you delete an identity from the blacklist, identity manager checks to see if the
identity is in the local database. If the identity is known to the switch, the switch does
the following:
• Removes the Deny All ACL from the port to which the identity connected.
• Initiates the role determination procedure for the switch port to which the known
identity connected. This ensures that the appropriate role is applied to the identity
that is no longer blacklisted.

Note
The role determination process can trigger an LDAP refresh to collect
identity attributes for role determination.

Example
The following command adds a MAC address to the blacklist:

* Switch.4 # configure identity-management blacklist add mac 00:01:05:00:03:18

The following command deletes a user name from the blacklist:

* Switch.5 # configure identity-management blacklist delete user [email protected]

History
This command was first available in ExtremeXOS 12.7.

578 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure identity-management database memory-size

configure identity-management database memory-size Kbytes

Description
Configures the maximum amount of memory that is allocated to the identity
management database.

Syntax Description
Kbytes Specifies the maximum amount of memory to be used for
maintaining identity information. The range is 64 to 49152
KB.

Default
512 KB.

Usage Guidelines
If the current memory usage is higher than the memory size specified in the
configure identity-management database memory-size command, the command is
not successful and a warning message appears. The message indicates that the current
memory usage level is higher than the configured level and that the memory can be
freed only when existing identities log out or disconnect.

Example
The following command allocates 4096 kilobytes to the identity management
database:

* Switch.4 # configure identity-management database memory-size 4096

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 579

configure identity-management detection Commands

configure identity-management detection

configure identity-management detection [on | off] [fdb | iparp |
ipsecurity | kerberos | lldp | netlogin | all] ports [port_list |
all]

Description
This command provides the administrator a way to enable/disable the detection of the
identities that are triggered through any of the following protocols:
• FDB
• IPARP
• IPSecurity DHCP Snooping
• LLDP
• Netlogin
• Kerberos

Syntax Description
detection Detection of the identities.
on Detection of identities on.
off Detection of identities off.
fdb FDB identities.
iparp IPARP identities.
ipsecurity Identities detected through DHCP snooping entries.
kerberos Kerberos identities.
lldp LLDP identities.
all All identities.

Default
On.

Usage Guidelines
The identity manager detects the identities using the following protocols:
• FDB
• IPARP
• IPSecurity DHCP Snooping
• LLDP
• Netlogin
• Kerberos

580 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

By default, Identity Management detects identities through all the above mentioned
protocols.

This feature provides the administrator a way to enable/disable the detection of the
identities that are triggered through any of the above said protocols. The administrator
can control the identity detection through any of the protocol trigger at the port
level. This configuration can be applied to identity management enabled ports
only. ExtremeXOS displays an error if this configuration is applied for the identity
management disabled ports.

Note
All types of Netlogin identity will not be detected if the netlogin detection is
disabled.
Enabling Kerberos identity detection will not create identities for the previously
authenticated Kerberos clients.

Example

* Slot-1 Stack.1 # configure identity-management detection off fdb ports 1:3-6

* Slot-1 Stack.2 # configure identity-management detection off ipsecurity ports 1:3-6
* Slot-1 Stack.3 # configure identity-management detection off kerberos ports 1:1, 2:5-8
* Slot-1 Stack.4 # configure identity-management detection off netlogin ports 1:1-24,
2:1-24
The effect of these commands can be seen by issuing the show identity-management command
* Slot-1 Stack.5 # show identity-management
Identity Management : Enabled
Stale entry age out (effective) : 180 Seconds (180 Seconds)
Max memory size : 512 Kbytes
Enabled ports : 1:1-24, 2:1-24
FDB Detection Disabled ports : 1:3-6
IPARP Detection Disabled ports : None
IPSecurity Detection Disabled ports : 2:1
Kerberos Detection Disabled ports : 1:1, 2:5-8
LLDP Detection Disabled ports : None
Netlogin Detection Disabled ports : 1:1-24, 2:1-24
SNMP trap notification : Enabled
Access list source address type : IP
Kerberos aging time (DD:HH:MM) : 00:08:00
Kerberos force aging time (DD:HH:MM) : None
Valid Kerberos servers : none configured(all valid)

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 581

configure identity-management greylist Commands

configure identity-management greylist

configure identity-management greylist add user username identity-
management greylist delete [all | user username]

Description
This command enables a network administrator to choose usernames whose identity
is not required to be maintained. These user names are added to greylist. Identity
Management module does not create an identity when greylist users log in.

Syntax Description
username Specifies an identity by user name.

Default
N/A.

Usage Guidelines
The software supports up to 512 entries in greylist. Administrator can configure
username as part of greylist. When such configuration takes place, identity manager
takes following action.
• Checks if the same entry is present in blacklist/whitelist. If yes, command is rejected
with appropriate error message.
• Checks if this entry is ineffective because of existing entries in blacklist/whitelist.
During this check, precedence of greylist is also taken into account.
◦ E.g: New entry being configured into greylist is: Richard@corp. Assume blacklist
has higher precedence and it has an entry "Richard". In this case, new entry is
ineffective and the configuration is rejected giving the details.
• If no conflict is found, greylist is updated.
• IDM checks if any existing identity matches the new entry in greylist. If match is
found, location/identity will be deleted and unknown identity is created with the
same MAC.

If greylist user is the only user logged into the device, unknown identity is created
and user is kept in unauthenticated role. However if actual user is present along with
greylist user, no additional policy is applied for greylist user. Greylist user will get access
permissions same as that of actual user logged in.

When user deletes an entry from greylist, identity manager will:

1. Delete the entry and updates the list.

2. User identity is constructed based on NetLogin details, if deleted username is found

in NetLogin authenticated user database.

582 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command adds an username to the greylist:

configure identity-management greylist add user Richard@corp

The following command deletes an username from the greylist:

configure identity-management greylist del user Richard@corp

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure identity-management kerberos snooping aging time

configure identity-management kerberos snooping aging time minutes

Description
Specifies the aging time for Kerberos snooping entries.

Syntax Description
minutes Specifies the aging time in minutes. The range is 1 to 65535
minutes.

Default
N/A.

Usage Guidelines
Kerberos does not provide any service for un-authentication or logout. Kerberos does
provide a ticket lifetime, but that value is encrypted and cannot be detected during
snooping.

To enable the aging and removal of snooped Kerberos entries, this timer defines a
maximum age for the snooped entry. When a MAC address with a corresponding
Kerberos entry in Identity Manager is aged out, the Kerberos snooping timer starts. If
the MAC address becomes active before the Kerberos snooping timer expires, the timer
is reset and the Kerberos entry remains active. If the MAC address is inactive when the
Kerberos snooping timer expires, the Kerberos entry is removed.

Switch Engine™ Command Reference Guide for version 32.7.1 583

Example Commands

Example
The following command configures the aging time for 600 minutes:

* Switch.4 # configure identity-management kerberos snooping aging time 600

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure identity-management kerberos snooping force-aging time

configure identity-management kerberos snooping force-aging time [none |
minutes]

Description
Configures the switch to remove all Kerberos snooping entries after the specified time
expires.

Syntax Description
minutes Specifies the aging time in minutes. The range is 1 to 65535
minutes.
none Disables the Kerberos force-aging feature.

Default
N/A.

Usage Guidelines
If Kerberos force aging is enabled, we recommend that the Kerberos snooping force
aging time be set to the same value as the Kerberos ticket lifetime.

Example
The following command removes all Kerberos snooping entries after 600 minutes:

* Switch.4 # configure identity-management kerberos snooping force-aging time 600

584 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure identity-management kerberos snooping forwarding

configure identity-management kerberos snooping forwarding [fast-path |
slow-path]

Description
When identity management is enabled on a port, Kerberos packets are software-
forwarded. With this command, you can report if shared folder access via identity
management-enabled ports is slow if there exists other CPU-bound traffic.

Syntax Description
forwarding Configure how customer Kerberos authentication packets
are forwarded by this system.
fast-path Forward customer snooped Kerberos packets in hardware
(default).
slow-path Forward customer snooped Kerberos packets in software.
This option is recommended only for systems with low
CPU-bound traffic.

Default
Fast-path.

Usage Guidelines
Use this command to report if shared folder access via identity management-enabled
ports is slow if there exists other CPU-bound traffic.

Example
The following show command displays the modified Kerberos information:

# sh identity-management
Identity Management : Enabled
Stale entry age out (effective) : 180 Seconds (180 Seconds)
Max memory size : 512 Kbytes
Enabled ports : 1
SNMP trap notification : Enabled
Access list source address type : MAC
Kerberos aging time (DD:HH:MM) : None

Switch Engine™ Command Reference Guide for version 32.7.1 585

History Commands

Kerberos force aging time (DD:HH:MM) : None

Kerberos snooping forwarding : Fast path
Kerberos snooping forwarding : Slow path
Valid Kerberos servers : none configured(all valid)
LDAP Configuration:
-------------------
LDAP Server : No LDAP Servers configured
Base-DN : None
Bind credential : anonymous

LDAP Configuration for Netlogin:

dot1x : Enabled
mac : Enabled
web-based : Enabled

History
This command was first available in ExtremeXOS 15.1.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure identity-management kerberos snooping server

configure identity-management kerberos snooping add server ip_address
configure identity-management kerberos snooping delete server
[ip_address |all]

Description
Adds or deletes a Kerberos server to the Kerberos server list.

Syntax Description
ip_address Specifies a Kerberos server IP address to add or delete.
all Specifies that all Kerberos server list entries are to be
deleted.

Default
No servers are in the Kerberos server list.

Usage Guidelines
When no servers are configured in the Kerberos server list, the Kerberos snooping
feature processes responses from all Kerberos servers, which can expose the system
to simulated logins. To avoid this exposure, you can configure a list of up to 20 valid
Kerberos servers. When the Kerberos server list contains one or more entries, the switch
only processes responses from the Kerberos servers in the list.

586 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command adds the Kerberos server at IP address 10.10.10.1 to the
Kerberos server list:

* Switch.4 # configure identity-management kerberos snooping add server 10.10.10.1

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure identity-management list-precedence

configure identity-management list-precedence listname1 listname2
listname3

Description
This command allows you to configure the precedence of list types. You must specify
the list-names in the desired order of precedence. Listname1 will take precedence
of all lists (i.e., highest precedence). Listname2 will take precedence over Listname3.
When the user/device logs in, entries present in Listname1 will be searched at first to
find matching role. Entries present in Listname2 will be searched after Listname1 and
entries in Listname3 will be searched at last.

Syntax Description
listname1 Specifies the list type which has precedence over all list
types.
listname2 Specifies the list type which has next precedence, after
listname1.
listname3 Specifies the list type which has least precedence of all.

Default
greylist, blacklist, whitelist

Usage Guidelines
By default, greylist entries have higher precedence over blacklist and whitelist entries.

This means that IDM consults with greylist first upon detection of user, and then
decides if identity needs to be created. If there is a greylist entry matching the
incoming username, user identity is not created. If there is no matching greylist entry,

Switch Engine™ Command Reference Guide for version 32.7.1 587

Example Commands

IDM proceeds with role identification for the user. However, greylist precedence is
configurable. Following are three possibilities for greylist precedence configuration.

1. greylist, blacklist, whitelist

2. blacklist, greylist, whitelist

3. blacklist, whitelist, greylist

It is important to notice that blackist always has higher precedence over whitelist for
ExtremeXOS 15.1.2. In order to change the list precedence, Identity Management should
be disabled first. Disabling IDM is required since there may be many users/devices
already mapped to some roles and policies/ACLs applied. Considering the processing
load of unmapping the roles and removing policies, changing precedence isn't allowed
when IDM is enabled. When precedence configuration is changed, each entry present
in the list with lower precedence (new precedence) is checked with each entry present
in all the lists with higher precedence.

Example
The following example instructs that blacklist has precedence over all lists. Greylist has
precedence over whitelist. Whitelist has least precedence.

configure identity-management list-precedence blacklist greylist whitelist

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure identity-management ports

configure identity-management {add | delete} ports [port_list | all]

Description
Adds or deletes identity management for the specified ports.

Syntax Description
add Enables identity management on the specified port list.
delete Disables identity management on the specified port list.
port_list Specifies the ports to which this command applies.
all Specifies that this command applies to all ports.

588 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
No ports are in the identity management enabled port list.

Usage Guidelines
If neither the add nor the delete keyword is entered, identity management is enabled
on the specified port list, and the new port list overrides any previous port list.

If identity management is enabled on a port and a user or device is connected to it,

information about the user or device is present in the identity management database.
If this port is removed from the identity-management enabled port list, the user or
device information remains in the data base until the user logs out or the device
disconnects. However, once a port is deleted from enabled port list, no new information
is added to the identity management database for that port.

Note
Kerberos identities are not detected when both server and client ports are
added to identity management.

Example
The following command enables identity management on ports 2:3 and 2:5:

configure identity-management add ports 2:3,2:5

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure identity-management role add child-role

configure identity-management role role_name add child-role child_role

Description
Adds a child role to the specified role.

Syntax Description
role_name Specifies the name of an existing role.
child-role Specifies a name for the new child role (up to 32
characters).

Switch Engine™ Command Reference Guide for version 32.7.1 589

Default Commands

Default
N/A.

Usage Guidelines
The child role name can include up to 32 characters. Role names must begin with an
alphabetical letter, and only alphanumeric, underscore (_), and hyphen (-) characters
are allowed in the remainder of the name. Role names cannot match reserved
keywords. For more information on role name requirements and a list of reserved
keywords, see Object Names on page 12.

The following guidelines apply to child roles:

• A child role inherits all the policies applied to its parent and any higher levels above
the parent.
• The software supports 5 levels of hierarchy.
• Each role can have a maximum of 8 child roles.
• Each child role can have only 1 parent role.

Example
The following example configures a child role named East for the existing role named
India-Engr:

* Switch.66 # configure identity-management role "India-Engr" add child-role East

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure identity-management role add dynamic-rule

configure identity-management role role_name [add dynamic-rule rule_name
{ first | last | { [before | after] ref_rule_name}}]

Description
Adds a dynamic ACL rule for the specified role and specifies the order.

Syntax Description
role_name Specifies the name of an existing role.
rule_name Specifies the name of a dynamic ACL rule to add to the
specified role.

590 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
The order of the dynamic rule is last if the order is not explicitly specified.

Usage Guidelines
The maximum number of policies or ACL rules that can be applied to a particular role
is restricted to 8. This count does not include the policies and rules inherited from a
parent role. Since the maximum hierarchy depth is 5, the maximum number of policies
and rules supported for a role at the maximum hierarchy depth is 40 (8 x 5).

When a dynamic ACL rule is added to a role, it is immediately installed for all identities
mapped to that role and roles below it in the role hierarchy.

Example
The following example configures the role named India-Engr to use the ACL rule
named india-Engr-rule:

* Switch.55 # configure identity-management role "India-Engr" add dynamic-rule india-Engr-

rule

History
This command was first available in ExtremeXOS 12.5.

This command was modified in ExtremeXOS 15.2.1 to specify order.

Platform Availability
This command is available on all Universal switches supported in this document.

configure identity-management role add policy

configure identity-management role role_name add policy policy-name
{first | last {[before | after] ref_policy_name}}

Description
Adds a policy for the specified role and specifies the order.

Syntax Description
role_name Specifies the name of an existing role.
policy-name Specifies the name of a policy to add to the specified role.

Switch Engine™ Command Reference Guide for version 32.7.1 591

Default Commands

Default
The order of the policy is last if the order is not explicitly specified.

Usage Guidelines
The maximum number of policies or ACL rules that can be applied to a particular role
is restricted to 8. This count does not include the policies and rules inherited from a
parent role. Since the maximum hierarchy depth is 5, the maximum number of policies
and rules supported for a role at the maximum hierarchy depth is 40 (8 x 5).

When a policy is added to a role, it is immediately installed for all identities mapped to
that role and all roles below it in the role hierarchy.

Example
The following example configures the role named India-Engr to use the policy named
india-Engr-policy:

* Switch.44 # configure identity-management role "India-Engr" add policy india-Engr-policy

History
This command was first available in ExtremeXOS 12.5.

This command was modified in ExtremeXOS 15.2.1 to specify order.

Platform Availability
This command is available on all Universal switches supported in this document.

configure identity-management role delete child-role

configure identity-management role role_name delete child-role
[child_role | all]

Description
Deletes one or all child roles from the specified role.

Syntax Description
role_name Specifies the name of an existing role.
child-role Specifies a name for a child role to delete.
all Specifies that all child roles are to be deleted.

592 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
None.

Example
The following example deletes the child role named East from the existing role named
India-Engr:

* Switch.66 # configure identity-management role "India-Engr" delete child-role East

The following command deletes all child roles from the existing role named India-Engr:

* Switch.66 # configure identity-management role "India-Engr" delete child-role all

History
This command was first available in ExtremeXOS 12.5.

The all option was added in ExtremeXOS 12.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure identity-management role delete dynamic-rule

configure identity-management role role_name delete dynamic-rule
[rule_name | all]

Description
Deletes one or all dynamic ACL rules for the specified role.

Syntax Description
role_name Specifies the name of an existing role.
rule_name Specifies the name of a dynamic ACL rule to delete from
the specified role.
all Specifies that all dynamic ACL rules are to be deleted.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 593

Usage Guidelines Commands

Usage Guidelines
None.

Example
The following example deletes all dynamic rules from the role named India-Engr:

* Switch.55 # configure identity-management role "India-Engr" delete dynamic-rule all

History
This command was first available in ExtremeXOS 12.5.

The all option was added in ExtremeXOS 12.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure identity-management role delete policy

configure identity-management role role_name delete policy [policy-name
| all]

Description
Deletes one or all policies for the specified role.

Syntax Description
role_name Specifies the name of an existing role.
policy-name Specifies the name of a policy to delete from the specified
role.
all Specifies that all policies are to be deleted from the
specified role.

Default
N/A.

Usage Guidelines
None.

594 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example deletes the policy named india-Engr-policy from the role named
India-Engr:

* Switch.44 # configure identity-management role "India-Engr" delete policy india-Engr-

policy

History
This command was first available in ExtremeXOS 12.5.

The all option was added in ExtremeXOS 12.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure identity-management role match-criteria inheritance

configure identity-management role match-criteria inheritance [on | off]

Description
This command enables or disables the match-criteria inheritance support. Check the
current status by issuing the show identity-management command.

Syntax Description
role User role.
match-criteria Match criteria for the role.
inheritance Inheriting match criteria from parent role to child role.
on | off Specifies whether match criteria inheritance is on or off.

Default
Off.

Usage Guidelines
From ExtremeXOS Release 15.2, child roles can inherit the match criteria of the parent
role. This helps the user since the match criteria need not be duplicated in all levels of
hierarchy.

When match-criteria inheritance is on, for a user to be classified under a child role,
he has to satisfy the match criteria of the child role, and also all parent roles in the
hierarchy.

Switch Engine™ Command Reference Guide for version 32.7.1 595

Example Commands

Match criteria inheritance helps users in avoiding the need to duplicate match-criteria
entries in the hierarchy.

Example
For example, there are roles called Employee, USEmployee and USSales in an
organization hierarchy of a company XYZCorp.com. Till ExtremeXOS 15.1 (or with match-
criteria inheritance off), the user has to create three roles like this:

* Switch.1 # create identity-management role Employee match-criteria “company ==

XYZCorp.com;”
* Switch.2 # create identity-management role USEmployee match-criteria “company ==
XYZCorp.com; AND country == USA;”
* Switch.3 # create identity-management role USSales match-criteria “company ==
XYZCorp.com; AND country == USA; AND department = Sales”
* Switch.4 # configure identity-management role "Employee" add child-role "USEmployee"
* Switch.5 # configure identity-management role "USEmployee" add child-role "USSales"

Now this can be simplified into the following since child role inherits parent role’s
match criteria:

* Switch.1 # configure identity-management role match-criteria inheritance on

* Switch.2 # create identity-management role Employee match-criteria “company ==
XYZCorp.com;”
* Switch.3 # create identity-management role USEmployee match-criteria “country == USA;”
* Switch.4 # create identity-management role USSales match-criteria “department = Sales”
* Switch.5 # configure identity-management role "Employee" add child-role "USEmployee"
* Switch.6 # configure identity-management role "USEmployee" add child-role "USSales"

History
This command was first available in ExtremeXOS 15.2

Platform Availability
This command is available on all Universal switches supported in this document.

configure identity-management role priority

configure identity-management role role_name priority pri_value

Description
Configures a priority value for the specified role.

596 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
role_name Specifies the name of an existing role that you want to
configure.
pri_value Specifies the role priority; the lower the priority number,
the higher the priority. The range of values is 1 to 255. Value
1 represents the highest priority, and value 255 represents
the lowest priority.

Default
Priority=255.

Usage Guidelines
The role priority determines which role a user is mapped to when the user’s attributes
match the match-criteria of more than 1 role. If the user’s attributes match multiple
roles, the highest priority (lowest priority value) role applies. If the priority is the same
for all matching roles, the role for which the priority was most recently set or modified is
used.

Example
The following example configures the role named India-Engr to use the highest priority:

* Switch.33 # configure identity-management role "India-Engr" priority 1

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure identity-management stale-entry aging-time

configure identity-management stale-entry aging-time seconds

Description
Configures the stale-entry aging time for event entries in the identity management
database.

Syntax Description
seconds Specifies the period (in seconds) at which event entries are
deleted. The range is 60 to 1800 seconds.

Switch Engine™ Command Reference Guide for version 32.7.1 597

Default Commands

Default
180 seconds.

Usage Guidelines
The identity management database contains active entries, which correspond to active
users and devices, and event entries, which record identity management events such
as user logout or device disconnect. The active entries are automatically removed when
a user logs out or a device disconnects. The event entries are automatically removed
after a period defined by the stale-entry aging time.

Note
To capture active and event entries before they are deleted, you can use
external management software such as Ridgeline™, which can access the
switch using XML APIs. We recommend that the external client(s) that poll
the identity management database be configured for polling cycles that are
between one-third and two-thirds of the stale-aging time. This ensures that a
new database entry or event does not age out before the next polling cycle.

The stale-entry aging time defines when event entries become stale. To preserve
memory, the software periodically uses a cleanup process to remove the stale entries.
You can configure the stale-entry aging time. The cleanup interval is defined by the
software.

When memory usage is high, the software reduces both the stale-entry aging time
and the cleanup interval to keep memory available for new entries. The following table
shows how the database is managed as memory usage increases.

Table 8: Identity Management Database Usage Levels

Database Database Effective Stale-Entry Description
Memory Memory Aging Time
Usage Usage Level
Level (Percent)
Normal Up to 80% Configured stale- New identities and associated
entry aging time information (VLAN and IP addresses)
are added to or updated in the
database. Events are also added to
the database.
Events are deleted from the database
after the configured stale-entry aging
time.
High Above 80% to The lower value of Identities and events are added to
90% the following: 90 the database as for the normal usage
seconds or 50% level, but the effective stale-entry
of the configured aging time is reduced to delete
stale-entry aging events sooner and free memory.
time

598 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Table 8: Identity Management Database Usage Levels (continued)

Database Database Effective Stale-Entry Description
Memory Memory Aging Time
Usage Usage Level
Level (Percent)
Critical Above 90% 15 seconds The effective stale-entry aging time
is further reduced to delete events
sooner and free memory.
No new identities are added to the
database at this usage level, but
updates (such as the addition or
deletion of a VLAN or IP address)
continue. At this level, the database
might be missing active entries.
Maximum Above 98% 15 seconds At this level, the software does not
process additions or updates to the
database. The software only processes
deletions. At this level, the database
might be missing active entries.

Whenever the database usage level changes, an EMS message is logged, and if
enabled, an SNMP trap is sent. If the switch changes the stale-entry aging time, the
SNMP trap contains the new stale-entry aging time.

Note
If the database level regularly reaches the high usage level, or if it reaches the
critical or maximum levels, it is time to investigate the cause of the issue. The
solution might be to increase the database memory size.

External clients should be capable of adjusting the polling cycles. Because the aging
cycle is shorter when memory is low, it is best if external clients can adjust their polling
cycles in response to SNMP traps that announce a change in the stale-entry aging
time.

Example
The following command configures the stale-entry aging time for 90 seconds:

* Switch.4 # configure identity-management stale-entry aging-time 90

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 599

configure identity-management whitelist Commands

configure identity-management whitelist

configure identity-management whitelist add [mac mac_address {macmask}
| ip ip_address {netmask} | ipNetmask] | user user_name]configure
identity-management whitelist delete [all | mac mac_address {macmask}
| ip ip_address {netmask} | ipNetmask] | user user_name]

Description
Adds or deletes an identity in the identity manager whitelist.

Syntax Description
add Adds the specified identity to the whitelist.
delete Deletes the specified identity from the whitelist.
all Specifies that all identities are to be deleted from the
whitelist. This option is available only when the delete
attribute is specified.
mac_address Specifies an identity by MAC address.
macmask Specifies a MAC address mask. For example:
FF:FF:FF:00:00:00.
ip_address Specifies an identity by IP address.
netmask Specifies a mask for the specified IP address.
ipNetmask Specifies an IP network mask.
user_name Specifies an identity by user name.

Default
N/A.

Usage Guidelines
The software supports up to 512 entries in the whitelist. When you add an identity to
the whitelist, the switch searches the blacklist for the same identity. If the identity is
already in the blacklist, the switch displays an error.

It is possible to configure an identity in both lists by specifying different attributes in

each list. For example, you can add an identity username to the whitelist and add the
MAC address for that user’s laptop in the blacklist. Because the blacklist has priority
over the whitelist, identity access is denied from the user’s laptop, but the user can
access the switch from other locations.

600 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

If you add a new whitelist entry that is qualified by a MAC or IP address, the identity
manager does the following:
• Reviews the identities already known to the switch. If the new whitelist entry is
blacklisted (by specifying a different identity attribute), no action is taken.
• If the identity is not blacklisted and is known on the switch, all existing ACLs for the
identity are removed.
• When a whitelisted MAC-based identity is detected or already known, an Allow All
ACL is programmed for the identity MAC address for the port on which the identity
is detected.
• When a whitelisted IP-based identity is detected or already known, an Allow All
ACL is programmed for the identity IP address for the port on which the identity is
detected.

If you add a new whitelist entry that is qualified by a username (with or without a
domain name), the identity manager does the following:
• Reviews the identities already known to the switch. If the new whitelist entry is an
identity known on the switch, an Allow All ACL is programmed for the identity MAC
address on all ports to which the identity is connected.
• When a new whitelisted username-based identity accesses the switch, an Allow All
ACL is programmed for the identity MAC address on the port on which the identity is
detected.
• The ACL for a whitelisted username follows any ACLs based on Kerberos snooping.

Allow All ACLs for whitelisted entries exist as long as the identity remains in the identity
manager database.

If you delete an identity from the whitelist, identity manager checks to see if the
identity is in the local database. If the identity is known to the switch, the switch does
the following:
• Removes the Allow All ACL from the port to which the identity connected.
• Initiates the role determination procedure for the switch port to which the known
identity connected. This ensures that the appropriate role is applied to the identity
that is no longer whitelisted.

Note
The role determination process can trigger an LDAP refresh to collect
identity attributes for role determination.

Example
The following command adds an IP address to the whitelist:

* Switch.4 # configure identity-management whitelist add ip 10.0.0.1

The following command deletes a user name from the whitelist:

* Switch.5 # configure identity-management whitelist delete user john

Switch Engine™ Command Reference Guide for version 32.7.1 601

History Commands

History
This command was first available in ExtremeXOS 12.7.

Platform Availability
This command is available on all Universal switches supported in this document.

configure cli idle-timeout

configure cli idle-timeout minutes

Description
Configures the time-out for idle console, SSH2, and Telnet sessions.

Syntax Description
minutes Specifies the time-out interval, in minutes. Range is 1 to
240 (1 minute to 4 hours).

Default
The default time-out is 20 minutes.

Usage Guidelines
This command configures the length of time the switch will wait before disconnecting
idle console, SSH2, or Telnet sessions.

The idletimeout feature must be enabled for this command to have an effect (the
idletimeout feature is enabled by default).

Example
The following command sets the time-out for idle login and console sessions to 10
minutes:
configure cli idle-timeout 10

History
This command was first available in ExtremeXOS 10.1.

The cli keyword was added and the idletimeout keyword was changed to idle-
timeout in ExtremeXOS 30.3.

602 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure igmp
configure igmp query_interval query_response_interval
last_member_query_interval {{vlan} vlan_name} {{vr} vr_name}
{robustness}

Description
Configures the IGMP timers.

Syntax Description
query_interval Specifies the interval (in seconds) between general queries.
query_response_interv Specifies the maximum query response time (in seconds).
al
last_member_query_int Specifies the maximum group-specific query response
erval time (in seconds).
vlan_name Applies the configuration only to the specified VLAN. If no
VLAN is specified, the configuration applies to all VLANs.
vr_name Specifies the VR to which the configuration should be
applied. If no parameter is specified, the configuration is
applied to the current VR context.
robustness Specifies the degree of robustness for the network.

Default
• query interval—125 seconds
• query response interval—10 seconds
• last member query interval—1 second
• robustness—2

Usage Guidelines
Timers are based on RFC2236. Specify the following:
• query interval—The amount of time, in seconds, the system waits between sending
out general queries. The range is 1 to 429,496,729 seconds.
• query response interval—The maximum response time inserted into the periodic
general queries. The range is 1 to 25 seconds.
• last member query interval—The maximum response time inserted into a group-
specific query sent in response to a leave group message. The range is 1 to 25
seconds.

Switch Engine™ Command Reference Guide for version 32.7.1 603

Example Commands

• robustness—The degree of robustness of the network. The range is 2 to 7. This

parameter allows tuning for the expected packet loss on a link. If a link is expected to
have packet loss, this parameter can be increased.
• The group timeout is defined by the formula: group_timeout = (query_interval
x robustness) + query_response_interval, according to RFC 2236. You can
explicitly define the host timeout using the configure igmp snooping
timer router_timeout host_timeout {vr vrname} command. The effective
host_timeout is the lesser value of the group_timeout and the configured
host_timeout.

Example
The following command configures the IGMP timers:
configure igmp 100 5 1 3

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure igmp router-alert receive-required

configure igmp router-alert receive-required [on | off] {{vlan}
vlan_name}

Description
Controls when the router-alert option is required for IGMPv2 and IGMPv3 packet
reception and processing.

Syntax Description
vlan Applies the configuration only to the specified VLAN. If no
VLAN is specified, the configuration applies to all VLANs.

Default
Off—All IGMP packets are received and processed.

604 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
By default, the ExtremeXOS software receives and processes all IGMP packets,
regardless of the setting of the router-alert option within a packet. The default
configuration works with all switches that support the ExtremeXOS software.

IETF standards require that a router accept and process IGMPv2 and IGMPv3 packets
only when the router-alert option is set. The on setting for this command sets the
ExtremeXOS software to comply with the IETF standards and should be used when the
switch will be used with third-party switches that expect IETF compliant behavior.

Example
The following command configures the switch for IETF compliant IGMP packet
processing:
configure igmp router-alert receive-required on

History
This command was first available in ExtremeXOS 12.5.3.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure igmp router-alert transmit

configure igmp router-alert transmit [on | off] {{vlan} vlan_name}

Description
Controls whether the router-alert option is set when forwarding IGMPv2 and IGMPv3
packets.

Syntax Description
vlan Applies the configuration only to the specified VLAN. If no
VLAN is specified, the configuration applies to all VLANs.

Default
On—The router-alert option is set when forwarding IGMPv2 and IGMPv3 packets.

Switch Engine™ Command Reference Guide for version 32.7.1 605

Usage Guidelines Commands

Usage Guidelines
IETF standards require that a router set the router-alert option in forwarded IGMPv2
and IGMPv3 packets. The ExtremeXOS software has been updated to comply with this
requirement using the default settings.

Earlier versions of the ExtremeXOS software forwarded all IGMP packets without setting
the router-alertoption. If compatibility issues arise, you can configure the software to
use the legacy behavior by using this command with the off option.

Example
The following command configures the switch for IETF compliant IGMP packet
processing:
configure igmp router-alert transmit on

History
This command was first available in ExtremeXOS 12.5.3.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure igmp snooping filters

configure igmp snooping filters [per-port | per-vlan]

Description
Selects the type of IGMP snooping filters that are installed.

Syntax Description
per-port Installs the per-port IGMP snooping filters.
per-vlan Installs the per-VLAN IGMP snooping filters.

Default
per-port.

606 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use the per-vlan option when the number of VLANs configured on the switch is lower
than the maximum numbers listed in the following table. This option conserves usage
of the hardware Layer 3 multicast forwarding table.

When the number of configured VLANs is larger than the maximum values listed
here, select the per-port option. Each VLAN requires additional interface hardware
ACL resources. The per-port option conserves usage of the interface hardware ACL
resources.

Table 9: Maximum Number of VLANs Supported by per-VLAN IGMP Snooping

Filters
ExtremeSwitching Switch Series Maximum Number of VLANs When per-VLAN
Module Type Snooping Filters are Installed
a Series 1000
c Series 2000.
e Series 448.
xl Series 2000.

The actual maximum value is smaller if other processes require entries in the interface
ACL table. To display the IGMP snooping filters configuration, use the show igmp
snooping command.

Note
For MLD Snooping, the maximum number of VLANs is half of the numbers
provided in this table. The maximum number specified here is individual limit
for IGMP snooping filters. If both IGMP and MLD snooping filters are used, the
maximum numbers are lower than the ones specified.

Example
The following command configures the switch to install the per-VLAN IGMP snooping
filters:
# configure igmp snooping filters per-vlan

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IGMP snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 607

configure igmp snooping flood-list Commands

configure igmp snooping flood-list

configure igmp snooping flood-list [policy | none] {vr vrname}

Description
Configures certain multicast addresses to be slow path flooded within the VLAN.

Syntax Description
policy Specifies a policy file with a list of multicast addresses to be
handled.
none Specifies no policy file is to be used.
vrname Specifies a virtual router.

Default
None.

Usage Guidelines
With this command, a user can configure certain multicast addresses to be slow path
flooded within the VLAN, which otherwise are fast path forwarded according to IGMP
and/or Layer 3 multicast protocol.

A policy file is a text file with the extension, .pol. It can be created or edited with any text
editor. The specified policy file policy file should contain a list of addresses which
determine if certain multicast streams are to be treated specially. Typically, if the switch
receives a stream with a destination address which is in the policy file in 'permit'
mode, that stream is software flooded and no hardware entry is installed.

When adding an IP address into the policy file, a 32-bit host address is recommended.

This feature is meant to solve the multicast connectivity problem for unknown
destination addresses within system reserved ranges. Specifically this feature was
introduced to solve the problem of recognizing certain streams as control packets.

To create a policy file for the snooping flood-list, use the following template:
# This is a template for IGMP Snooping Flood-list Policy File
# Add your group addresses between "Start" and "End"
# Do not touch the rest of the file!!!!
entry igmpFlood {
if match any {
#------------------ Start of group addresses ------------------
nlri 234.1.1.1/32;
nlri 239.1.1.1/32;
#------------------- end of group addresses -------------------
}
then {
permit;
}

608 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

}
entry catch_all {
if {
}
then {
deny;
}
}

Note
The switch does not validate any IP address in the policy file used in this
command. Therefore, slow-path flooding should be used only for streams
which are very infrequent, such as control packets. It should not be used
for multicast data packets. This option overrides any default mechanism of
hardware forwarding (with respect to IGMP, PIM, or DVMRP), so it should be
used with caution.

Slow path flooding is done within the L2 VLAN only.

Use the none option to effectively disable slow path flooding.

You can use the show igmp command to see the configuration of slow path flooding.

Example
The following example configures the multicast data stream specified in access1 for
slow path flooding:
configure igmp snooping flood-list access1

The following command specifies that no policy file is to be used, this effectively
disabling slow path flooding:
configure igmp snooping flood-list none

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IGMP snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure igmp snooping leave-timeout

configure igmp snooping leave-timeout leave_timeout_ms {{vlan}
vlan_name} {{vr} vr_name}

Switch Engine™ Command Reference Guide for version 32.7.1 609

Description Commands

Description
Configures the IGMP snooping leave timeout.

Syntax Description
leave_timeout_ms Specifies an IGMP leave timeout value in milliseconds.
vlan_name Applies the configuration only to the specified VLAN. If no
VLAN is specified, the configuration applies to all VLANs.

Default
1000 ms.

Usage Guidelines
The leave-timeout is the IGMP leave override interval. If no other hosts override the
IGMP leave by the end of this interval, the receiver port is removed.

The range is 0 - 175000 ms (175 seconds). For timeout values of one second or less,
you must set the leave-timeout to a multiple– of 100 ms. For values of more than one
second, you must set the leave-timeout to a multiple of 1000 ms (one second).

Example
The following example configures the IGMP snooping leave timeout to one second:
configure igmp snooping leave-timeout 1000

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IGMP snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure igmp snooping timer

configure igmp snooping timer router_timeout host_timeout {vr vrname}
{vlan vlan_name}

Description
Configures the IGMP snooping timers.

610 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
router_timeout Specifies the time in seconds before removing a router
snooping entry.
host_timeout Specifies the time in seconds before removing a host’s
group snooping entry.
vrname Specifies a virtual router.
vlan_name Specifies the VLAN name. If no VLAN is specified, the
setting is applied to all existing VLANs.

Default
The router timeout default setting is 260 seconds. The host timeout setting is 260
seconds.

Usage Guidelines
Timers should be set to approximately 2.5 times the router query interval in use on the
network. Specify the following:
• router timeout—The maximum time, in seconds, that a router snooping entry can
remain in the IGMP snooping table without receiving a router report. If a report is
not received, the entry is deleted. The range is 10 to 214,748,364 seconds (6.8 years).
The default setting is 260 seconds.
• host timeout—The maximum time, in seconds, that a group snooping entry can
remain in the IGMP snooping table without receiving a group report. If a report is
not received, the entry is deleted. The range is 10 to 214,748,364 seconds. The default
setting is 260 seconds.

Note
The host_timeout value should be less than or equal to the query timeout
value, which is defined by the following: (query_interval x robustness) +
query_response_interval.

IGMP snooping expects at least one device on every VLAN to periodically generate
IGMP query messages. Without an IGMP querier, the switch eventually stops
forwarding IP multicast packets to any port, because the IGMP snooping entries time
out, based on the value specified in host_timeout or router_timeout.

Example
The following example configures the IGMP snooping timers:
configure igmp snooping timer 600 600

History
This command was first available in ExtremeXOS 10.1.

Switch Engine™ Command Reference Guide for version 32.7.1 611

Platform Availability Commands

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IGMP snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure igmp snooping vlan ports add dynamic group

configure igmp snooping {vlan} vlan_name {ports portlist} add dynamic
group [ grpipaddress ]

Description
Configures an IGMP dynamic group.

Syntax Description
vlan_name Specifies a vlan name.
portlist Specifies a port list.
grpipaddress Specifies the multicast group IP address.

Default
N/A.

Usage Guidelines
This command adds IGMP groups to specific VLANs or to ports belonging to specific
VLANs. After the groups are added, the expiration timer is started. This causes the
groups to expire. The configuration is not saved in the configuration file. The following
message is displayed on execution of this command:
INFO: This command is not saved in the configuration.

Example
The following example adds a dynamic group to a switch port:
switch.111 # configure igmp snooping vlan "ixia113" ports 47 add dynamic group 225.1.1.1

INFO: This command is not saved in the configuration.

The following command displays the group:

switch.112 # show igmp group
Group Address Ver Vlan Port Age
225.1.1.1 2 ixia113 47 3

Total: 1
switch.113 #

612 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The following example adds a dynamic group to a vlan (loopback port):

switch sw5.113 # configure igmp snooping vlan "ixia113" add dynamic group 225.1.1.1

INFO: This command is not saved in the configuration.

The following command displays the group:

switch.114 # show igmp group
Group Address Ver Vlan Port Age
225.1.1.1 2 ixia113 Lpbk 37

Total: 1
switch.115 #

History
This command was first available in ExtremeXOS 15.3.2.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure igmp snooping vlan ports add static group

configure igmp snooping {vlan} vlanname {ports portlist }add static
group grpipaddress

Description
Configures VLAN ports to receive the traffic from a multicast group, even if no IGMP
joins have been received on the port.

Syntax Description
vlanname Specifies a VLAN name.
portlist Specifies one or more ports or slots and ports.
grpipaddress Specifies the multicast group IP address.

Default
N/A.

Usage Guidelines
Use this command to forward a particular multicast group to VLAN ports. In effect, this
command emulates a host on the port that has joined the multicast group. As long as

Switch Engine™ Command Reference Guide for version 32.7.1 613

Example Commands

the port is configured with the static entry, multicast traffic for that multicast group is
forwarded to that port.

This command is for IGMPv2 only.

The switch sends proxy IGMP messages in place of those generated by a real host. The
proxy messages use the VLAN IP address for source address of the messages. If the
VLAN has no IP address assigned, the proxy IGMP message uses 0.0.0.0 as the source IP
address.

The multicast group should be in the class-D multicast address space, but should not
be in the multicast control subnet range (224.0.0.x/24).

If the ports also have an IGMP filter configured, the filter entries take precedence. IGMP
filters are configured using the command:
configure igmp snooping vlan vlanname ports portlist filterpolicy file

Example
The following example configures a static IGMP entry so that multicast group 225.1.1.1 is
forwarded to VLAN "marketing" on port 47:
switch.30 # configure igmp snooping marketing ports 47 add static group 225.1.1.1

The following command displays the group:

* (pacman debug) sw4.31 # show igmp group
Group Address Ver Vlan Port Age
225.1.1.1(s) 2 marketing 47 0

Total: 1
switch.32 #

The following example adds a static group to a vlan (loopback port):

switch.32 # configure igmp snooping marketing add static group 225.1.1.1

The following command displays the group:

switch.33 # show igmp group
Group Address Ver Vlan Port Age
225.1.1.1(s) 2 marketing Lpbk 0

Total: 1
switch.34 #

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and

614 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure igmp snooping vlan ports add static router

upgrade your license and which licenses support the IGMP snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure igmp snooping vlan ports add static router

configure igmp snooping {vlan} vlanname ports portlist add static router

Description
Configures VLAN ports to forward the traffic from all multicast groups, even if no IGMP
joins have been received on the port.

Syntax Description
vlanname Specifies a VLAN name.
portlist Specifies one or more ports or slots and ports.

Default
N/A.

Usage Guidelines
Use this command to forward all multicast groups to the specified VLAN ports. In effect,
this command emulates a multicast router attached to those ports. As long as the ports
are configured with the static entry, all available multicast traffic is forwarded to those
ports.

Example
The following example configures a static IGMP entry so all multicast groups are
forwarded to VLAN marketing on ports 2:1-2:4:
configure igmp snooping marketing ports 2:1-2:4 add static router

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IGMP snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 615

configure igmp snooping vlan ports delete static group Commands

configure igmp snooping vlan ports delete static group

configure igmp snooping {vlan} vlan_name {ports port_list} delete static
group [ip_address | all]

Description
Removes the port configuration that causes multicast group traffic to be forwarded,
even if no IGMP leaves have been received on the port.

Syntax Description
vlan_name Specifies a VLAN name.
port_list Specifies one or more ports or slots and ports.
ip_address Specifies the multicast group IP address.
all Delete all the static groups.

Default
N/A.

Usage Guidelines
This command is used to remove a static IGMP group entry created on a VLAN or on
a port. Use this command to remove a static group entry created by the following
command:
configure igmp snooping vlan vlanname ports portlist add static group
ipaddress

Example
The following example removes a static IGMP entry that forwards the multicast group
224.34.15.37 to the VLAN marketing on ports 2:1-2:4:
configure igmp snooping marketing ports 2:1-2:4 delete static group 224.34.15.37

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IGMP snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

616 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure igmp snooping vlan ports delete static router

configure igmp snooping vlan ports delete static router

configure igmp snooping vlan vlanname ports portlist delete static
router

Description
Removes the configuration that causes VLAN ports to forward the traffic from all
multicast groups, even if no IGMP joins have been received on the port.

Syntax Description
vlanname Specifies a VLAN name.
portlist Specifies one or more ports or slots and ports. On a
SummitStack, it can be a list of slots and ports. On a
standalone switch, can be one or more port numbers. May
be in the form 1, 2, 3-5, 2:5, 2:6-2:8.

Default
N/A.

Usage Guidelines
This command is used to remove a static router port entry created on a VLAN. Use this
command to remove an entry created by the following command:
configure igmp snooping vlan vlanname ports portlist add static router

Example
The following example removes the static IGMP entry that caused all multicast groups
to be forwarded to VLAN marketing on ports 2:1-2:4:
configure igmp snooping marketing ports 2:1-2:4 delete static router

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IGMP snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 617

configure igmp snooping vlan ports filter Commands

configure igmp snooping vlan ports filter

configure igmp snooping vlan vlanname ports portlist filter [policy |
none]

Description
Configures an IGMP snooping policy file filter on VLAN ports.

Syntax Description
vlanname Specifies a VLAN name.
portlist Specifies one or more ports or slots and ports. On a SummitStack,
it can be a list of slots and ports. On a stand-alone switch, it can
be one or more port numbers. May be in the form 1, 2, 3-5, 2:5,
2:6-2:8.
policy Specifies the policy file for the filter.

Default
None.

Usage Guidelines
Use this command to filter multicast groups to the specified VLAN ports.

The policy file used by this command is a text file that contains the class-D addresses of
the multicast groups that you wish to block.

To remove IGMP snooping filtering from a port, use the none keyword version of the
command.

Use the following template to create a snooping filter policy file:

# # Add your group addresses between "Start" and "end" # Do not touch the rest of the
file!!!!
entry igmpFilter
{ if match any
{
#------------------ Start of group addresses ------------------
nlri 239.11.0.0/16; nlri 239.10.10.4/32;
#------------------- end of group addresses -------------------
} then { deny;
}
}
entry catch_all
{ if
{
} then
{ permit;
}
}

618 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example configures the policy file ap_multicast to filter multicast packets
forwarded to VLAN marketing on ports 2:1-2:4:
configure igmp snooping marketing ports 2:1-2:4 filter ap_multicast

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IGMP snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure igmp snooping vlan ports set join-limit

configure igmp snooping {vlan} vlanname ports portlist set join-limit
{num}

Description
Configures VLAN ports to support a maximum number of IGMP joins.

Syntax Description
vlanname Specifies a VLAN name.
portlist Specifies one or more ports or slots and ports.
num Specifies the maximum number of joins permitted on the
ports. The range is 1 to 500.

Default
No limit.

Usage Guidelines
None.

Example
The following example configures port 2:1 in the Default VLAN to support a maximum
of 100 IGMP joins:
configure igmp snooping "Default" ports 2:1 set join-limit 100

Switch Engine™ Command Reference Guide for version 32.7.1 619

History Commands

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IGMP snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure igmp ssm-map add

configure igmp ssm-map add group_ip [prefix | mask] [source_ip |
src_domain_name] {vr vr-name}

Description
Configures an IGMP SSM mapping.

Syntax Description
group_ip Specifies the multicast IP address for the group mapping.
prefix Specifies a prefix length for the multicast group IP address.
The range is 4 to 32.
mask Specifies the network mask for the group multicast IP
address.
source_ip The IP address for a multicast group source.
src_domain_name The source domain name for the multicast group source.
vr-name Specifies a virtual router name. If the VR name is omitted,
the switch uses the VR specified by the current CLI VR
context.

Default
N/A.

Usage Guidelines
IGMP SSM mapping operates only with IPv4.

Example
The following example configures an IGMP-SSM mapping for the range of multicast IP
addresses at 232.1.1.0/24 originating from IP host 172.16.8.1:
configure igmp ssm-map add 232.1.1.0/24 172.16.8.1

620 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure igmp ssm-map delete

configure igmp ssm-map delete group_ip [prefix} | mask] [source_ip |
all] vr vr-name}

Description
Unconfigures an SSM mapping.

Syntax Description
group_ip Specifies the multicast IP address for the group mapping.
prefix Specifies a prefix length for the multicast group IP address.
The range is 4 to 32.
mask Specifies the network mask for the group multicast IP
address.
source_ip The IP address for a multicast group source.
all Specifies that all sources for the specified group or mask
are deleted.
vr-name Specifies a virtual router name. If the VR name is omitted,
the switch uses the VR specified by the current CLI VR
context.

Default
N/A.

Usage Guidelines
None.

Example
The following example deletes an IGMP-SSM mapping for the range of multicast IP
addresses at 232.1.1.0/24 originating from IP host 172.16.8.1:
configure igmp ssm-map delete 232.1.1.0/24 172.16.8.1

Switch Engine™ Command Reference Guide for version 32.7.1 621

History Commands

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure inline-power classification

configure inline-power classification [802.3af | 802.3af-high |
802.3pre-at | 802.3at | 802.3pre-bt | 802.3bt-type3 | 802.3bt-type4]
ports port_list

Description
This command configures PoE port-level classification power-up mode for Extreme
Networks PoE devices that do not support 802.3bt when connecting to switches with
60W/90W PoE ports. ExtremeSwitching platforms support per-port basis configuration.

Syntax Description
classification Classification power-up mode.
802.3af IEEE 802.3af 15W mode.
802.3af-high IEEE 802.3af 30W mode.
802.3pre-at IEEE 802.3 pre-at 30W mode.
802.3at IEEE 802.3at 30W mode.
802.3pre-bt IEEE 802.3 pre-bt 4-pair 60W mode.
802.3bt-type3 IEEE 802.3bt Type 3 60W mode.
802.3bt-type4 IEEE 802.3bt Type 4 90W mode.
ports Specifies the port.
port_list Port list separated by a comma or - .

Default
Depends on the maximum classification level supported by the platform. For example,
one switch can have a default classification level of 802.3bt-type4, while another a
default classification level of 802.3at.

622 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use the specified power-up classification instead of the default classification based on
port type.

Example
The following command displays all classification options:
# configure inline-power classification ?
802.3af IEEE 802.3af 15W mode
802.3af-high IEEE 802.3af 30W mode
802.3at IEEE 802.3at 30W mode
802.3bt-type3 IEEE 802.3bt Type 3 60W mode
802.3bt-type4 IEEE 802.3bt Type 4 90W mode
802.3pre-at IEEE 802.3 pre-at 30W mode
802.3pre-bt IEEE 802.3 pre-bt 4-pair 60W mode

History
This command was first available in ExtremeXOS 31.3.

The 802.3af, 802.3af-high, and 802.3pre-at options were added in ExtremeXOS 31.7.

Platform Availability
PoE

PoE+
• ExtremeSwitching 5420F-8W-16P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-24P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16MW-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16W-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-48P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-48P-4XL—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-16MW-32P-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5320-48P-8XE—Switch Engine 31.6 and later.
• ExtremeSwitching 5320-24P-8XE—Switch Engine 31.6 and later.
• ExtremeSwitching 5320-16P-4XE—Switch Engine 31.7 and later.
• ExtremeSwitching 5320-16P-4XE-DC—Switch Engine 31.7 and later.
• 4220-12P-4X—Switch Engine 32.7.1 and later.
• 4220-24P-4X—Switch Engine 32.7.1 and later.
• 4220-48P-4X—Switch Engine 32.7.1 and later.
• 4220-4MW-8P-4X—Switch Engine 32.7.1 and later.
• 4220-4MW-20P-4X—Switch Engine 32.7.1 and later.
• 4220-8MW-40P-4X—Switch Engine 32.7.1 and later.

Switch Engine™ Command Reference Guide for version 32.7.1 623

PoE++ Commands

PoE++
• ExtremeSwitching 5520-24W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5520-48W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5520-12MW-36W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5420F-8W-16P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16MW-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16W-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-24W-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-16MW-32P-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-48W-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5720-24MW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-24MXW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-48MW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-48MXW—Switch Engine 32.1 and later.
• 4120-24MW-4Y—Switch Engine 32.7 1 and later.
• 4120-48MW-4Y—Switch Engine 32.7 1 and later.
• 4220-4MW-8P-4X—Switch Engine 32.7 1 and later.
• 4220-4MW-20P-4X—Switch Engine 32.7 1 and later.
• 4220-8MW-40P-4X—Switch Engine 32.7 1 and later.

configure inline-power detection ports

configure inline-power detection [802.3af-only | legacy-and-802.3af [4-
point | 2-point] | bypass] ports port_list

Description
This command configures PoE device detection mode for Extreme Networks
PoE devices and SummitStack. ExtremeSwitching platforms support per-port basis
configuration.

Syntax Description
802.3af-only IEEE 802.3af detection only.
legacy-and-802.3af Capacitive and IEEE 802.3aqf detection.
4-point Selects 4-point detection (default).
2-point Selects 2-point detection (for extended detection signature
range).
bypass No detection phase.
port_list Port list separated by a comma or - .

624 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Default is legacy-and-802.3af detection.

Usage Guidelines
None.

Example
# configure inline-power detection ports 1-2

History
This command was first available in ExtremeXOS 16.1.

4-point and 2-point detection options were added in ExtremeXOS 22.5.

Platform Availability
PoE

PoE+
• ExtremeSwitching 5420F-8W-16P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-24P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16MW-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16W-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-48P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-48P-4XL—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-16MW-32P-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5320-48P-8XE—Switch Engine 31.6 and later.
• ExtremeSwitching 5320-24P-8XE—Switch Engine 31.6 and later.
• ExtremeSwitching 5320-16P-4XE—Switch Engine 31.7 and later.
• ExtremeSwitching 5320-16P-4XE-DC—Switch Engine 31.7 and later.
• 4220-12P-4X—Switch Engine 32.7.1 and later.
• 4220-24P-4X—Switch Engine 32.7.1 and later.
• 4220-48P-4X—Switch Engine 32.7.1 and later.
• 4220-4MW-8P-4X—Switch Engine 32.7.1 and later.
• 4220-4MW-20P-4X—Switch Engine 32.7.1 and later.
• 4220-8MW-40P-4X—Switch Engine 32.7.1 and later.

Switch Engine™ Command Reference Guide for version 32.7.1 625

PoE++ Commands

PoE++
• ExtremeSwitching 5520-24W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5520-48W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5520-12MW-36W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5420F-8W-16P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16MW-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16W-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-24W-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-16MW-32P-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-48W-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5720-24MW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-24MXW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-48MW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-48MXW—Switch Engine 32.1 and later.
• 4120-24MW-4Y—Switch Engine 32.7 1 and later.
• 4120-48MW-4Y—Switch Engine 32.7 1 and later.
• 4220-4MW-8P-4X—Switch Engine 32.7 1 and later.
• 4220-4MW-20P-4X—Switch Engine 32.7 1 and later.
• 4220-8MW-40P-4X—Switch Engine 32.7 1 and later.

configure inline-power disconnect-precedence

configure inline-power disconnect-precedence [deny-port | lowest-
priority]

Description
Configures the disconnect precedence priority for the switch when a new PD is
detected and the measured inline power for that switch or specified slot is within 19
W of the switch’s or slot’s PoE power budget.

Syntax Description
deny-port Specifies power be denied to PD requesting power,
regardless of priority.
lowest-priority Specifies power be withdrawn from lowest-priority port(s)
when next PD requesting power connects.

Default
Deny-port.

626 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
You configure this parameter for the switch and for the entire SummitStack; you
cannot configure this per slot or per port.

If the power supplied to the PDs on a switch or specified slot exceeds the power that
was budgeted for that switch or specified slot, the system disconnects power to one or
more ports to prevent power overload.

You configure the switch to either deny power to the next PD that requests power
on that switch or slot, regardless of the priority, or to disconnect those PDs on ports
with lower priorities until there is enough power for the new PD. If you select this
last argument and you did not configure port priorities or if several ports have the
same priority, the switch withdraws power (or disconnects) those ports with the highest
port number (s). For information about configuring the PoE priority for the ports, see
configure inline-power priority ports

The default value is deny-port. So, if you do not change the default value and
the switch’s or slot’s power is exceeded, the next PD requesting power will not be
connected.

When the setting is lowest priority, the switch continues dropping ports with the lowest
configured PoE port priorities, or the highest port number in the case of equal PoE port
priorities, until there is enough power for the requesting PD.

When deny port is configured when ports are given priority, priority overtakes deny
port action.

Example
The following command sets the switch to withdraw power from the lowest-priority
port(s):
configure inline-power disconnect-precedence lowest-priority

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on:

PoE+
• ExtremeSwitching 5420F-8W-16P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-24P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16MW-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16W-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-48P-4XE—ExtremeXOS 31.3 and later.

Switch Engine™ Command Reference Guide for version 32.7.1 627

PoE++ Commands

• ExtremeSwitching 5420F-48P-4XL—ExtremeXOS 31.3 and later.

• ExtremeSwitching 5420M-16MW-32P-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5320-48P-8XE—Switch Engine 31.6 and later.
• ExtremeSwitching 5320-24P-8XE—Switch Engine 31.6 and later.
• ExtremeSwitching 5320-16P-4XE—Switch Engine 31.7 and later.
• ExtremeSwitching 5320-16P-4XE-DC—Switch Engine 31.7 and later.
• 4220-12P-4X—Switch Engine 32.7.1 and later.
• 4220-24P-4X—Switch Engine 32.7.1 and later.
• 4220-48P-4X—Switch Engine 32.7.1 and later.
• 4220-4MW-8P-4X—Switch Engine 32.7.1 and later.
• 4220-4MW-20P-4X—Switch Engine 32.7.1 and later.
• 4220-8MW-40P-4X—Switch Engine 32.7.1 and later.

PoE++
• ExtremeSwitching 5520-24W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5520-48W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5520-12MW-36W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5420F-8W-16P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16MW-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16W-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-24W-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-16MW-32P-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-48W-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5720-24MW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-24MXW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-48MW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-48MXW—Switch Engine 32.1 and later.
• 4120-24MW-4Y—Switch Engine 32.7 1 and later.
• 4120-48MW-4Y—Switch Engine 32.7 1 and later.
• 4220-4MW-8P-4X—Switch Engine 32.7 1 and later.
• 4220-4MW-20P-4X—Switch Engine 32.7 1 and later.
• 4220-8MW-40P-4X—Switch Engine 32.7 1 and later.

configure inline-power label ports

configure inline-power label [string | none] ports port_list

Description
Lets you create your own label for a specified PoE port or group of PoE ports.

628 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
string Specifies a name up to 15 characters in length to identify
the specified power port(s).
none Specifies to remove the label configuration.
port_list Specifies one or more ports or slots and ports.

Default
No label.

Usage Guidelines
Use the show inline-power configuration ports command, as shown in the
following example, to display inline power configuration information, including the
label (if any) for each port:

show inline-power configuration port 3:1-10

Following is sample output from this command on a SummitStack:

Port Config Operator Limit Priority Label

3:1 Enabled 16000 mW Low finance
3:2 Enabled 15000 mW Low finance
3:3 Enabled 15000 mW Low
3:4 Enabled 15000 mW Low
3:5 Enabled 15000 mW Low
3:6 Enabled 15000 mW Low marketing
3:7 Enabled 15000 mW Low marketing
3:8 Enabled 15000 mW Low marketing
3:9 Enabled 15000 mW Low
3:10 Enabled 15000 mW Low

Example
The following command assigns the name “alpha-test_1” to port 1 on slot 4:

config inline-power label alpha-test_1 ports 4:1

Example
The following command removes the label on port 1 on slot 4:

config inline-power label none ports 4:1

History
This command was first available in ExtremeXOS 11.1.

The none option was added in ExtremeXOS 32.6.

Switch Engine™ Command Reference Guide for version 32.7.1 629

Platform Availability Commands

Platform Availability
This command is available on:

PoE+
• ExtremeSwitching 5420F-8W-16P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-24P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16MW-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16W-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-48P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-48P-4XL—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-16MW-32P-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5320-48P-8XE—Switch Engine 31.6 and later.
• ExtremeSwitching 5320-24P-8XE—Switch Engine 31.6 and later.
• ExtremeSwitching 5320-16P-4XE—Switch Engine 31.7 and later.
• ExtremeSwitching 5320-16P-4XE-DC—Switch Engine 31.7 and later.
• 4220-12P-4X—Switch Engine 32.7.1 and later.
• 4220-24P-4X—Switch Engine 32.7.1 and later.
• 4220-48P-4X—Switch Engine 32.7.1 and later.
• 4220-4MW-8P-4X—Switch Engine 32.7.1 and later.
• 4220-4MW-20P-4X—Switch Engine 32.7.1 and later.
• 4220-8MW-40P-4X—Switch Engine 32.7.1 and later.

PoE++
• ExtremeSwitching 5520-24W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5520-48W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5520-12MW-36W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5420F-8W-16P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16MW-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16W-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-24W-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-16MW-32P-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-48W-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5720-24MW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-24MXW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-48MW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-48MXW—Switch Engine 32.1 and later.
• 4120-24MW-4Y—Switch Engine 32.7 1 and later.
• 4120-48MW-4Y—Switch Engine 32.7 1 and later.
• 4220-4MW-8P-4X—Switch Engine 32.7 1 and later.

630 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure inline-power operator-limit ports

• 4220-4MW-20P-4X—Switch Engine 32.7 1 and later.

• 4220-8MW-40P-4X—Switch Engine 32.7 1 and later.

configure inline-power operator-limit ports

configure inline-power operator-limit [milliwatts | class-based] ports
[all |port_list]

Description
Sets the power limit allowed for PDs connected to the specified ports.

Syntax Description
milliwatts An integer specifying the maximum allowed power in
milliwatts. Default is based on the port's class type (for
example, 30W, 60W, 90W).
class-based Specifies that the power limit is managed by the powered
device's class.
port_list Specifies one or more ports or slots and ports.

Default
PoE—15,400 mW.

PoE+—30,000 mW.

PoE++ Type 3—60,000 mW.

PoE++ Type 4—90,000 mW.

Usage Guidelines
This command sets the power limit that a PD can draw on the specified ports. For PoE,
the range is 3,000 to 16800mW and the default value is 15,400 mW. For PoE+, the range
is 3,000 to 32,000 mW and the default value is 30,000 mW. For PoE++ Type 3, the range
is 3,000 mW to 64,000 mW and the default value is 60,000 mW. For PoE++ Type 4, the
range is 3,000 mW to 98,000 mW and the default value is 90,000 mW.

If the measured power for a specified port exceeds the port’s operator limit, the power
is withdrawn from that port and the port moves into a fault state.

If you try to set an operator-limit outside the accepted range, the system returns the
following error message:
Error: Invalid operator-limit value. Must be in the range of 3000-90000 mW for PoE
802.3bt port

With a class-based operator-limit type, if a class4 PD is attached, then the operator-

limit set will be ignored and the switch will not deliver more than 30W to the PD.

Switch Engine™ Command Reference Guide for version 32.7.1 631

Example Commands

When class-based operator-limit is configured on a port, "Max Allowed Power" will

show the maximum power for the class of the attached PD. Without the class-based
option, "Max Allowed Power" will show the configured or default value of operator-limit.

Example
The following command sets the limit for legacy PDs on ports 3–6 of slot 5 on a
SummitStack to 10000 mW:
configure inline-power operator-limit 10000 ports 5:3-5:6

History
This command was first available in ExtremeXOS 11.1.

The class-based option was added in ExtremeXOS 32.3.

Platform Availability
This command is available on:

PoE+
• ExtremeSwitching 5420F-8W-16P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-24P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16MW-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16W-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-48P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-48P-4XL—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-16MW-32P-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5320-48P-8XE—Switch Engine 31.6 and later.
• ExtremeSwitching 5320-24P-8XE—Switch Engine 31.6 and later.
• ExtremeSwitching 5320-16P-4XE—Switch Engine 31.7 and later.
• ExtremeSwitching 5320-16P-4XE-DC—Switch Engine 31.7 and later.
• 4220-12P-4X—Switch Engine 32.7.1 and later.
• 4220-24P-4X—Switch Engine 32.7.1 and later.
• 4220-48P-4X—Switch Engine 32.7.1 and later.
• 4220-4MW-8P-4X—Switch Engine 32.7.1 and later.
• 4220-4MW-20P-4X—Switch Engine 32.7.1 and later.
• 4220-8MW-40P-4X—Switch Engine 32.7.1 and later.

PoE++
• ExtremeSwitching 5520-24W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5520-48W—ExtremeXOS 31.1 and later.

632 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure inline-power priority ports

• ExtremeSwitching 5520-12MW-36W—ExtremeXOS 31.1 and later.

• ExtremeSwitching 5420F-8W-16P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16MW-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16W-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-24W-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-16MW-32P-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-48W-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5720-24MW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-24MXW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-48MW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-48MXW—Switch Engine 32.1 and later.
• 4120-24MW-4Y—Switch Engine 32.7 1 and later.
• 4120-48MW-4Y—Switch Engine 32.7 1 and later.
• 4220-4MW-8P-4X—Switch Engine 32.7 1 and later.
• 4220-4MW-20P-4X—Switch Engine 32.7 1 and later.
• 4220-8MW-40P-4X—Switch Engine 32.7 1 and later.

configure inline-power priority ports

configure inline-power priority [critical | high | low] ports port_list

Description
Sets the PoE priority on the specified ports.

Syntax Description
critical | high | low Sets the PoE priority for the specified ports.
port_list Specifies one or more ports or slots and ports.

Default
Low.

Usage Guidelines
The system allocates power to those ports with the highest priorities first. This
command can also be used in conjunction with the configure inline-power
disconnect-precedence command. If you configure the disconnect precedence as
lowest priority, then newly detected PDs will be powered if that port has higher priority
than the existing powered ports.

If there are multiple ports at the same priority level (either configured or by default) and
one of the ports must have power withdrawn because of excessive power demands,

Switch Engine™ Command Reference Guide for version 32.7.1 633

Example Commands

those ports with the lower port number are powered first. The higher port numbers
have power withdrawn first in the case of equal PoE port priorities.

Example
The following command assigns a critical PoE priority on ports 4 – 6 on slot 3 on a
SummitSwitch:

configure inline-power priority critical ports 3:4-3:6

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on:

PoE+
• ExtremeSwitching 5420F-8W-16P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-24P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16MW-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16W-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-48P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-48P-4XL—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-16MW-32P-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5320-48P-8XE—Switch Engine 31.6 and later.
• ExtremeSwitching 5320-24P-8XE—Switch Engine 31.6 and later.
• ExtremeSwitching 5320-16P-4XE—Switch Engine 31.7 and later.
• ExtremeSwitching 5320-16P-4XE-DC—Switch Engine 31.7 and later.
• 4220-12P-4X—Switch Engine 32.7.1 and later.
• 4220-24P-4X—Switch Engine 32.7.1 and later.
• 4220-48P-4X—Switch Engine 32.7.1 and later.
• 4220-4MW-8P-4X—Switch Engine 32.7.1 and later.
• 4220-4MW-20P-4X—Switch Engine 32.7.1 and later.
• 4220-8MW-40P-4X—Switch Engine 32.7.1 and later.

PoE++
• ExtremeSwitching 5520-24W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5520-48W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5520-12MW-36W—ExtremeXOS 31.1 and later.

634 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure inline-power usage-threshold

• ExtremeSwitching 5420F-8W-16P-4XE—ExtremeXOS 31.3 and later.

• ExtremeSwitching 5420F-16MW-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16W-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-24W-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-16MW-32P-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-48W-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5720-24MW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-24MXW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-48MW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-48MXW—Switch Engine 32.1 and later.
• 4120-24MW-4Y—Switch Engine 32.7 1 and later.
• 4120-48MW-4Y—Switch Engine 32.7 1 and later.
• 4220-4MW-8P-4X—Switch Engine 32.7 1 and later.
• 4220-4MW-20P-4X—Switch Engine 32.7 1 and later.
• 4220-8MW-40P-4X—Switch Engine 32.7 1 and later.

configure inline-power usage-threshold

configure inline-power usage-threshold threshold

Description
Sets the inline power usage SNMP event threshold.

Syntax Description
threshold Specifies the percentage of budgeted power used on any PoE
switch that causes the system to send an SNMP event and
create a log message. The range 1 to 99; the default value is 70.

Default
70.

Usage Guidelines
This command sets the threshold for generating an SNMP event and an EMS message.
On a SummitStack, this threshold is when the measured power for a PoE module
compared to the budgeted power for that slot exceeds a certain value. On stand-alone
switches, this threshold applies to the total power available to the entire switch. The
configured threshold value initiates the event and message once that percentage of
the budgeted power is being used.

The system generates an additional SNMP event and EMS message once the power
usage falls below the threshold again; once the condition clears.

Switch Engine™ Command Reference Guide for version 32.7.1 635

Example Commands

Example
The following command sets the inline power usage alarm threshold at 75%:
configure inline-power usage-threshold 75

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on:

PoE+
• ExtremeSwitching 5420F-8W-16P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-24P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16MW-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16W-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-48P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-48P-4XL—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-16MW-32P-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5320-48P-8XE—Switch Engine 31.6 and later.
• ExtremeSwitching 5320-24P-8XE—Switch Engine 31.6 and later.
• ExtremeSwitching 5320-16P-4XE—Switch Engine 31.7 and later.
• ExtremeSwitching 5320-16P-4XE-DC—Switch Engine 31.7 and later.
• 4220-12P-4X—Switch Engine 32.7.1 and later.
• 4220-24P-4X—Switch Engine 32.7.1 and later.
• 4220-48P-4X—Switch Engine 32.7.1 and later.
• 4220-4MW-8P-4X—Switch Engine 32.7.1 and later.
• 4220-4MW-20P-4X—Switch Engine 32.7.1 and later.
• 4220-8MW-40P-4X—Switch Engine 32.7.1 and later.

PoE++
• ExtremeSwitching 5520-24W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5520-48W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5520-12MW-36W—ExtremeXOS 31.1 and later.
• ExtremeSwitching 5420F-8W-16P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16MW-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420F-16W-32P-4XE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-24W-4YE—ExtremeXOS 31.3 and later.
• ExtremeSwitching 5420M-16MW-32P-4YE—ExtremeXOS 31.3 and later.

636 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure instant-port profile

• ExtremeSwitching 5420M-48W-4YE—ExtremeXOS 31.3 and later.

• ExtremeSwitching 5720-24MW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-24MXW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-48MW—Switch Engine 32.1 and later.
• ExtremeSwitching 5720-48MXW—Switch Engine 32.1 and later.
• 4120-24MW-4Y—Switch Engine 32.7 1 and later.
• 4120-48MW-4Y—Switch Engine 32.7 1 and later.
• 4220-4MW-8P-4X—Switch Engine 32.7 1 and later.
• 4220-4MW-20P-4X—Switch Engine 32.7 1 and later.
• 4220-8MW-40P-4X—Switch Engine 32.7 1 and later.

configure instant-port profile

configure instant-port profile profile_name [ assign | unassign (ports
port_list)]

Description
Configures an Instant Port profile.

Syntax Description
profile Specifies an Instant Port profile.
profile_name Specifies the name of the Instant Port profile.
assign Assigns ports to the Instant Port profile.
unassign Unassigns ports to the Instant Port profile.
port Specifies a port.
port_list Specifies a list of ports.

Default
N/A.

Usage Guidelines
This command allows you to configure an Instant Port profile.

Example
The following example configures the instant port profile named “my-profile”.
# configure instant-port profile my-profile

Switch Engine™ Command Reference Guide for version 32.7.1 637

History Commands

History
This command was first available in version 32.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ip anycast mac

configure ip anycast mac [none | mac]

Description
Specifies the anycast gateway MAC address that is used by VLANs that enable IP
anycast.

Syntax Description
ip Layer 3 Internet Protocol.
anycast Configures IP anycast.
mac Configures the IP anycast MAC address for VLANs with IP
anycast enabled.
none Unconfigures the previously configured MAC address.
mac Specifies the MAC address.

Default
N/A.

Usage Guidelines
Use this command to specify the same IP address and MAC address on all edge
technology devices. This allows seamless IP mobility in the network for edge devices.
Using the none option unconfigures the previously set MAC address.

Example
The following example specifies the MAC address as 00:00:AB:BA:BA:BA:
# configure ip anycast mac 00:00:AB:BA:BA:BA

History
This command was first available in ExtremeXOS 30.6.

638 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure ip nat add vlan

configure ip nat add {vlan} vlan_name direction [ingress | egress |
both]

Description
Adds VLANs to the Network Address Translation (NAT).

Syntax Description
ip Specifies Internet Protocol (IP).
nat Specifies enabling NAT.
add Specifies adding a VLAN.
vlan Specifies adding a VLAN.
vlan_name Specifies the VLAN to add.
direction Configures directions for NAT translation on this VLAN.
ingress Configures VLAN as an ingress VLAN for NAT. Dynamic port
translation rules are created for flows ingressing on this
VLAN.
egress Configures VLAN as an egress VLAN for NAT. Dynamic port
translation rules are not created for flows ingressing on this
VLAN.
both Configures VLAN for NAT in both directions. Dynamic port
translation rules are created for flows ingressing on this
VLAN.

Default
N/A.

Usage Guidelines
For NAT Port Translation (NAPT), dynamic NAPT rules are created for traffic coming on
VLANs whose direction is configured as “ingress” or “both”.

To delete a VLAN, run the command configure ip nat delete {vlan} vlan_name.

Example
The following example adds the VLAN "vlan1" to NAT as an ingress VLAN:
# configure ip nat add vlan vlan1 direction ingress

Switch Engine™ Command Reference Guide for version 32.7.1 639

History Commands

History
This command was first available in ExtremeXOS 31.2.

Platform Availability
This command is available on the switches that support the IP NAT feature.
For information about which switches support this and other features, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure ip nat aging-time

configure ip nat aging-time [minutes | none]

Description
Configures the time after which dynamic IP Network Address Translation (NAT) entries
that are not active are removed.

Syntax Description
ip Specifies Internet Protocol (IP).
nat Specifies NAT.
aging-time Configures the time after which dynamic IP Network
Address Translation (NAT) entries that are not active are
removed.
minutes Specifies the aging time in minutes. The default is 20
minutes. The range is 10 to 3,000 minutes.
none Specifies not perform aging of NAT entries.

Default
By default, the aging time is 20 minutes.

Usage Guidelines

Example
The following example configures the NAT aging time to 45 minutes.
# configure ip nat aging-time 45

History
This command was first available in ExtremeXOS 31.2.

640 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on the switches that support the IP NAT feature.
For information about which switches support this and other features, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure ip nat delete vlan

configure ip nat delete {vlan} vlan_name

Description
Deletes VLANs from the Network Address Translation (NAT).

Syntax Description
ip Specifies Internet Protocol (IP).
nat Specifies enabling NAT.
delete Specifies deleting a VLAN.
vlan Specifies deleting a VLAN.
vlan_name Specifies the VLAN to delete.

Default
N/A.

Usage Guidelines
To add a VLAN, run the command configure ip nat add {vlan} vlan_name
direction [ingress | egress | both].

Example
The following example deletes the VLAN "vlan1" from NAT:
# configure ip nat delete vlan vlan1

History
This command was first available in ExtremeXOS 31.2.

Platform Availability
This command is available on the switches that support the IP NAT feature.
For information about which switches support this and other features, see the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 641

configure ip nat rule destination Commands

configure ip nat rule destination

configure ip nat rule rule_name destination [[dst_ip_addr new-
destination new_dst_ip_addr {{vr} vr_name}] | none]

Description
Configures the IP address that is to be translated and the IP address to which this is to
be translated for destination Network Address Port (NAT) rules.

Syntax Description
ip Specifies Internet Protocol (IP).
nat Specifies NAT.
rule Specifies NAT rule.
rule_name Specifies the NAT rule name.
destination Specifies modifying the destination IP address.
dst_ip_addr Specifies the destination IP address that needs to be
translated.
new-destination Specifies a destination IP address after translation.
new_dst_ip_addr Specifies the destination IP address after translation.
vr Specifies a virtual router (VR) on which the packet is sent
out after translation.
vr_name Specifies an existing VR/VRF name on which the packet is
sent out on after translation. If not specified, the VR context
from where this command is executed is used.
none Deletes the IP address configuration.

Default
If no VR is specified, the current VR context is used.

Usage Guidelines
This command configures the destination NAT rule address information. To
configure the source information, run the command configure ip nat rule
rule_name source [[[src_ip_addr src_mask | src_ipNetmask ] {{source-vr}
src_vr_name} new-source new_src_ip_addr] | none].

642 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example configures the rule named "ipOnlyRule" to translate the
destination the IP address from 121.144.169.196 to 10.20.30.40. The egress VLAN is present
in the VR "VR-user-out":
# configure ip nat rule ipOnlyRule destination 121.144.169.196 new-destination
10.20.30.40 vr VR-user-out

History
This command was first available in ExtremeXOS 31.2.

Platform Availability
This command is available on the switches that support the IP NAT feature.
For information about which switches support this and other features, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure ip nat rule destination protocol

configure ip nat rule rule_name destination protocol [[[tcp | udp |
protocol_num] port port_num new-port new_port_num] | none]

Description
Configures the protocol that is to be translated and the protocol to which this is to be
translated for destination Network Address Translation (NAT) rules.

Syntax Description
ip Specifies Internet Protocol (IP).
nat Specifies NAT.
rule Specifies configuring NAT rules.
rule_name Specifies the NAT rule name.
destination Specifies modifying the destination L4 port number.
protocol Selects the translates IP protocol.
tcp Specifies Transmission Control Protocol (TCP).
udp Specifies User Datagram Protocol (UDP).
protocol_num Specifies the IP protocol number. The range is 1 to 255.
port Specifies modifying an L4 port.
port_num Specifies the L4 port number that needs to be translated.
new-port Specifies the L4 port after translation.
new_port_num Specifies the L4 port number after translation.
none Deletes the protocol configuration.

Switch Engine™ Command Reference Guide for version 32.7.1 643

Default Commands

Default
N/A.

Usage Guidelines

Example
The following example specifies for rule "rule1" that the destination protocol is TCP and
the port is translated from port 1 to port 2:
# configure ip nat rule rule1 destination protocol tcp port 1 new-port 2

History
This command was first available in ExtremeXOS 31.2.

Platform Availability
This command is available on the switches that support the IP NAT feature.
For information about which switches support this and other features, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure ip nat rule egress

configure ip nat rule rule_name egress {vlan} vlan_name

Description
Configures the egress VLAN on which the translated traffic is sent out on.

Syntax Description
ip Specifies Internet Protocol (IP).
nat Specifies NAT.
rule Specifies configuring NAT rules.
rule_name Specifies the NAT rule name.
egress Specifies configuring the NAT egress VLAN.
vlan Specifies the NAT egress VLAN.
vlan_name Specifies the NAT egress VLAN name.

Default
N/A.

644 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
To create an IP NAT rule, run the command create ip nat rule rule_name type
[ source-nat | napt | destination-napt].

Example
The following example configures the VLAN "VLAN1" as the egress VLAN for IP NAT rule
"rule2":
# configure ip nat rule rule2 egress vlan vlan1

History
This command was first available in ExtremeXOS 31.2.

Platform Availability
This command is available on the switches that support the IP NAT feature.
For information about which switches support this and other features, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure ip nat rule monitor

configure ip nat rule rule_name monitor [on | off]

Description
Enables or disables statistics monitoring (byte/packet counters) on a Network Address
Translation (NAT) rule in the outward direction and counts Tx counters.

Syntax Description
ip Specifies Internet Protocol (IP).
nat Specifies NAT.
rule Specifies a NAT rule.
rule_name Specifies the name of the NAT rule to enable monitoring.
monitor Specifies enabling monitoring.
on Enables monitoring.
off Disables monitoring.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 645

Usage Guidelines Commands

Usage Guidelines
This command enables/disables statistics monitoring (byte/packet counters) on a NAT
rule in the outward direction and counts Tx counters only. There is no provision for Rx
counters.

Example
The following example enables monitoring on the NAT rule "rule1":
# configure ip nat rule rule1 monitor on

The following example disables monitoring on the NAT rule "rule1":

# configure ip nat rule rule1 monitor off

History
This command was first available in ExtremeXOS 31.2.

Platform Availability
This command is available on the switches that support the IP NAT feature.
For information about which switches support this and other features, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure ip nat rule name

configure ip nat rule rule_name name new_rule_name

Description
Changes the name of an IP Network Address Translation (NAT) rule.

Syntax Description
ip Specifies Internet Protocol (IP).
nat Specifies NAT.
rule Specifies configuring NAT rules.
rule_name Specifies the current NAT rule name.
name Specifies providing a new NAT rule name.
new_rule_name Specifies the new NAT rule name.

Default
N/A.

646 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines

Example
The following example changes the name of the IP NAT rule "old_rule_name" to
"new_rule_name":
# configure ip nat rule old_rule_name name new_rule_name

History
This command was first available in ExtremeXOS 31.2.

Platform Availability
This command is available on the switches that support the IP NAT feature.
For information about which switches support this and other features, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure ip nat rule source

configure ip nat rule rule_name source [[[src_ip_addr src_mask |
src_ipNetmask ] {{source-vr} src_vr_name} new-source new_src_ip_addr]
| none]

Description
Configures the IP address that is to be translated and the IP address to which this is to
be translated for source Network Address Translation (NAT) rules.

Syntax Description
ip Specifies Internet Protocol (IP).
nat Specifies NAT.
rule Specifies NAT rule.
rule_name Specifies the NAT rule name.
source Specifies modifying the source IP address.
src_ip_addr Specifies the source IP address that needs to be translated.
src_mask Specifies source IP address mask.
src_ipNetmask Specifies source IP address/netmask.
source-vr Specifies a virtual router (VR) on which the packet to be
translated arrives.
src_vr_name Specifies an existing VR/VRF name on which the packet to
be translated arrives. If not specified, the VR context from
where this command is executed is used.

Switch Engine™ Command Reference Guide for version 32.7.1 647

Default Commands

new-source Specifies a source IP address after translation.

new_src_ip_addr Specifies the source IP address after translation.
none Deletes the IP address configuration.

Default
If no VR is specified, the current VR context is used.

Usage Guidelines
This command configures the source NAT rule address information. To configure
the destination information, run the command configure ip nat rule
rule_name destination [[dst_ip_addr new-destination new_dst_ip_addr
{{vr} vr_name}] | none] .

The incoming and outgoing VLANs on the NAT router can be on different VRs. The
VR on which the packet arrives is configured in this command. The packet after
translation is sent out on the configured egress VLAN (configure ip nat add {vlan}
vlan_name direction [ingress | egress | both]).

For a source-NAT rule (where either source or destination IP address is only translated),
the source mask has to be specified as /32 or 255.255.255.255.

Example
The following example configures the rule named "ipOnlyRule" to translate the source
the IP address from 10.20.30.40 to 121.144.169.196. The ingress VLAN is present in the VR
"VR-user-in":
# configure ip nat rule ipOnlyRule source 10.20.30.40/32 source-vr VR-user-in new-source
121.144.169.196

History
This command was first available in ExtremeXOS 31.2.

Platform Availability
This command is available on the switches that support the IP NAT feature.
For information about which switches support this and other features, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure iparp add proxy

configure iparp add proxy [ipNetmask | ip_addr {mask}] {vr vr_name} {mac
| vrrp} {always}

648 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures the switch to respond to ARP requests on behalf of devices that are
incapable of doing so.

Syntax Description
ipNetmask Specifies an IP address/mask length.
ip_addr Specifies an IP address.
mask Specifies a subnet mask.
vr_name Specifies a VR name.
mac Specifies a MAC address to use in the ARP reply.
vrrp Specifies a MAC address to use in the ARP reply. For VLANs
running VRRP, the switch replies with the VRRP virtual
MAC. For non-VRRP VLANs, the switch replies with the
switch MAC.
always Specifies that the switch responds regardless of the VLAN
that the request arrives from.

Default
If you do not specify a VR or VRF, the current VR context is used.

Usage Guidelines
When mask is not specified, an address with the mask 255.255.255.255 is assumed.
When neither mac nor vrrp is specified, the MAC address of the switch is used in the
ARP response. When always is specified, the switch answers ARP requests without
filtering requests that belong to the same subnet of the receiving router interface.

After IP ARP is configured, the system responds to ARP requests on behalf of the device
as long as the following conditions are satisfied:
• The valid IP ARP request is received on a router interface.
• The target IP address matches the IP address configured in the proxy ARP table.
• The source IP address is not on the same subnet as the target address (unless the
always flag is set).

After all the proxy ARP conditions have been met, the switch formulates an ARP
response using the configured MAC address in the packet.

The default maximum number of proxy entries is 256, but can be increased to 4096 by
using the following command:
configure iparp max_proxy_entries max_proxy_entries

Switch Engine™ Command Reference Guide for version 32.7.1 649

Example Commands

Example
The following example configures the switch to answer ARP requests for all devices
with the address range of 100.101.45.1 to 100.101.45.255:
configure iparp add proxy 100.101.45.0/24

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure iparp add

configure iparp add ip_addr {vr vr_name} mac

Description
Adds a permanent entry to the ARP table. You must specify the IP address and MAC
address of the entry.

Syntax Description
ip_addr Specifies an IP address.
vr_name Specifies a VR name.
mac Specifies a MAC address.

Default
If you do not specify a VR or VRF, the current VR context is used.

Usage Guidelines
None.

Example
The following example adds a permanent IP ARP entry to the switch for IP address
10.1.2.5:
configure iparp add 10.1.2.5 00:11:22:33:44:55

History
This command was first available in ExtremeXOS 10.1.

650 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure iparp delete proxy

configure iparp delete proxy [[ipNetmask | ip_addr {mask}] {vr vr_name}
| all]

Description
Deletes one or all proxy ARP entries.

Syntax Description
ipNetmask Specifies an IP address/mask length.
ip_addr Specifies an IP address.
mask Specifies a subnet mask.
vr_name Specifies a VR name.
all Specifies all ARP entries.

Default
If you do not specify a VR or VRF, the current VR context is used.

Usage Guidelines
When the mask is not specified, the software assumes a host address (that is, a 32-bit
mask).

Example
The following command deletes the IP ARP proxy entry 100.101.45.0/24:

configure iparp delete proxy 100.101.45.0/24

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 651

configure iparp delete Commands

configure iparp delete

configure iparp delete ip_addr {vr vr_name}

Description
Deletes an entry from the ARP table.

Syntax Description
ip_addr Specifies an IP address.
vr_name Specifies a VR name.

Default
If you do not specify a VR or VRF, the current VR context is used.

Usage Guidelines
Removes any IP ARP entry (dynamic or permanent) from the table. You must specify
the IP address of the entry to delete the entry.

Example
The following command deletes an IP address entry from the ARP table:
configure iparp delete 10.1.2.5

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ip-arp fast-convergence

configure ip-arp fast-convergence [on | off]

Description
This command improves IP convergence for IP traffic.

652 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
on Fast-convergence on.
off Fast-convergence off (default).

Default
Off.

Usage Guidelines
Use this command for quick recovery when running IP traffic over an EAPS ring.

Example
The following example shows output from the configure ip-arp fast-convergence on
command:
# show iparp
VR Destination Mac Age Static VLAN VID Port
VR-Default 10.109.1.2 00:04:96:52:2b:16 0 NO box1-box2 950 3
VR-Default 10.109.1.6 00:04:96:52:2a:f2 0 NO box1-box3 951 1
Dynamic Entries : 2 Static Entries : 0
Pending Entries : 0
In Request : 1 In Response : 1
Out Request : 1 Out Response : 1
Failed Requests : 0
Proxy Answered : 0
Rx Error : 0 Dup IP Addr : 0.0.0.0
Rejected Count : Rejected IP :
Rejected Port : Rejected I/F :
Max ARP entries : 8192 Max ARP pending entries : 256
ARP address check: Enabled ARP refresh : Enabled
Timeout : 20 minutes ARP Sender-Mac Learning : Disabled
Locktime : 1000 milliseconds
Retransmit Time : 1000 milliseconds
Reachable Time : 900000 milliseconds (Auto)
Fast Convergence : Off

# show iparp
VR Destination Mac Age Static VLAN VID Port
VR-Default 10.109.1.2 00:04:96:52:2b:16 1 NO box1-box2 950 3
VR-Default 10.109.1.6 00:04:96:52:2a:f2 1 NO box1-box3 951 1
Dynamic Entries : 2 Static Entries : 0
Pending Entries : 0
In Request : 1 In Response : 1
Out Request : 1 Out Response : 1
Failed Requests : 0
Proxy Answered : 0
Rx Error : 0 Dup IP Addr : 0.0.0.0
Rejected Count : Rejected IP :
Rejected Port : Rejected I/F :
Max ARP entries : 8192 Max ARP pending entries : 256
ARP address check: Enabled ARP refresh : Enabled
Timeout : 20 minutes ARP Sender-Mac Learning : Disabled
Locktime : 1000 milliseconds
Retransmit Time : 1000 milliseconds

Switch Engine™ Command Reference Guide for version 32.7.1 653

History Commands

Reachable Time : 900000 milliseconds (Auto)

Fast Convergence : On

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure iparp locktime

configure iparp {vr vr_name}{locktime locktime}

Description
Sets the time before a new entry can replace an old entry in the Address Resolution
Protocol (ARP) table.

Syntax Description
vr Specifies setting a VR or VRF.
vr_name Specifies the name of the VR or VRF.
locktime Specifies setting a time before a new entry can replace an
old entry.
locktime Sets locktime value (range 0–30,000 milliseconds). Default
1,000 milliseconds.

Default
The default locktime is 1,000 milliseconds.

Example
The following example sets the locktime to 5,000 milliseconds:
configure iparp locktime 5000

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

654 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure iparp max_entries

configure iparp max_entries

configure iparp max_entries max_entries

Description
Configures the maximum allowed IP ARP entries.

Syntax Description
max_entries Specifies the maximum number of IP ARP entries. The
range is 1 to x, where x is the number listed for the
appropriate platform in table below.

Default
The default value is 12,288, which is the combined value for all VRs, since VR-based
maximum entries is not supported starting with ExtremeXOS 30.1.

Usage Guidelines
The maximum IP ARP entries include dynamic, static, and incomplete IP ARP entries.
The range for the max_entries parameter is 1 to x, where x is the number listed for the
appropriate platform in the following table.

Table 10: Maximum IP ARP Entries for each Platform

Distributed IP ARP Feature Configuration
Maximum Entries Off (Default) On
157,696 N/A N/A

Starting with ExtremeXOS 30.1, the maximum configurable limit for IP ARP maximum
entries is 157,696 for all platforms. A message appears if the configured value exceeds
the theoretical hardware maximum limit depending on the platform.

Example
The following example sets the maximum IP ARP entries to 2000 entries:
configure iparp max_entries 2000

History
This command was first available in ExtremeXOS 10.1.

Support for up to 32,768 ARP entries was first available in ExtremeXOS 12.4.

Per virtual router capability deprecated and the maximum configurable limit changed
to 157, 696 in ExtremeXOS 30.1.

Switch Engine™ Command Reference Guide for version 32.7.1 655

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure iparp max_pending_entries

configure iparp max_pending_entries max_pending_entries

Description
Configures the maximum allowed incomplete IP ARP entries.

Syntax Description
max_pending_entries Specifies a number of maximum IP ARP entries.

Default
256.

Usage Guidelines
Range: 1–4,096.

Example
The following example sets the maximum pending IP ARP entries to 500 entries:
configure iparp max_pending_entries 500

History
This command was first available in ExtremeXOS 10.1.

Per virtual router capability deprecated in ExtremeXOS 30.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure iparp max_proxy_entries

configure iparp max_proxy_entries max_proxy_entries

Description
Configures the maximum allowed IP ARP proxy entries.

656 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
max_proxy_entries Specifies maximum number of IP ARP proxy entries.

Default
256.

Usage Guidelines
Range: 0–4,096.

Example
The following example sets the maximum IP ARP proxy entries to 500 entries:
configure iparp max_proxy_entries 500

History
This command was first available in ExtremeXOS 11.0.

Per virtual router capability removed in ExtremeXOS 30.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure iparp proxy reachable | entry-required

configure iparp proxy [vlan all | {vlan} vlan_name] [reachable | entry-
required]

Description
Configures whether the switch replies to ARP requests on the specified VLAN by proxy
ARP if the route to the IP address is reachable, or only if proxy ARP entries have been
created.

Syntax Description
vlan Selects VLAN(s) for the ARP requests.
vlan_name Specifies VLAN name for the ARP requests.
all Specifies all VLANs for the ARP requests.

Switch Engine™ Command Reference Guide for version 32.7.1 657

Default Commands

reachable Specifies that the switch replies to ARP requests on the

specified VLAN(s) by proxy ARP if the route to IP address
is reachable. Configuration of proxy ARP entries is not
required.
entry-required Specifies that the switch replies to ARP requests on the
specified VLAN(s) by proxy ARP only if proxy ARP entries
have been created. (Default)

Default
The default behavior is for the switch to reply to ARP requests on the specified VLAN(s)
by proxy ARP only if proxy ARP entries have been created.

Usage Guidelines
If an ARP request is received by the switch, it checks the ExtremeXOS proxy ARP table
(user adds the entries through the CLI). If it is present, an ARP reply is sent. If not
present, it searches for the entry in the kernel route table. If this IP address is reachable,
then the ARP reply is sent.

The following table summarizes the this command's behavior:

reachable entry-required
(or command not
configured)
Entry present in proxy ARP Reply to ARP request Reply to ARP request
Table (static entry added
through command configure
iparp add on page 650)
Static entry not present in Reply to ARP request if No reply to ARP request
proxy ARP table route is reachable
No static entry, but route Reply to ARP request
reachable.
No static entry and route is not No reply to ARP request
reachable
Static entry present and route Reply to ARP request
is reachable
No static entry and route is not No reply to ARP request
reachable
Route reachable Reply to ARP request
Route not reachable No reply to ARP request

Example
The following example configures the switch to reply to ARP requests on all VLANs by
proxy ARP if the route to IP address is reachable:
configure iparp proxy vlan all reachable

658 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 22.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure iparp reachable-time

configure iparp {reachable-time [auto | {reachable_time [seconds |
milliseconds]}]}

Description
Sets the value for Address Resolution Protocol (ARP) reachable time

Syntax Description
reachable-time Specifies setting the ARP reachable time.
reachable_time Sets the value for the ARP reachable time (range is 1–
1,474,515,000 milliseconds or 1–1,474,515 seconds).
auto Specifies having the ARP reachable time set automatically
to 3/4 of the configured ARP timeout (default).
milliseconds When setting the reachable time value, specifies
milliseconds as the time unit (range is 1–1,474,515,000).
seconds When setting the reachable time value, specifies seconds
(range is 1–1,474,515) as the time unit (default).

Default
The default setting is for the reachable time to be set automatically to 3/4 of the
configured ARP timeout. If you set the time manually, the default unit of measure for
the value is seconds.

Example
The following example sets the reachable time to 500,000 seconds:
configure iparp reachable-time 500000 seconds

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 659

configure iparp retransmit-time Commands

configure iparp retransmit-time

configure iparp {retransmit-time retransmit_time}

Description
Sets the value for Address Resolution Protocol (ARP) retransmit time

Syntax Description
retransmit-time Specifies setting the retransmit time.
retransmit_time Sets the retransmit time value (range is 1–4,294,967
seconds or 1–4,294,967,295 milliseconds). Default is 1
second.
milliseconds When setting the retransmit time value, specifies
milliseconds as the time unit (range is 1–4,294,967,295).
seconds When setting the retransmit time value, specifies seconds
(range is 1–4,294,967) as the time unit (default).

Default
The default setting for the retransmit time is 1 second. The default unit of measure is
seconds.

Example
The following example sets the retransmit time to 500,000 seconds:
configure iparp retransmit-time 500000 seconds

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure iparp timeout

configure iparp timeout {vr vr_name} minutes

Description
Configures the IP ARP timeout period.

660 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vr_name Specifies which VR or VRF IP ARP setting to change.
minutes Specifies a time in minutes.

Default
20 minutes.

If you do not specify a VR or VRF, the current VR context is used.

Usage Guidelines
The range is 0-32,767. A setting of 0 disables timeout.

When the switch learns an ARP entry, it begins the timeout for that entry. When the
timer reaches 0, the entry is aged out, unless IP ARP refresh is enabled. If ARP refresh
is enabled, the switch sends an ARP request for the address before the timer expires. If
the switch receives a response, it resets the timer for that address.

Newly configured ARP timeout values apply only to ARP entries that are learned
after the new value is set. Previously learned ARP entries timeout after the previously
configured time.

Example
The following command sets the IP ARP timeout period to 10 minutes:

configure iparp timeout 10

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ipforwarding originated-packets

configure ipforwarding originated-packets [require-ipforwarding | dont-
require-ipforwarding]

Description
Configures whether IP forwarding must be enabled on a VLAN before transmitting IP
packets originated by the switch on that VLAN to a gateway.

Switch Engine™ Command Reference Guide for version 32.7.1 661

Syntax Description Commands

Syntax Description
require-ipforwarding Specifies that IP forwarding must be enabled on a VLAN
before IP packets that originate on the switch can be
transmitted to a gateway.
dont-require- Specifies that all IP packets that originate on the switch
ipforwarding can be transmitted, regardless of the IP forwarding
configuration to the gateway.

Default
dont-require-ipforwarding.

Usage Guidelines
To display the current setting for this command, use the show ipconfig command.

Example
The following command configures the switch to transmit switch-originated packets to
gateways only on those VLANs for which IP forwarding is enabled:

configure ipforwarding originated-packets require-ipforwarding

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all platforms that use the Edge, Advanced Edge, or
Core license. For information on the licenses available for each platform, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure ipmcforwarding
configure ipmcforwarding to-cpu [auto | off] ports port_list

Description
Configure whether IP multicast CPU filters are installed automatically.

662 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
auto The software will automatically program IP multicast
processing based on configuration.
off IP multicast packets received on this port are always
flooded with no CPU processing.
port_list Specifies on or more ports.

Default
N/A.

Usage Guidelines
IP forwarding and IPMC forwarding must be enabled for the configuration to operate.

Example
The following example configures automatic operation for port 2.1:
configure ipmcforwarding to-cpu auto ports 2.1

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure ipmroute add

configure ipmroute add [default | source-net mask-len | source-net mask]
{{protocol} protocol} rpf-address {metric} {vr vr-name}

Description
Adds a static multicast route to the multicast routing table.

Syntax Description
default Specifies default gateway.
source-net Specifies an IP address/mask length.

Switch Engine™ Command Reference Guide for version 32.7.1 663

Default Commands

mask-len Mask length for the IP multicast source's subnet. Range is

[1-32].
mask Specifies a subnet mask.
protocol Unicast routing protocol that is to be used for route
learning.
rpf-address Next hop through which the multicast source can be
reached.
metric Specifies a cost metric.
vr-name Specifies the virtual router to which the route is added.

Default
The following defaults apply:
• metric—1
• vr-name—VR of the current CLI context
• protocol—none

Usage Guidelines
This command allows you to statically configure where multicast sources are located
(even though the unicast routing table has different entries). It allows you to configure
a multicast static route in such a way as to have non-congruent topology for Unicast
and Multicast topology and traffic.

Example
The following example configures a multicast static route for all multicast sources
within network subnet 192.168.0.0/16. Those sources are reachable through the gateway
192.75.0.91.
configure ipmroute add 192.168.0.0/16 192.75.0.91

The following example configures multicast static route for all sources via a single
gateway with a metric of 100:
configure ipmroute add 0.0.0.0/0 192.75.0.91 100

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

664 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure ipmroute delete

configure ipmroute delete

configure ipmroute delete [default | source-net/mask-len | source-net
mask] {{protocol} protocol} rpf-address {vr vr-name}

Description
Deletes a static multicast address from the multicast routing table.

Syntax Description
default Specifies default gateway.
source-net Specifies an IP address/mask length.
mask-len Mask length for the IP multicast source's subnet. Range is
1–32.
mask Specifies a subnet mask.
protocol Unicast routing protocol that is to be used for route
learning.
rpf-address Next hop through which the multicast source can be
reached.
vr-name Specifies the virtual router to which the route is added.

Default
vr-name is the VR of the current CLI context.

Usage Guidelines
This command allows you to delete an existing multicast static route. It allows you to
configure congruent topology for unicast and multicast packets and traffic.

Example
The following example deletes a multicast static route:
configure ipmroute delete 192.168.0.0/16 192.75.0.91

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 665

configure ip-mtu vlan Commands

configure ip-mtu vlan

configure ip-mtu mtu [ {vlan} vlan_name | vlan vlan_list]

Description
Sets the maximum transmission unit (MTU) for the VLAN.

Syntax Description
mtu Specifies the IP maximum transmission unit (MTU) value.
Range is from 1500 to 9194. However, CLI will allow the
maximum limit upto 9216 considering port configuration
such as tagging which influences L2 Header size. But the
values greater than 9194 may lead to packet loss and hence
not recommended.
vlan_name Specifies a VLAN name.
vlan_list Specifies a VLAN list of IDs.

Default
The default IP MTU size is 1500.

Usage Guidelines
Use this command to enable jumbo frame support or for IP fragmentation with jumbo
frames. Jumbo frames are Ethernet frames that are larger than 1522 bytes, including
4 bytes used for CRC. Both endstations involved in the transfer must be capable of
supporting jumbo frames. The switch does not perform IP fragmentation or participate
in MTU negotiation on behalf of devices that do not support jumbo frames.

When enabling jumbo frames and setting the MTU size for the VLAN, keep in mind
that some network interface cards (NICs) have a configured maximum MTU size that
does not include the additional 4bytes of CRC included in a jumbo frame configuration.
Ensure that the NIC maximum MTU is at or below the maximum MTU size configured
on the switch. Frames that are larger than the MTU size configured on the switch are
dropped at the ingress port.

If you use IP fragmentation with jumbo frames and you want to set the MTU size
greater than 1500, all ports in the VLAN must have jumbo frames enabled.

Example
The following example sets the MTU size to 2000 for VLAN sales:
configure ip-mtu 2000 vlan sales

666 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was available in ExtremeXOS 11.0.

The vlan_list option was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure iproute add (IPv4)

configure iproute add [ipNetmask | ip_addr mask] gateway {bfd}
{metric} {multicast | multicast-only | unicast | unicast-only} {vlan
egress_vlan} {vr vrname}

Description
Adds a static route to the specified routing table.

Syntax Description
ipNetmask Specifies an IP address/mask length.
ip_addr Specifies an IP address.
mask Specifies a subnet mask.
gateway Specifies a gateway IP address.
bfd Enables Bidirectional Forwarding Detection (BFD)
protection for the route.

Note: You must type this keyword before specifying a

VLAN.

metric Specifies a cost metric.

multicast Adds the specified route to the multicast routing table.
multicast-only Adds the specified route to the multicast routing table.
This option is provided for backward compatibility with
releases prior to ExtremeXOS release 12.1.
unicast Adds the specified route to the unicast routing table.
unicast-only Adds the specified route to the unicast routing table. This
option is provided for backward compatibility with releases
prior to ExtremeXOS Release 12.1.
vlan Specifies the egress VLAN name used for an Inter-VR route.
vrname Specifies the VR or VRF to which the route is added.

Default
If you do not specify a VR or VRF, the current VR context is used.

Switch Engine™ Command Reference Guide for version 32.7.1 667

Usage Guidelines Commands

Usage Guidelines
Use a mask value of 255.255.255.255 to indicate a host entry.

The gateway address must be present on a directly attached subnet, or the following
message appears:
ERROR: Gateway is not on directly attached subnet

The gateway address must be different from loop back address or local addresses, or
the following message appears:
ERROR: Gateway cannot be local or loop back address

Note
Although dynamic unicast routes can be captured in the multicast routing
table, unicast static routes cannot be captured in the multicast routing table.
To create a static route for the multicast routing table, you must specify the
multicast option.

This command can add BFD protection to a link only when the BFD client at each end
of the link is enabled (see the configure iproute add (IPv4) command).

Once the BFD session is established, the operational status of the route reflects the
operational status of the BFD session.

To remove BFD protection for a static route, enter this command without the BFD
keyword.

Beginning in ExtremeXOS 15.6, the egress VLAN name may now be a VLAN belonging
to a VR different from the VR of the static route itself. When the VRs differ, Inter-VR
routing of hardware and software forwarded packets is performed.

Example
The following example adds a static address to the routing table in the current VR
context:
configure iproute add 10.1.1.0/24 123.45.67.1

In the following example of an Inter-VR routing scenario, VLAN v1 belongs to VR vr1,

and VLAN v2 belongs to VR vr2. The final two commands add Inter-VR routes between
VR vr1 and VR vr2. The resulting behavior is that IPv4 unicast packets originating in VR
vr1, and a destination IP address in subnet 52.0.0.0/8, are forwarded to gateway 20.1.1.2
belonging to VLAN v2 in VR vr2 per the first Inter-VR route. Reverse packets originating
in VR vr2 with a destination IP address in subnet 51.0.0.0/8 are forwarded to gateway
10.1.1.2 belonging to VLAN v1 in VR vr1 per the second Inter-VR route. The vr vr_name of
the static route command refers to which VR's route table the route is added.
create vr "vr1"
create vr "vr2"
create vlan "v1" vr vr1
create vlan "v2" vr vr2
configure vlan v1 tag 10
configure vlan v2 tag 20
configure vlan v1 add ports 1 tagged

668 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

configure vlan v2 add ports 2 tagged

configure vlan v1 ipaddress 10.1.1.1/8
configure vlan v2 ipaddress 20.1.1.1/8
enable ipforwarding vlan v1
enable ipforwarding vlan v2

configure iproute add 52.0.0.0/8 20.1.1.2 vlan v2 vr vr1

configure iproute add 51.0.0.0/8 10.1.1.2 vlan v1 vr vr2

The Inter-VR routing example above is for packets routed through a gateway to a
remote subnet. Inter-VR routing can also be accomplished to/from a host adjacent to
the switch, such as hosts in the switch’s IPv4 ARP cache, by adding a /32 host route.
In the example network above, to have packets from VR1 route to a host/server in VR2
directly on the 20.1.1.1/8 subnet, such as 20.1.1.66, the following CLI command can be
used by specifying 20.1.1.66/32:
configure iproute add 20.1.1.66/32 20.1.1.66 vlan v2 vr vr1

Direct Route Leaking uses the configure iproute add direct-inter-vr command.

History
This command was first available in ExtremeXOS 10.1.

Beginning in ExtremeXOS 15.6, the egress VLAN name may now be a VLAN belonging
to a VR different from the VR of the static route itself.

Platform Availability
This command is available on all platforms with Layer 3 support.

configure iproute add (IPV6)

configure iproute add ipv6Netmask [ipv6Gateway | ipv6ScopedGateway]
{bfd} {metric} {vr vr_name} {multicast | multicast-only | unicast |
unicast-only}

Description
Adds an IPv6 static route to the routing table.

Syntax Description
ipv6Netmask Specifies an IPv6 address/prefix length.
ipv6Gateway Specifies a gateway.
ipv6ScopedGateway Specifies a scoped gateway.
bfd Enables Bidirectional Forwarding Detection (BFD)
protection for the IPv6 route.
metric Specifies a cost metric.

Switch Engine™ Command Reference Guide for version 32.7.1 669

Default Commands

vr_name Specifies the VR or VRF to which the route is added.

multicast Adds the specified route to the multicast routing table.
multicast-only Adds the specified route to the multicast routing table.
This option is provided for backward compatibility with
releases prior to ExtremeXOS release 12.1.
unicast Adds the specified route to the unicast routing table.
unicast-only Adds the specified route to the unicast routing table. This
option is provided for backward compatibility with releases
prior to ExtremeXOS release 12.1.

Default
If you do not specify a VR or VRF, the current VR context is used. If you do not specify a
metric, then the default metric of 1 is used.

Usage Guidelines
Use a prefix length of 128 to indicate a host entry.

Note
Although dynamic unicast routes can be captured in the multicast routing
table, unicast static routes cannot be captured in the multicast routing table.
To create a static route for the multicast routing table, you must specify the
multicast option.

Example
The following example adds a static route to the routing table:
configure iproute add 2001:db8:0:1111::/64 fe80::1111%default

History
This command was first available in ExtremeXOS 10.1.

Support for IPv6 was added in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure iproute add (Multicast)

configure iproute add [ipNetmask | ip_addr mask] gateway {bfd} {metric}
{multicast | multicast-only | unicast | unicast-only} {vr vrname}

670 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Adds a static route to the routing table.

Syntax Description
ipNetmask Specifies an IP address/mask length.
ip_addr Specifies an IP address.
mask Specifies a subnet mask.
gateway Specifies a VLAN gateway.
bfd Enables Bidirectional Forwarding Detection (BFD)
protection for the IPv6 route.
metric Specifies a cost metric.
vrname Specifies the virtual router to which the route is added.
multicast Adds the specified route to the multicast routing table.
multicast-only Adds the specified route to the multicast routing table.
This option is provided for backward compatibility with
releases prior to ExtremeXOS 12.1.
unicast Adds the specified route to the unicast routing table.
unicast-only Adds the specified route to the unicast routing table. This
option is provided for backward compatibility with releases
prior to ExtremeXOS 12.1.

Default
If you do not specify a virtual router, the current virtual router context is used.

Usage Guidelines
Use a mask value of 255.255.255.255 to indicate a host entry.

Note
Although dynamic unicast routes can be captured in the multicast routing
table, unicast static routes cannot be captured in the multicast routing table.
To create a static route for the multicast routing table, you must specify the
multicast option.

Example
The following example adds a static address to the multicast routing table:
configure iproute add 10.1.1.0/24 123.45.67.1 5 multicast

History
This command was first available in ExtremeXOS 10.1.

Switch Engine™ Command Reference Guide for version 32.7.1 671

Platform Availability Commands

The multicast and unicast keywords were first available in ExtremeXOS 12.1. These
keywords replace multicast-only and unicast-only, which remain in the software for
backward compatibility.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure iproute add blackhole ipv4 default

configure iproute add blackhole ipv4 default {multicast | multicast-only
| unicast | unicast-only} {vr vrname}

Description
Adds a default blackhole route to the routing table. All traffic destined for an unknown
IP destination is silently dropped, and no ICMP (Internet Control Message Protocol)
message is generated.

Syntax Description
multicast Adds the default blackhole route to the multicast routing
table.
multicast-only Adds the default blackhole route to the multicast routing
table. This option is provided for backward compatibility
with releases prior to ExtremeXOS Release 12.1.
unicast Adds the default blackhole route to the unicast routing
table.
unicast-only Adds the default blackhole route to the unicast routing
table. This option is provided for backward compatibility
with releases prior to ExtremeXOS Release 12.1.
vrname Specifies the VR or VRF to which the route is added.

Default
If you do not specify a VR or VRF, the current VR context is used.

Usage Guidelines
While a default route is for forwarding traffic destined to an unknown IP destination,
and a blackhole route is for discarding traffic destined to a specified IP destination, a
default blackhole route is for discarding traffic to the unknown IP destination.

Using this command, all traffic with an unknown destination is discarded.

672 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

The default blackhole route is treated like a permanent entry in the event of a switch
reset or power off/on cycle. The default blackhole route’s origin is "b" or "blackhole" and
the gateway IP address for this route is 0.0.0.0.

Example
The following example adds a blackhole default route into the routing table:
configure iproute add blackhole default

History
This command was first available in ExtremeXOS 10.1.

The ipv4 keyword was added in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure iproute add blackhole ipv6 default

configure iproute add blackhole ipv6 default {vr vr_name} {multicast-
only | unicast-only}

Description
Adds a default blackhole route to the routing table. All traffic destined for an unknown
IPv6 destination is silently dropped.

Syntax Description
vr_name Specifies the VR or VRF to which the route is added.
multicast-only Specifies only multicast traffic for the route.
unicast-only Specifies only unicast traffic for the route.

Default
If you do not specify a VR or VRF, the current VR context is used.

Usage Guidelines
While a default route is for forwarding traffic destined to an unknown IPv6 destination,
and a blackhole route is for discarding traffic destined to a specified IPv6 destination, a
default blackhole route is for discarding traffic to the unknown IPv6 destination.

Using this command, all traffic with an unknown destination is discarded.

Switch Engine™ Command Reference Guide for version 32.7.1 673

Example Commands

The default blackhole route is treated like a permanent entry in the event of a switch
reset or power off/on cycle. The default blackhole route’s origin is "b" or "blackhole" and
the gateway IPv6 address for this route is ::.

The packets are silently discarded. In other words, no ICMP message is sent to indicate
that the packets are discarded.

Example
The following example adds a blackhole default route into the routing table:
configure iproute add blackhole ipv6 default

History
This command was first available in ExtremeXOS 10.1.

Support for IPv6 was added in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure iproute add blackhole

configure iproute add blackhole {ipv6} [ipv6Netmask] {vr vr_name}
{multicast-only | unicast-only}

Description
Adds a blackhole address to the routing table. All traffic destined for an unknown IPv6
destination is silently dropped.

Syntax Description
ipv6Netmask Specifies an IPv6 address/prefix length.
vr_name Specifies the VR or VRF to which the route is added.
multicast-only Specifies only multicast traffic for the route.
unicast-only Specifies only unicast traffic for the route.

Default
If you do not specify a VR or VRF, the current VR context is used.

674 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
A blackhole entry directs packets with a matching specified address prefix to
be discarded. Blackhole entries are useful as a security measure or in special
circumstances where a specific destination address must be discarded. Blackhole
entries are treated like permanent entries in the event of a switch reset or power off/on
cycle.

The packets are silently discarded. In other words, no ICMP message is sent to indicate
that the packets are discarded.

Example
The following example causes packets with a destination address of 2001:db8::3452 to
be silently discarded:
configure iproute add blackhole 2001:db8::3452/128

History
This command was first available in ExtremeXOS 10.1.

Support for IPv6 was added in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure iproute add default

configure iproute add default [gateway |ipv6Gateway | ipv6ScopedGateway]
{bfd}{metric} {vr vr_name} {multicast |multicast-only |unicast |
unicast-only} {vlan vlan_name}

Description
Adds a default gateway to the routing table.

Syntax Description
gateway Specifies a gateway IPv4 address.
ipv6Gateway Specifies a VLAN gateway IPv6 address.
ipv6ScopedGateway Specifies a scoped gateway.
bfd Enables Bidirectional Forwarding Detection (BFD)
protection for the route.

Note: You must type this keyword before specifying a

VLAN.

Switch Engine™ Command Reference Guide for version 32.7.1 675

Default Commands

metric Specifies a cost metric. If no metric is specified, the default

of 1 is used.
vr_name Specifies the VR or VRF to which the route is added.

Default
If no metric is specified, the default metric of 1 is used. If you do not specify a VR or VRF,
the current VR context is used.

Usage Guidelines
Default routes are used when the router has no other dynamic or static route to
the requested destination. A default gateway must be located on a configured IPv6
interface. Use the unicast-only or multicast-only options to specify a particular traffic
type. If not specified, both unicast and multicast traffic uses the default route.

Example
The following example configures a default route for the switch:
configure iproute add default 2001:db8::1234:5678

History
This command was first available in ExtremeXOS 10.1.

Support for IPv6 was added in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure iproute add direct-inter-vr

configure iproute add direct-inter-vr {ipv4} [{vlan} from_vlan_name |
vlan from_vlan_list] {{vr} to_vr_name}

Description
Adds the direct routes of a VLAN or set of VLANs to be leaked to the leak-to-VR.

Syntax Description
direct-inter-vr Specifies to leak direct routes of specified VLAN(s) to a
different VR. Adjacent (directly connected) hosts are also
reachable in the specified VR.
ipv4 Specifies the IPv4 address family. Only IPv4 is supported.

676 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

vlan Specifies the VLAN name or list of VLAN IDs whose direct
routes are leaked to a different VR.
from_vlan_name Specifies to replicate the direct routes of the hardware and
software forwarding tables and the adjacent hosts of the
specified VLAN name to the specified leak-to-VR.
from_vlan_list Specifies to replicate the direct routes of the hardware and
software forwarding tables and the adjacent hosts of the
specified VLAN list to the specified leak-to-VR. Range is
1-4094.
vr Specifies the virtual router to which direct routes are
leaked.
to_vr_name Specifies the virtual router to which direct routes are
leaked. If not specified, the context of the current VR is
used.

Usage Guidelines
This command is used to support leaking of direct routes from one VR to another by
allowing a configuration to leak one or more L3 interface routes to another VR.

Example
The following example adds the direct routes of VLAN 'yellow' to be leaked to the
leak-to-VR 'VR2'.
# configure iproute add direct-inter-vr yellow vr VR2

History
This command was first available in ExtremeXOS 32.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure iproute add lsp

configure iproute add [ipaddress netmask | ipNetmask] lsp lsp_name
{metric} {multicast | multicast-only | unicast | unicast-only} {vr
vrname}

Switch Engine™ Command Reference Guide for version 32.7.1 677

Description Commands

Description
Assigns a specific IP route to use a named LSP.

Note
To create a static IP route that does not use a specific named LSP as an mpls-
next-hop, use the following command: configure iproute add [ipNetmask
| ip_addr mask] gateway {metric} {multicast | multicast-only |
unicast | unicast-only} {vr vrname} .

Syntax Description
ipaddress Specified an IP address.
netmask Specifies an IP address/prefix length.
ipNetmask Specifies an IP address/prefix length.
lsp_name Specifies a named MPLS LSP to be used to reach the route.
metric Specifies a cost metric.
multicast Adds the specified route to the multicast routing table.
multicast-only Adds the specified route to the multicast routing table.
This option is provided for backward compatibility with
releases prior to ExtremeXOS Release 12.1.
unicast Adds the specified route to the unicast routing table.
unicast-only Adds the specified route to the unicast routing table. This
option is provided for backward compatibility with releases
prior to ExtremeXOS release 12.1.
vrname Specifies the virtual router to which the route is added.

Default
N/A.

Usage Guidelines
This command assigns a named LSP to a specific IP route. Once configured, all IP traffic
matching the configured route is forwarded over the specified LSP. For an RSVP-TE
LSP, the correct label information is only associated with the route if the LSP is active. If
the RSVP-TE LSP is disabled or is withdrawn, the label information is removed from the
route table and the route entry is marked down. If multiple LSPs are added to a route
and ECMP is enabled using route-sharing command, only one LSP is used to forward IP
traffic.

Note
IP routes can only be assigned to named LSPs in the VR in which MPLS is
configured to operate.

678 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command adds a static address to the routing table:
configure iproute add 10.1.1.0/24 lsp lsp598

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure iproute add protection

configure iproute add [default | ipv4_or_ipv6_network] gateway
{protection [bfd | ping | none]}

Description
Configures protection and resiliency on IPv4 and IPv6 static routes.

Syntax Description
default Default route.
ipv4_or_ipv6_network IPv4 or IPv6 network address.
gateway Gateway IP address.
protection Selects the type of protection on this route (default is
none).
bfd Enables BFD protection on this route.
ping Enables ICMP ping protection on this route.
none Disables all protection on this route (default).

Default
No protection is the default.

Usage Guidelines
For static routes configured with protection type ping, static routes are initially down.
Static routes become "up" for each configured gateway/device IP when a timely ICMP
Echo Reply is received from that IP within the configured ping interval. Static routes
transition from up to down when no timely reply is received for the configured number
of missed intervals. Severely delayed ICMP Echo Replies are ignored if received after the
configured interval time elapses, because a new ICMP Echo Request has already been

Switch Engine™ Command Reference Guide for version 32.7.1 679

Example Commands

sent. Static routes with ping protection need not be ECMP routes. Thus when a device
is unresponsive, a different route with a higher cost or shorter prefix length can route
packets elsewhere.

The protection type (BFD, ping, or none) for an existing static route can be changed
dynamically without deleting the route. To change the protection type, simply re-add
an existing static route with a different protection type.

Example
The following example adds a static route for 100.0.0.0/24 with ping health check
monitoring to gateway IP 1.2.3.4.
# configure iproute add 100.0.0.0/24 1.2.3.4 protection ping

ExtremeXOS initiates ping health check monitoring to the adjacent device with IP
address 1.2.3.4. The route for 100.0.0.0/24 is protected, meaning if ping responses are
received from 1.2.3.4 in a timely manner, the static route for 100.0.0.0/24 to 1.2.3.4 is “up”
in the routing table. If no ping response is received in a timely manner, the route is
down.

In an example with ECMP, assuming enable iproute sharing:

# configure iproute add 100.0.0.0/24 1.2.3.5 protection ping

If ping responses are received by both 1.2.3.4 and 1.2.3.5, IP packets destined to subnet
100.0.0.0/24 are Layer-3 load balanced by hardware between 1.2.3.4 and 1.2.3.5. If for
example, no ping response is received from 1.2.3.4 in a timely manner, IP packets
destined to 100.0.0.0/24 are sent only to 1.2.3.5. Later, upon receiving a ping response
from 1.2.3.4, packets are load balanced again.

History
This command was first available in ExtremeXOS 22.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

configure iproute delete

configure iproute delete [ipNetmask | ipaddress mask] gateway {multicast
| multicast-only | unicast | unicast-only} {vlan egress vlan} {vr
vrname}

Description
Deletes a static address from the routing table.

680 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
ipNetmask Specifies an IP address/mask length.
ipaddress Specifies an IP address.
mask Specifies a subnet mask.
gateway Specifies a VLAN gateway.
multicast Specifies a multicast route to delete.
multicast-only Specifies a multicast route to delete.
unicast Specifies a unicast route to delete.
unicast-only Specifies a unicast route to delete.
vlan Specifies the egress VLAN name used for an Inter-VR route.
vrname Specifies the virtual router to which the route is deleted.

Default
If you do not specify a virtual router, the current virtual router context is used.

Usage Guidelines
Use a value of 255.255.255.255 or /32 for mask to indicate a host entry.

Example
The following example deletes an address from the multicast routing table:
configure iproute delete 10.101.0.0/24 10.101.0.1 multicast

History
This command was first available in ExtremeXOS 10.1.

The multicast and unicast keywords were first available in ExtremeXOS 12.1. These
keywords replace multicast-only and unicast-only, which remain in the software for
backward compatibility.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure iproute delete blackhole

configure iproute delete blackhole [ipv6Netmask] {vr vr_name}

Switch Engine™ Command Reference Guide for version 32.7.1 681

Description Commands

Description
Deletes a blackhole route from the routing table.

Syntax Description
ipv6Netmask Specifies an IPv6 address/prefix length.
vr_name Specifies the VR or VRF from which the route is deleted.

Default
If you do not specify a VR or VRF, the current VR context is used.

Usage Guidelines
A blackhole entry directs packets with a specified destination address to be discarded.
Blackhole entries are useful as a security measure or in special circumstances where
a specific destination address must be discarded. Blackhole entries are treated like
permanent entries in the event of a switch reset or power off/on cycle.

Example
The following example deletes a blackhole route from the routing table for packets
with a destination address of 2001:db8::3452, so the packets are no longer discarded:
configure iproute delete blackhole 2001:db8::3452/128

History
This command was first available in ExtremeXOS 10.1.

Support for IPv6 was added in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure iproute delete blackhole ipv4 default

configure iproute delete blackhole ipv4 default {multicast | multicast-
only | unicast | unicast-only} {vr vrname}

Description
Deletes a default blackhole route from the routing table.

682 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
multicast Specifies a default blackhole multicast route to delete.
multicast-only Specifies a default blackhole multicast route to delete. This
option is provided for backward compatibility with releases
prior to ExtremeXOS Release 12.1.
unicast Specifies a default blackhole unicast route to delete.
unicast-only Specifies a default blackhole unicast-only route to delete.
This option is provided for backward compatibility with
releases prior to ExtremeXOS Release 12.1.
vrname Specifies a VR or VRF name.

Default
If you do not specify a VR or VRF, the current VR context is used.

Usage Guidelines
None.

Example
The following command deletes a blackhole default route from the routing table:

configure iproute delete blackhole default

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure iproute delete blackhole ipv6 default

configure iproute delete blackhole ipv6 default {vr vr_name}

Description
Deletes a default blackhole route from the routing table.

Syntax Description
vr_name Specifies the VR or VRF from which the route is deleted.

Switch Engine™ Command Reference Guide for version 32.7.1 683

Default Commands

Default
If you do not specify a VR or VRF, the current VR context is used.

Usage Guidelines
While a default route is for forwarding traffic destined to an unknown IPv6 destination,
and a blackhole route is for discarding traffic destined to a specified IPv6 destination, a
default blackhole route is for discarding traffic to the unknown IPv6 destination.

Using this command, all traffic with an unknown destination is discarded.

The default blackhole route is treated like a permanent entry in the event of a switch
reset or power off/on cycle. The default blackhole route's origin is "b" or "blackhole" and
the gateway IPv6 address for this route is "::."

Example
The following example deletes a blackhole default route from the routing table:
configure iproute delete blackhole default

History
This command was first available in ExtremeXOS 10.1.

Support for IPv6 was added in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure iproute delete default

configure iproute delete default [ipv6Gateway | ipv6ScopedGateway] {vr
vr_name}

Description
Deletes a default gateway from the routing table.

Syntax Description
ipv6Gateway Specifies a VLAN gateway IPv6 address.
ipv6ScopedGateway Specifies a scoped gateway.
vr_name Specifies the VR or VRF from which the route is deleted.

684 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
If no metric is specified, the default metric of 1 is used. If you do not specify a VR or VRF,
the current VR context is used.

Usage Guidelines
Default routes are used when the router has no other dynamic or static route to
the requested destination. A default gateway must be located on a configured IPv6
interface.

Example
The following example deletes a default route from the switch:
configure iproute delete default 2001:db8::1234:5678

History
This command was first available in ExtremeXOS 10.1.

Support for IPv6 was added in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure iproute delete direct-inter-vr

configure iproute delete direct-inter-vr {ipv4} [{vlan} from_vlan_name |
vlan from_vlan_list] {{vr} to_vr_name}

Description
Deletes a direct route of a VLAN or set of VLANs previously leaked to the leak-to-VR.

Syntax Description
direct-inter-vr Specifies to delete previously leaked direct routes of
specified VLAN(s) to a different VR. Adjacent hosts are also
reachable in the specified VR.
ipv4 Specifies the IPv4 address family. Only IPv4 is supported.
vlan Specifies the VLAN name or list of VLAN IDs whose direct
routes are leaked to a different VR.
from_vlan_name Specifies to use the specified leak-to-VR and replicate the
direct routes of the hardware and software forwarding
tables and the adjacent hosts of the VLAN name.

Switch Engine™ Command Reference Guide for version 32.7.1 685

Usage Guidelines Commands

from_vlan_list Specifies to use the specified leak-to-VR and replicate the

direct routes of the hardware and software forwarding
tables and the adjacent hosts of the VLAN list. Range is
1-4094.
vr Specifies the virtual router to which direct routes are
leaked.
to_vr_name Specifies the virtual router to which direct routes are
leaked. If not specified, the context of the current VR is
used.

Usage Guidelines
This command is used to delete previously configured leaking of direct routes from one
VR to another.

Example
The following example removes configuration for the direct routes of VLAN 'yellow' so
those are no longer leaked to the leak-to-VR 'VR2'.
# configure iproute delete direct-inter-vr yellow vr VR2

History
This command was first available in ExtremeXOS 32.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure iproute ipv6 priority

configure iproute ipv6 priority [auto-peering | ripng | blackhole | icmp
| host-mobility | static | ospfv3-intra | ospfv3-inter | ospfv3-as-
external | ospfv3-extern1 | ospfv3-extern2 | isis |isis-leve1-1 |
isis-level-2 | isis-level-1-external | isis-level-2-external | ebgp |
ibgp] priority {vr vr_name}

Description
Changes the priority for all routes from a particular route origin.

Syntax Description
auto-peering Specifies auto-peering routes.
ripng Specifies RIPng.
host-mobility Host-Mobility route.

686 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

blackhole Specifies the blackhole route.

icmp Specifies ICMP.
static Specifies static routes.
ospfv3-intra Specifies OSPFv3 Intra routing.
ospfv3-inter Specifies OSPFv3 Inter routing.
ospfv3-as-external Specifies OSPFv3 AS External routing.
ospfv3-extern1 Specifies OSPFv3 External 1 routing.
ospfv3-extern2 Specifies OSPFv3 External 2 routing.
isis Specifies ISIS routing.
isis-level-1 Specifies IS-IS Level 1 routing.
isis-level-2 Specifies IS-IS Level 2 routing.
isis-level-1-external Specifies IS-IS Level 1 External routing.
isis-level-2-external Specifies IS-IS Level 2 External routing.
ebgp Specifies EBGP routes.
ibgp Specifies IBGP routes.
priority Specifies a priority number in the range of 11 to 65534.
vr_name Specifies a VR or VRF name.

Default
The following table lists the relative priorities assigned to routes depending upon the
learned source of the route.

Table 11: Route Priorities

Route Origin Priority
Direct 10
BlackHole 50
Static 1100
HostMobility 1150
ICMP 1200
OSPF3Intra 2200
OSPF3Inter 2300
IS-IS L1 2360
IS-IS L2 2370
RIPg 2400
OSPFv3 ASExt 3100
OSPFv3 Extern1 3200
OSPFv3 Extern2 3300

Switch Engine™ Command Reference Guide for version 32.7.1 687

Usage Guidelines Commands

Table 11: Route Priorities (continued)

Route Origin Priority
IS-IS L1 Ext 3400
IS-IS L2 Ext 3500

Usage Guidelines
Although these priorities can be changed, do not attempt any manipulation unless you
are expertly familiar with the possible consequences. If you change the route priority,
you must save the configuration and reboot the system.

Note
The priority for a blackhole route can not overlap with the priority of any other
route origin.

Example
The following example sets the IPv6 route priority for static routing to 1200:
configure iproute ipv6 priority static 1200

History
This command was first available in ExtremeXOS 11.2.

The vr option was added in ExtremeXOS 12.1.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document..

configure iproute priority

configure iproute {ipv4} priority [auto-peering | blackhole | bootp
| ebgp |host-mobility | ibgp | icmp | isis | isis-level-1 | isis-
level-1-external | isis-level-2 | isis-level-2-external | mpls |
ospf-as-external | ospf-extern1 | ospf-extern2 | ospf-inter | ospf-
intra | rip | static | evpn | ospf-inter-vr | direct-inter-vr]
priority {vr vrname}

Description
Changes the priority for all routes from a particular route origin.

688 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
auto-peering Specifies the auto-peering route.
blackhole Specifies the blackhole route.
bootp Specifies BOOTP.
ebgp Specifies E-BGP routes.
host-mobility Host-Mobility route.
ibgp Specifies I-BGP routes.
icmp Specifies ICMP.
isis Specifies IS-IS and applies only to blackhole routes
installed for summary addresses.
isis-level-1 Specifies IS-IS Level 1 routing.
isis-level-1-external Specifies IS-IS Level 1 External routing.
isis-level-2 Specifies IS-IS Level 2 routing.
isis-level-2-external Specifies IS-IS Level 2 External routing.
mpls Specifies MPLS routing.
ospf-as-external Specifies OSPF as External routing.
ospf-extern1 Specifies OSPF External 1 routing.
ospf-extern2 Specifies OSPF External 2 routing.
ospf-inter Specifies OSPFInter routing.
ospf-intra Specifies OSPFIntra routing.
rip Specifies RIP.
static Specifies static routes.
evpn Specifies EVPN routes.
ospf-inter-vr Specifies OSPF inter-VR routes.
direct-inter-vr Specifies inter-VR leaked direct routes.
priority Specifies a priority number in the range of 11 to 65534.
vrname Specifies a VR or VRF name.

Default
The following table lists the relative priorities assigned to routes depending upon the
learned source of the route.

Table 12: Relative Route Priorities

Route Origin Priority
Direct 10
Direct Inter VR 15
MPLS 20

Switch Engine™ Command Reference Guide for version 32.7.1 689

Usage Guidelines Commands

Table 12: Relative Route Priorities (continued)

Route Origin Priority
Blackhole 50
Static 1100
HostMobility 1150
ICMP 1200
EVPN 1698
Autopeering 1699
EBGP 1700
IBGP 1900
OSPFIntra 2200
OSPFInter 2300
IS-IS 2350
IS-IS L1 2360
IS-IS L2 2370
RIP 2400
OSPFAsExt 3100
OSPF External 1 3200
OSPF External 2 3300
IS-IS L1 Ext 3400
IS-IS L2 Ext 3500
BOOTP 5000
OSPFInterVR 5010

Usage Guidelines
Although priorities can be changed, you should not attempt to do so unless you are
certain of the possible consequences of the change. If you change the route priority,
you must save the configuration and reboot the system.

Note
The priority for a blackhole route cannot overlap with the priority of any other
route origin.

Example
The following example sets IP route priority for static routing to 1200:
# configure iproute priority static 1200

690 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 10.1.

The route priority restrictions were added in ExtremeXOS 11.1.

The ipv4 keyword was added in ExtremeXOS 11.2.

The vr option was added in ExtremeXOS 12.1.2.

The evpn option was added in ExtremeXOS 30.7.

The ospf-inter-vr option was added in ExtremeXOS 32.3.

The direct-inter-vr option was added in ExtremeXOS 32.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure iproute reserved-entries

configure iproute reserved-entries [ num_routes_needed | maximum |
default ] slot [all | slot_num]

Description
Reserves storage space for IPv4 and IPv6 routes in the Longest Prefix Match (LPM)
hardware tables, allowing individual local and remote IPv4 unicast hosts to occupy the
unused portions of the tables.

Syntax Description
num_routes_needed Specifies a specific number of routes to reserve.
maximum Reserves the maximum amount of space for IP route
entries. No IPv4 hosts are stored in the LPM and External
tables.
default Reserves the default amount of space for IP route entries.
all For SummitStack switches only, this option applies the
reservation to all applicable slots.
slot_num For SummitStack switches only, this option applies the
reservation to the specified slot.

Usage Guidelines
Demand on the Layer 3 Hash table can be reduced by allowing IPv4 hosts to be stored
in the LPM tables instead. This command allows you to reserve a portion of the LPM
tables for routes, and this creates an unreserved portion that can be used to store

Switch Engine™ Command Reference Guide for version 32.7.1 691

Usage Guidelines Commands

IPv4 hosts. For more information, see the “Extended IPv4 Host Cache” section of the
Switch Engine 32.7.1 User Guide.

The default setting can support most networks, but if more than a few hundred local
IP hosts and IP multicast entries are present, you can improve switch performance by
calculating and configuring the reserved space for route entries to allow unreserved
space for IPv4 hosts. Changing the number of reserved route entries does not require a
reboot of the affected slots or switch.

You can view the current LPM hardware table usage by entering the show iproute
reserved-entries statistics command. The LPM table statistics are in the columns
under the In HW Route Table heading.

If the switch contains fewer routes than the capacity of the LPM tables, the number
of route entries to reserve for a slot or switch should be the number of routes
currently used in the hardware tables, plus an additional cushion for anticipated
growth. Because each IPv6 route takes up the space of two IPv4 routes, the number
of route entries to reserve is two times the value in the IPv6 routes column, plus the
value in the IPv4 routes column, plus room for anticipated growth. For example, if you
want to reserve space for 100 IPv4 routes and 20 IPv6 routes, the required number of
route entries is 140 (100 + 2*20).

The maximum value for num_routes_needed for ExtremeSwitching 5420 switches is

12,256. For all other models, 16,352.

The maximum values shown above apply to ExtremeSwitching series switches

operating independently or as part of a SummitStack. The maximum option can be
used to specify the maximum values.

When maximum is specified, IPv4 hosts do not occupy LPM table space. Note
that when maximum is specified, software forwarding can result, depending on the
utilization and addresses in the Layer 3 Hash table, and is therefore not recommended.

When Algorithmic Longest-Prefix Match (ALPM) is configured using configure

forwarding internal-tables more routes, the value for reserved-entries is treated
as "maximum". Therefore, IPv4 hosts do not occupy LPM table space in order to
maximize route capacity.

If the switch contains more routes than the capacity of the LPM tables, a trade-off can
be made. You can choose to reserve 400 iproute entries, for example. The 400 IPv4
routes with the longest length network masks will be installed in the LPM table, and
the remainder of the LPM table can be used for cache space for local and remote
hosts. The remote host entries are only required for IPv4 addresses matching one of the
300 routes not installed in the LPM table. Since in this example, not all routes can be
stored anyway, leaving appropriate room for individual remote hosts can result in more
fast-path forwarding.

Depending on the actual routes present, IP route compression for IPv4 and/or IPv6
can be enabled to reduce the number of routes required in the LPM tables. For
more information, see the description for the following command: enable iproute
compression {vr vrname}

692 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command reserves up to 140 IPv4 routes or 70 IPv6 routes, or any
combination in between, on all switches in a SummitStack:
# configure iproute reserved-entries 140 slot all

For details on the configuration changes, see the command descriptions for the
following commands:

show iproute reserved-entries

show iproute reserved-entries statistics

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure iproute protection ping interval

configure iproute {ipv4 | ipv6} protection ping interval seconds miss
misses

Description
Configures the desired interval between pings and number of misses for ping
protection of IPv4 and IPv6 static routes.

Syntax Description
ipv4 Designates IPv4 settings (default).
ipv6 Designates IPv6 settings.
protection Configures route protection settings.
ping Configures static route ping protection interval and
number of misses.
interval Number of seconds between pings to protected gateways.
Ping response must be received within configured interval.
seconds Number of seconds between pings to protected gateways.
Range is 1–600. Default is 2.
miss Number of pings with no response before associated
routes are considered down.
misses Number of pings with no response before associated
routes are considered down. Range is 2–255. Default is 3.

Switch Engine™ Command Reference Guide for version 32.7.1 693

Default Commands

Default
If not specified, IPv4 is the default, and:

• Interval = 2 seconds
• Misses = 3

Usage Guidelines
At the configurable interval, each unique gateway or device IP address configured
for static route ping protection is sent an ICMP or ICMPv6 Echo Request if the ARP
or Neighbor cache entry already has the IP->MAC binding. An ARP or Neighbor
Solicitation is sent if the IP->MAC binding is unknown, and upon receiving a response,
the ICMP Echo Request is sent.

The desired interval between pings and number of misses can be configured
independently for IPv4 and IPv6.

Example
The following example sets for IPv4 a ping interval of 3 seconds and number of missed
pings to 5:
# configure iproute ipv4 protection ping interval 3 miss 5

History
This command was first available in ExtremeXOS 22.1.

Platform Availability
This command is available on all platforms with any license level as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure iproute sharing hash-algorithm crc

configure iproute sharing {hash-method default} hash-algorithm crc
[lower | upper]

Description
This command is used to configure the "default" hash algorithm used to choose a
gateway when hardware forwards an IPv4 or IPv6 unicast packet to a route with
multiple equal-cost multipath gateways.

For information about configuring the custom hash method, see the command
configure iproute sharing hash-method custom.

The values within the IP unicast packet that are considered in the hash calculation
depend on the setting of another command, configure forwarding sharing [L3 |

694 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

L3_L4]. With the default, L3_L4, the hash calculation includes Source and Destination
IP addresses, and the Source and Destination Layer 4 Port numbers. Or, if configure
forwarding sharing L3 is configured, the hash calculation only includes Source and
Destination IP addresses. The distribution of packets among multiple gateways based
on the IP Route Sharing lower or upper hash algorithm will depend on network traffic.
The command will not result in traffic loss and takes effect immediately.

Syntax Description
iproute IP routing module.
sharing Configure settings for equal cost multipath
routing";capability="route_sharing.
hash-method Configures hardware forwarding hash method used to
select among ECMP gateways for an IPv4 or IPv6
destination.
default Default method for ECMP hardware hash calculation.
For information about configuring the custom hash
method, see the configure iproute sharing hash-
method custom {hash-algorithm [xor | crc-16 |
crc-32 [lower | upper]]} command.
hash-algorithm Configure hardware forwarding hash algorithm used
to select among ECMP gateways for an IPv4 or IPv6
destination";capability="pib".
crc Cyclic Redundancy Check (CRC).
lower Lower bits of CRC32 hash calculation of source and
destination packet criteria, used to select an ECMP
gateway (Default).
upper Upper bits of CRC32 hash calculation. May improve
distribution when source and destination IP and ports do
not vary much.

Default
Lower.

Usage Guidelines
Use this command to configure the hash algorithm used to choose a gateway when
hardware forwards an IPv4 or IPv6 unicast packet to a route with multiple equal-cost
multipath gateways. The values within the IP unicast packet that are considered in the
hash calculation depend on the setting of another command, configure forwarding
sharing [L3 | L3_L4]. With the default, L3_L4, the hash calculation includes Source
and Destination IP addresses, and the Source and Destination Layer 4 Port numbers.
Or, if configure forwarding sharing L3 is configured, the hash calculation only
includes Source and Destination IP addresses. The distribution of packets among
multiple gateways based on the IP Route Sharing lower or upper hash algorithm will

Switch Engine™ Command Reference Guide for version 32.7.1 695

Example Commands

depend on network traffic. The command will not result in traffic loss and takes effect
immediately.

Example
# configure iproute sharing hash-algorithm upper

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure iproute sharing max-gateways

configure iproute sharing max-gateways max_gateways

Description
Specifies the maximum number of gateways in each gateway set in the ECMP
hardware table.

Syntax Description
max_gateways Specifies the maximum number of ECMP gateways in a
gateway. The only values allowed are 2, 4, 8, 16, 32 and 64.
For ExtremeSwitching 5520 series switches, the allowed
values are 2,4, and 8.

Default
For all platforms except the ExtremeSwitching 5520 series switches, the default is 16
gateways.

For ExtremeSwitching 5520 series switches, the default is 4.

Usage Guidelines
When IPv4 or IPv6 route sharing is enabled, the maximum number of gateways
value represents the maximum number of next-hop gateways that can be used for
communications with a destination subnet. Each gateway represents an alternative
path to a subnet. The gateways can be defined with static routes, or they can be
learned through the OSPF, OSPFv3, BGP, or IS-IS protocols. The value for max-gateways
applies to both IPv4 and IPv6 on all VRs.

696 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

When Pseudowire Label Switch Path Load Sharing is enabled, the maximum number
of gateways value represents the maximum number of LSPs that a pseudowire can use
for multi-path transport.

The max-gateways setting changes how the hardware is configured for multi-path;
however, individual protocols have multi-path limitations that may be lower than
the configured max-gateways setting. Additionally, the values supported for the max-
gateways setting may vary, depending on the platform. See the ExtremeXOS Release
Notes for the supported values of max-gateways for each protocol and platform.

The ExtremeXOS Release Notes also list the total number of route destinations and the
total combinations of gateway sets that each platform can support with the different
max-gateways option selections. For more information on selecting the maximum
number of gateways and how this affects different platforms, see the “ECMP Hardware
Table” in the Switch Engine 32.7.1 User Guide.

You must save the configuration and reboot the switch for the new value to take effect.
To see the current and configured value, use the commands show ipconfig or show
ipconfig ipv6.

Example
The following example changes the maximum number of ECMP gateways per subnet
or gateway set to 8:
configure iproute sharing max-gateways 8

History
This command was first available in ExtremeXOS 11.4.

The value 2 was first available in ExtremeXOS 12.0.2.

Support for shared gateway sets in the ECMP table was added in ExtremeXOS 12.4.

The values 16 and 32 were first available in ExtremeXOS 15.3.

This command first applied to IPv6 routes in ExtremeXOS 15.3.

The value 64 was added in ExtremeXOS 15.5.2

The default value for max. gateways was changed in ExtremeXOS 22.1 from 4 to 16. This
applies only to new configurations. Existing configurations retain their settings.

Platform Availability
This command is available on all Universal switches supported in this document..

Switch Engine™ Command Reference Guide for version 32.7.1 697

configure ip-security anomaly-protection icmp ipv4-
max-size Commands

configure ip-security anomaly-protection icmp ipv4-max-size

configure ip-security anomaly-protection icmp ipv4-max-size size {slot
[ slot | all ]}

Description
Configures the maximum IPv4 ICMP allowed size.

Syntax Description
size Specifies the size of the IPv4 ICMP in bytes.
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

Default
The default size is 512 bytes.

Usage Guidelines
This command configures the IPv4 ICMP allowed size. The absolute maximum is 1023
bytes.

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ip-security anomaly-protection icmp ipv6-max-size

configure ip-security anomaly-protection icmp ipv6-max-size size {slot
[ slot | all ]}

Description
Configures the maximum ipv6 ICMP allowed size.

698 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
size Specifies the size of the IPv6 ICMP in bytes.
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

Default
The default size is 512 bytes.

Usage Guidelines
This command configures the IPv6 ICMP allowed size. The absolute maximum is 16K
bytes.

You can use this command to configure the maximum IPv6 ICMP packet size for
detecting IPv6 ICMP anomalies. If the next header in the IPv6 ICMP packet is not
0x3A:ICMP, this anomaly is not detected. For example, an IPv6 ICMP packet with packet
header 0x2c: Fragment Header is not detected.

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ip-security anomaly-protection notify cache

configure ip-security anomaly-protection notify cache size {slot [slot |
all ]}

Description
Configures the size of local notification cache.

Syntax Description
size Specifies the size of the local notification cache.
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

Switch Engine™ Command Reference Guide for version 32.7.1 699

Default Commands

Default
The default is 1000 events.

Usage Guidelines
This command configures the size of local notification cache. Cached events are stored
in local memory. The range is between 1 and 1000 events per second. If the cache is full,
newer events replace older events.

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ip-security anomaly-protection notify rate limit

configure ip-security anomaly-protection notify rate limit value {slot
[slot | all ]}

Description
Configures the rate limiting for protocol anomaly notification.

Syntax Description
value Specifies the period of the rate limit.
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

Default
The default is 10 events per second.

Usage Guidelines
This is a paired command with configure ip-security anomaly-protection
notify rate window that configures the rate limiting for protocol anomaly
notification. When the anomaly notification is enabled, in order to avoid overloading
CPU, the system generates only the number of limited notifications in a period of
window seconds. The range is from 1 to 100 events.

700 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ip-security anomaly-protection notify rate window

configure ip-security anomaly-protection notify rate window value {slot
[slot | all ]}

Description
Configures the rate limiting for protocol anomaly notification.

Syntax Description
value Specifies the period of the rate limit.
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

Default
The default is 1 second.

Usage Guidelines
This is a paired command with configure ip-security anomaly-protection
notify rate limit that configures the rate limiting for protocol anomaly notification.
When the anomaly notification is enabled, in order to avoid overloading CPU, the
system generates only the number of limited notifications in a period of window
seconds. The range is between 1 and 300 seconds.

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 701

configure ip-security anomaly-protection notify trigger
off Commands

configure ip-security anomaly-protection notify trigger off

configure ip-security anomaly-protection notify trigger off value {slot
[slot | all ]}

Description
Configures an anomaly rate-based notification feature.

Syntax Description
value Specifies the number of events for the trigger.
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

Default
The default is 1.

Usage Guidelines
This is a paired command with configure ip-security anomaly-protection
notify trigger on that configures an anomaly rate-based notification feature. The
anomaly notification is automatically triggered if the rate of anomaly events is greater
than the configured ON value, and the notification is disabled if the rate falls below the
value set in the configure ip-security anomaly-protection notify trigger off
command.

The command takes effects after the anomaly notification is enabled.

Note
The value set in ON must be greater than or equal to the value set in OFF.

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ip-security anomaly-protection notify trigger on

configure ip-security anomaly-protection notify trigger on value {slot
[slot | all ]}

702 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures an anomaly rate-based notification feature.

Syntax Description
value Specifies the number of events for the trigger.
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

Default
The default is 1.

Usage Guidelines
This is a paired command with configure ip-security anomaly-protection
notify trigger off that configures an anomaly rate-based notification feature. The
anomaly notification is automatically triggered if the rate of anomaly events is greater
than the configured ON value, and the notification is disabled if the rate falls below the
value set in the configure ip-security anomaly-protection notify trigger off
command.

The command takes effects after the anomaly notification is enabled.

Note
The value set in ON must be greater than or equal to the value set in OFF.

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ip-security anomaly-protection tcp

configure ip-security anomaly-protection tcp min-header-size size {slot
[ slot | all ]}

Description
Configures the minimum TCP header allowed.

Switch Engine™ Command Reference Guide for version 32.7.1 703

Syntax Description Commands

Syntax Description
size Specifies the size of the header in bytes.
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

Default
The default value is 20 bytes.

Usage Guidelines
This command configures the minimum TCP header allowed. It takes effect for both
IPv4 and IPv6 TCP packets.

The range of the minimum TCP header may be between 8 and 255 bytes.

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ip-security dhcp-bindings add

configure ip-security dhcp-binding add ip ip_address mac mac_address
[dynamic vlan_id | {vlan} vlan_name] server-port server_port client-
port client_port lease-time seconds

Description
Creates a DHCP binding.

Syntax Description
ip_address Specifies the IP address for the DHCP binding.
mac_address Specifies the MAC address for the DHCP binding.
dynamic Configuration options for dynamically created VLANs.
vlan_id VLAN ID tag between 1 and 4,094.
vlan_name Specifies the name of the VLAN for the DHCP binding.
server_port Specifies the server port for the DHCP binding.

704 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

client_port Specifies the client port for the DHCP binding.

seconds Specifies the number of seconds for the lease.

Default
N/A.

Usage Guidelines
This commands allows you to add a DHCP binding in order to re-create the bindings
after reboot and to allow IP Security features to work with clients having static IP
addresses.

Note
Setting the lease-time to 0 causes the DHCP binding to be static; in other
words, it is not aged-out if no DHCP renew occurs. This is for use with clients
using static IP addresses.

History
This command was first available in ExtremeXOS 12.1.

Dynamic VLAN and VLAN ID options added in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ip-security dhcp-bindings delete

configure ip-security dhcp-binding delete ip ip_address [dynamic vlan_id
| {vlan} vlan_name]

Description
Deletes a DHCP binding.

Syntax Description
ip_address Specifies the IP address for the DHCP binding.
vlan_name Specifies the name of the VLAN for the DHCP binding.
dynamic Configuration options for dynamically created VLANs.
vlan_id VLAN ID tag between 1 and 4,094.

Switch Engine™ Command Reference Guide for version 32.7.1 705

Default Commands

Default
N/A.

Usage Guidelines
This commands allows you to delete a DHCP binding created with the command
configure ip-security dhcp-binding add ip ip_address mac mac_address
{vlan}vlan_name server-portserver_port client-portclient_port lease-
timeseconds.

History
This command was first available in ExtremeXOS 12.1.

Dynamic VLAN and VLAN ID options added in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ip-security dhcp-bindings storage filename

configure ip-security dhcp-bindings storage filename name

Description
Creates a storage file for DHCP binding information.

Syntax Description
name Specifies the name of the DHCP binding storage file.

Default
N/A.

Usage Guidelines
This commands allows you to configure the filename with which the DHCP bindings
storage file is created on the external server when it is uploaded to the external
server. The text file resides on an external server. You can configure the server with
the command configure ip-security dhcp-bindings storage location server
[primary | secondary] ip_address | hostname]{vrvr-name} tftp.

The bindings file must have a .xsf extension. If the input filename doesn't already have
a .xsf extension, one is added automatically.

706 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ip-security dhcp-bindings storage location

configure ip-security dhcp-bindings storage location server [primary |
secondary] ip_address | hostname]{vr vr-name} tftp

Description
Specifies the server location for the DHCP bindings storage file. The uploads can be
made to any TFTP server regardless of the virtual router that it is present in.

Syntax Description
ip_address Specifies the IP address location for the bindings storage
file.
hostname Specifies the hostname of the server.
vr-name Specifies the virtual router name.
none Using no option unconfigures the server.

Default
N/A.

Usage Guidelines
This commands allows you to specify where you want to store the DHCP storage
file that you created with the command configure ip-security dhcp-bindings
storage filename name.

Note
Using the command with no option unconfigures the server.

Example
The following command configures storage to the primary server 10.1.1.14:

configure ip-security dhcp-bindings storage location server primary 10.1.1.14 vr "VR-

Default" tftp

Switch Engine™ Command Reference Guide for version 32.7.1 707

History Commands

The following example unconfigures the primary server:

configure ip-security dhcp-bindings storage location server primary

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ip-security dhcp-bindings storage

configure ip-security dhcp-bindings storage [write-interval minutes |
write-threshold num_changed_entries]

Description
Configures DHCP bindings file storage upload variables.

Syntax Description
minutes Specifies the number of minutes for the write interval.
num_changed_entries Specifies the limit for the write threshold.

Default
The default write threshold is 50 entries; the default write interval is 30 minutes.

Usage Guidelines
This commands allows you to configure the upload variables for the DHCP bindings
file that you created with the command configure ip-security dhcp-bindings
storage filename name and specified the location of with the command configure
ip-security dhcp-bindings storage location server [primary | secondary]
ip_address |hostname]{vrvr-name} tftp.

For redundancy, the DHCP bindings file is uploaded to both the primary and the
secondary server. The failure of one upload (for example, due to a TFTP server timeout)
does not affect the upload of any other.

When the maximum file size limit is reached, no additional DHCP bindings can be
uploaded until one of the older bindings is removed.

708 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The point at which DHCP bindings can be uploaded can be configured to work in one
of the following ways:
• Periodic upload: Upload every N minutes, provided that DHCP bindings have
changed since the last upload.
• Upload based on number of yet-to-be uploaded entries: Allows you to configure the
maximum number of changed entries that are allowed to accumulate before being
uploaded.

The write interval is configurable from 5 minutes to 1 day, with a default value of 30
minutes. The default value of the write threshold is 50 entries, with a minimum of 25
and maximum of 200.

Additions and deletions are considered changes, but updates are not, which means
that DHCP renewals of existing leases are not counted.

By default, the write interval is in effect, but not the write-threshold. You may change
whichever of these you wish by explicitly configuring the value.

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ip-security dhcp-snooping information check

configure ip-security dhcp-snooping information check

Description
Enables the DHCP relay agent option (option 82) checking in the server-originated
packets.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
This command enables the checking of the server-originated packets for the presence
of option 82. In some instances, a DHCP server may not properly handle a DHCP
request packet containing a relay agent option. Use this command to prevent DHCP

Switch Engine™ Command Reference Guide for version 32.7.1 709

Example Commands

reply packets with invalid or missing relay agent options from being forwarded to the
client. With checking enabled, the following checks and actions are performed:
• When the option 82 is present in the packet, the MAC address specified in the
remote-ID sub-option is the switch system MAC address. If the check fails, the
packet is dropped.
• When option 82 is not present in the packet, the DHCP packet is forwarded with no
modification.

To disable this check, use the following command:

unconfigure ip-security dhcp-snooping information check

Example
The following command enables DHCP relay agent option checking:

configure ip-security dhcp-snooping information check

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ip-security dhcp-snooping information circuit-id port-

information port
configure ip-security dhcp-snooping information circuit-id port-
information port_info port port

Description
Configures the port information portion of the circuit ID.

Syntax Description
port_info Specifies the circuit ID port information in the format of
VLAN Info - Port Info; maximum length is 32 bytes.
port Specifies the port for which DHCP Snooping should be
enabled.

Default
The default value is the ASCII representation of the ingress port’s SNMP ifIndex.

710 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This command allows you to configure the port information portion of the circuit ID
whose format is vlan_info - port_info for each port. The parameter port info is
a string of up to 32 bytes in length. When a specific value is not configured for port
information, the port_info defaults to the ASCII representation of the ingress ports’s
SNMP ifIndex.

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ip-security dhcp-snooping information circuit-id vlan-

information
configure ip-security dhcp-snooping information circuit-id vlan-
information vlan_info [dynamic | {vlan} vlan_name | all]

Description
Configures the VLAN info portion of the circuit ID of a VLAN.

Syntax Description
vlan_info Specifies the circuit ID VLAN information for each VLAN in
the format of VLAN Info-Port Info; maximum length is
32 bytes.
vlan_name Specifies the VLAN for which DHCP should be enabled.
all Specifies all VLANs.
dynamic Configuration options for dynamically created VLANs.

Default
The default value is the ASCII representation of the ingress VLAN’s ID.

Usage Guidelines
This command allows you to configure the VLAN information portion of the circuit ID
of a VLAN. The VLAN info is a string of characters of up to 32 bytes in length, and is
entered in the format of VLAN InfoPort Info. When a specific value is not configured
for a VLAN, vlan_info defaults to the ASCII representation of the ingress VLAN’s ID.

Switch Engine™ Command Reference Guide for version 32.7.1 711

History Commands

History
This command was first available in ExtremeXOS 12.1.

Dynamic VLAN option added in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ip-security dhcp-snooping information option

configure ip-security dhcp-snooping information option

Description
Enables the DHCP relay agent option (option 82).

Syntax Description
This command has no arguments or variables.

Default
The default is unconfigured.

Usage Guidelines
This command enables the DHCP relay agent option (option 82), which is inserted into
client-originated DHCP packets before they are forwarded to the server.

To disable the DHCP relay agent option (option 82), use the following command:
unconfigure ip-security dhcp-snooping information option

Example
The following command enable the DHCP relay agent option:

configure ip-security dhcp-snooping information information option

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

712 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure ip-security dhcp-snooping information policy

configure ip-security dhcp-snooping information policy

configure ip-security dhcp-snooping information policy [drop | keep |
replace]

Description
Configures the DHCP relay agent option (option 82) policy.

Syntax Description
drop Specifies to drop the packet.
keep Specifies to keep the existing option 82 information in
place.
replace Specifies to replace the existing data with the switch’s own
data.

Default
The default value is replace.

Usage Guidelines
Use this command to set a policy for the relay agent. Packets can be dropped, the
option 82 information can be replaced (the default), or the packet can be forwarded
with the information unchanged.

Example
The following command configures the DHCP relay agent option 82 policy to keep:

configure ip-security dhcp-snooping information information policy keep

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ip-security dhcp-snooping information remote-id

configure ip-security dhcp-snooping information remote-id [system-name |
remote-id_info]

Switch Engine™ Command Reference Guide for version 32.7.1 713

Description Commands

Description
Configures the DHCP relay agent remote ID.

Syntax Description
remote-id Specifies configuring the remote ID.
system-name Specifies assigning the switch's system name as the
remote ID.
remote-id_info Specifies assigning a user-defined string as the remote ID
(up to 32 characters).

Default
If neither a system name nor the customized remote ID is configured, the default is the
switch's MAC address.

Usage Guidelines
This command specifies setting the remote ID as either the switch's system name or a
user-defined string. If neither selection has been made, or you unconfigure the remote
ID (unconfigure ip-security dhcp-snooping information remote-id), the default
remote ID is the switch's MAC address. However, this default (MAC address) name
does not appear in the show ip-security dhcp-snooping information remote-id
command.

Example
The following command configures the DHCP remote ID as the switch's system name::
# configure ip-security dhcp-snooping information remote-id system-name

The following command configures the DHCP remote ID as "mydhcp":

# configure ip-security dhcp-snooping information remote-id mydhcp

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ipv6 dad

configure ipv6 dad [off | on | {on} attempts max_solicitations] {{vr}
vr_name | vr all}

714 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures the operation of the duplicate address detection (DAD) feature on the
specified VR.

Syntax Description
max_solicitations Specifies the number of times the DAD feature tests for
a duplicate address. The range is 1 to 10, and the default
value is 1.
vr_name Specifies a VR on which to enable this feature.

Default
DAD status: On on VR-Default.

Maximum solicitations: 1 for VR-Default.

If you do not specify a VR or VRF, the current VR context is used.

Usage Guidelines
When the DAD feature is enabled, the switch checks for duplicate IPv6 addresses on
the specified VR when an IPv6 interface is initialized, or when a DAD check is initiated
with a CLI command. After initialization, and when this feature is off, the switch does
not start DAD checks.

Changes to the number of solicitations configuration take affect the next time the DAD
check is run.

By default, this command applies to the current VR context, if no VR name is specified.

If vr all is specified, the command applies to all user VRs and VR-Default.

The DAD feature does not run on loopback VLANs.

Example
The following command enables the DAD feature on all user VRs and VR-Default:

configure ipv6 dad on vr all

History
This command was first available in ExtremeXOS 12.6.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 715

configure ipv6 hop-limit Commands

configure ipv6 hop-limit

configure ipv6 hop-limit hop_limit {dont-specify-in-ra} {{vr} vr_name |
{vlan} vlan_name | vlan all}

Description
This command allows you to configure the IPv6 hop-limit. This hop-limit is used in
all originated IPv6 packets, and (if router discovery is enabled) in outgoing Router
Advertisement packets as well.

Syntax Description
hop_limit Hop limit for all originated IPv6 packets, and the advertised
hop-limit for Router Advertisements. Hop limit value is
between 1 and 255. Default is 64.
dont-specify-in-ra Sets the advertised hop-limit in Router Advertisements to
zero.
vr Virtual router.
vlan VLAN.
all All VLANs.

Default
64.

Usage Guidelines
Use this command to configure the IPv6 hop-limit. The hop-limit is used in all
originated IPv6 packets, and (if router discovery is enabled) in outgoing Router
Advertisement packets as well.

The 0 value is special and used only in outgoing Router Advertisements to convey
to the receiving hosts that the router has not specified a hop-limit value to be used
when originating IPv6 packets. This can be configured by specifying the optional dont-
specify-in-ra keyword. The hop-limit can be configured for a VLAN, all VLANs in a
Virtual Router, or all VLANs in the system. By default, the hop-limit is configured for all
vlans in the current Virtual Router context of the CLI.

Example
Example output not yet available and will be provided in a future release.

History
This command was first available in ExtremeXOS 15.2.

716 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure iqagent http-proxy

configure iqagent http-proxy [ipaddress [fqdn | ip_address] port
port_number | user user_name password [encrypted encrypted_password |
password] | none]

Description
Configures the IQ Agent HTTP Proxy server IP and port, and defines the username and
password if required.

Syntax Description
iqagent Specifies configuring IQ Agent.
http-proxy Specifies the HTTP proxy server that the IQ Agent uses.
ipaddress Specifies the HTTP proxy server address.
fqdn Specifies Fully-qualified domain name. Type is string.
Range is 1-255.
ip_address Specifies the dotted decimal IP Address.
port Specifies the HTTP proxy port number.
port_number Specifies the port number.
user Specifies the HTTP proxy user name.
user_name Specifies the user name. Type is string. Range is 1-63.
password Specifies the HTTP proxy password.
encrypted Specifies that the password is encrypted.
encrypted_password Specifies the encrypted password (in Base64). Type is
string. Range is 16-255.
password Specifies the password (in ASCII). Type is string. Range is
1-63.
none Specifies to clear all http-proxy configuration.

Default
N/A.

Usage Guidelines
To view IQ Agent information, use the command show iqagent discovery.

Switch Engine™ Command Reference Guide for version 32.7.1 717

Example Commands

Example
The following example configures the HTTP proxy server at the address 10.51.3.163 on
port 3128:
# configure iqagent http-proxy ipaddress 10.51.3.163 port 3128

The following example configures the HTTP proxy user "iqagent" with an encrypted
password:
# configure iqagent http-proxy user iqagent password encrypted 35m5wuDryaQLrbQfZ5y4zw==

History
This command was first available in ExtremeXOS 31.3.

Platform Availability
This command is available on ExtremeSwitching 5420 and 5520 series switches.

configure iqagent server

configure iqagent server [vr [[vr-name | none] | [ vr_name vlan vlan-
name]] | ipaddress [fqdn | ip_address| none]]

Description
Configures the optional user-defined virtual router (VR) and address for the server for
ExtremeCloud™ IQ Agent to connect to.

Syntax Description
iqagent Specifies configuring IQ Agent.
server Specifies configuring IQ server.
vr Specifies selecting a VR for IQ server.
vr-name Specifies the name of the VR.
none Specifies no user-defined VR. Auto-discovery is used
instead (default).
vlan Specifies which VLAN to run on.
vlan-name Specifies the name of the VLAN.
ipaddress Specifies configuring a server address
fqdn Specifies a fully-qualified domain name for IQ server.
ip_address Specifies an IP address for IQ server.
none Specifies using auto-discovered information from IQ Agent
discovery (default).

718 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
By default, if no VR is specified, the VR is auto-discovered.

By default, for the server address, auto-discovery is used.

Usage Guidelines
To view IQ Agent information, use the command show iqagent discovery.

Example
The following example configures connecting to IQ server on VR "VR-Mgmt":
# configure iqagent server vr VR-Mgmt

The following example configures connecting to IQ server at the address 134.141.1.1:

# configure iqagent server ipaddress 134.141.1.1

The following example unconfigures any user-defined changes and returns to auto-
discovery:
# configure iqagent server none

History
This command was first available in ExtremeXOS 30.7.

The vlan option was added in ExtremeXOS 32.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure irdp
configure irdp [multicast | broadcast | mininterval maxinterval lifetime
preference]

Description
Configures the destination address of the router advertisement messages.

Syntax Description
multicast Specifies multicast setting.
broadcast Specifies broadcast setting.
mininterval Specifies the minimum time between advertisements.

Switch Engine™ Command Reference Guide for version 32.7.1 719

Default Commands

maxinterval Specifies the maximum time between advertisements.

Default is 600.
lifetime Specifies the lifetime of the advertisement. Default is 1800.
preference Specifies the router preference level. Default is 0.

Default
Broadcast (255.255.255.255). The default mininterval is 450.

Usage Guidelines
ICMP Router Discovery Protocol (IRDP) allows client machines to determine what
default gateway address to use. The switch sends out IP packets at the specified
intervals identifying itself as a default router. IRDP enabled client machines use this
information to determine which gateway address to use for routing data packets to
other networks.

Example
The following example sets the address of the router advertiser messages to multicast:
configure irdp multicast

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms that use the Edge, Advanced Edge, or
Core license. For information on the licenses available for each platform, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis add vlan

configure isis add [vlan all | {vlan} vlan_name] area area_name {ipv4 |
ipv6}

Description
This command associates the specified VLAN interface with the specified IS-IS router
process.

720 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan all Adds all IS-IS eligible VLANs to the router process.
vlan_name Specifies a single IS-IS eligible VLAN to be added to the
router process.
area_name Identifies the router process to which the VLANs are added.
ipv4 | ipv6 Specifies the VLAN IP address type, IPv4 or IPv6, to be
added. If you do not specify an IP address type, the VLAN
is added for the IPv4 address type. To support both IP
address types on the same VLAN, enter the command
twice, using a different IP address type each time.

Default
IPv4.

Usage Guidelines
An IS-IS-eligible interface is one that already has the appropriate IP address type (IPv4
or IPv6) address assigned to it. The VLAN must have an IPv4 address assigned to it if
ipv4 is specified or an IPv6 address assigned to it if ipv6 is specified. In the event that
a VLAN address is unconfigured, the interface is automatically removed from the IS-IS
router.

VLANs are added to an IS-IS router process to form adjacencies with neighboring IS-IS
routers. Hello PDUs are transmitted over these interfaces once the router process is
enabled and has a system ID and area address. IP forwarding, IPv6 forwarding, or both
must be enabled on the interface. If the router process operates at both L1 and L2,
interfaces can be configured to form adjacencies in only a specific level.

Example
The following command adds VLAN SJvlan with an IPv4 address type to areax:

configure isis add SJvlan area areax

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis area add area-address

configure isis area area_name add area-address area_address

Switch Engine™ Command Reference Guide for version 32.7.1 721

Description Commands

Description
This command adds an IS-IS area address to the specified routing process.

Syntax Description
area_name Specifies the area name of the IS-IS process to which to
add the area address.
area_address Specifies an IS-IS area address to add to the IS-IS
process. The area address can be from 1 to 13 bytes
long and must be entered in the following format:
0101.0102.0103.0104.0105.0106.07.

Default
None.

Usage Guidelines
The IS-IS area address defines an L1 or L2 area within an AS. An IS-IS routing process
must be assigned at least one area address before it can send or process PDUs. The
area address must be configured appropriately. Level 1 routers only form adjacencies
with other level 1 routers with at least one area address in common. Multiple area
addresses may be configured, which may be desirable during a topological transition.
The maximum number of area addresses that can be configured is 3.

Example
The following command assigns area address 0011.03 to areax:

configure isis area areax add area-address 0011.03

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis area add summary-address

configure isis area area_name add summary-address [ipv4_address_mask |
ipv6_address_mask] {level [1 | 2]}

722 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
This command adds an IPv4 or IPv6 summary address for the specified level on the
specified router process.

Syntax Description
area_name Specifies the router process to which the summary address
is to be added.
ipv4_address_mask Specifies an IPv4 summary address.
ipv6_address_mask Specifies an IPv6 summary address.
level Specifies the IS-IS level for the summary address. The level
1 option summarizes level 2 routes leaked to level 1. The
level 2 option summarizes level 1 routes that are advertised
into level 2.

Default
No summarization.

Usage Guidelines
Route summaries are useful for minimizing the number of LSPs required to describe
reachability for an area. The summary address is advertised instead of the actual
reachable addresses. This is particularly useful for L1/L2 routers in which the summary
address is used in a single LSP instead of including a part or all of the addresses
reachable in its level 1 area.

Note that a summary address is only advertised if at least one route matches the
summary address. If there is no route present that matches the summary address
exactly, a blackhole route is installed for the summary address. If an interlevel filter
permits any route matched by the summary address, and that route is present, the
summary address is advertised.

If multiple summary addresses are installed in which one or more supersede each
other (10.0.0.0/8 and 10.0.0.0/16, for example), only the more specific summary addresses
are advertised.

Example
The following command adds an IPv4 summary address to areax:

configure isis area areax add summary-address 10.0.0.0/8

History
This command was first available in ExtremeXOS 12.1.

Switch Engine™ Command Reference Guide for version 32.7.1 723

Platform Availability Commands

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis area area-password

configure isis area area_name area-password [none | [encrypted
simple encrypted_password | simple {password} ] {authenticate-snp
{tx-only}}]

Description
This command sets or clears the password for level 1 LSPs.

Syntax Description
area_name Specifies the router process to which the password
configuration applies.
none Disables level 1 password authentication.
encrypted simple Enables password authentication and specifies that the
password supplied password is encrypted and must be decrypted
prior to placement in a TLV.
authenticate-snp tx- Enables password authentication and level 1 SNP
only authentication. If the tx-only keyword is specified, the
password is included in SNPs on transmission, but received
SNPs are not authenticated.

Default
None.

Usage Guidelines
Only plain text passwords are supported. Passwords may be up to 254 alphanumeric
characters in length. Although passwords are plaintext in the protocol, they are
displayed and saved in an encrypted form.

When password authentication is enabled, received packets are authenticated against

the configured password and are discarded if the password does not match.
Authentication TLVs are included in transmitted level 1 LSPs with a configured
password.

Example
The following command configures the password extreme for areax:

configure isis area areax area-password simple extreme

724 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis area delete area-address

configure isis area area_name delete area-address area_address

Description
This command deletes an area address from the specified routing process.

Syntax Description
area_name Specifies the area name of the IS-IS process from which to
delete the area address.
area_address Specifies the area address name to delete from the IS-IS
process.

Default
None.

Usage Guidelines
If this router process has only one area address configured, this command also causes
the routing process to stop sending or processing IS-IS PDUs.

Example
The following command deletes the 0011.03 area address from areax:

configure isis area areax delete area-address 0011.03

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 725

configure isis area delete summary-address Commands

configure isis area delete summary-address

configure isis area area_name delete summary-address [ipv4_address_mask
| ipv6_address_mask] {level [1 | 2]}

Description
This command removes the specified IPv4 or IPv6 summary address from the specified
router process at the specified level.

Syntax Description
area_name Specifies the router process from which the summary
address is to be deleted.
ipv4_address_mask Specifies an IPv4 summary address.
ipv6_address_mask Specifies an IPv6 summary address.
level Specifies the IS-IS level for the summary address.

Default
No summarization.

Usage Guidelines
Individual reachable addresses that were superseded by the summary address are now
advertised in separate LSPs.

Example
The following command deletes an IPv4 summary address from areax:

configure isis area areax delete summary-address 10.0.0.0/8

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

726 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure isis area domain-password

configure isis area domain-password

configure isis area area_name domain-password [none | [encrypted
simple encrypted_password | simple {password} ] {authenticate-snp
{tx-only}}]

Description
This command sets or clears the password for Level 2 LSPs.

Syntax Description
area_name Specifies the router process for which the password is set
or cleared.
none Disables level 2 password authentication.
encrypted Specifies that the supplied password is encrypted and
must be decrypted prior to using it in a TLV.
password Specifies a password. Passwords may be up to 254
alphanumeric characters in length.
authenticate-snp tx- If the optional authenticate-snp keyword is included, level
only 2 SNPs are also authenticated on receive and the password
is included on transmission. If tx-only is specified, the
password is included in SNPs on transmission, but received
SNPs are not authenticated.

Default
None.

Usage Guidelines
Packets received are authenticated against the configured password and are discarded
if the password does not match. Authentication TLVs are included in transmitted level 2
LSPs with the configured password. Only plain text passwords are supported. Although
LSPs contain plain text passwords, passwords are displayed and saved in an encrypted
form.

Example
The following command sets the domain password to Extreme:

configure isis area areax domain-password simple Extreme

History
This command was first available in ExtremeXOS 12.1.

Switch Engine™ Command Reference Guide for version 32.7.1 727

Platform Availability Commands

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis area interlevel-filter level 1-to-2

configure isis area area_name interlevel-filter level 1-to-2 [policy |
none] {ipv4 | ipv6}

Description
This command provides a method of restricting L1 routes from being redistributed into
the L2 domain on an L1/L2 router.

Syntax Description
area_name Specifies the router process for which this configuration
change applies.
policy Specifies a policy to control how L1 routes are redistributed.
none Removes any previously configured interlevel filters.
ipv4 | ipv6 Applies the interlevel filter to IPv4 or IPv6. If neither IPv4
nor IPv6 is specified, this command applies to IPv4.

Default
None.

Usage Guidelines
This command has no effect on level 1-only and level 2-only routers. Normally all
L1 routes are redistributed into L2 on an L1/L2 router. Routes are permitted unless
explicitly denied in the policy. This command does not necessarily disable level 1 to
level 2 redistribution unless the configured policy effectively filters out all routes. For
policies, the nlri match attribute is supported, and the permit and deny set attributes
are supported.

Example
The following command removes any previously configured interlevel filters in areax for
IPv4:

configure isis area areax interlevel-filter level 1-to-2 none

History
This command was first available in ExtremeXOS 12.1.

728 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis area interlevel-filter level 2-to-1

configure isis area area_name interlevel-filter level 2-to-1 [policy |
block-all | allow-all] {ipv4 | ipv6}

Description
This command enables route leaking from level 2 to level 1 on an L1/L2 router.

Syntax Description
area_name Specifies the router process for which this configuration
change applies.
policy Specifies a policy to control how L2 routes are leaked to L1.
block-all Blocks all route leaking.
allow-all Leaks all routes into level 1.
ipv4 | ipv6 Applies the interlevel filter to IPv4 or IPv6. If neither IPv4
nor IPv6 is specified, this command applies to IPv4.

Default
block-all.

Usage Guidelines
When a policy is supplied with this command, all routes are leaked unless explicitly
denied in the policy. This command has no effect on level 1-only and level 2-only
routers. For policies, the nlri match attribute is supported, and the permit and deny
set attributes are supported.

Example
The following command configures areax to leak all level 2 routes to level 1 for IPv4:

configure isis area areax interlevel-filter level 2-to-1 allow-all

History
This command was first available in ExtremeXOS 12.1.

Switch Engine™ Command Reference Guide for version 32.7.1 729

Platform Availability Commands

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis area is-type level

configure isis area area_name is-type level [1 | 2 | both-1-and-2]

Description
This command configures the specified router process to operate as a level 1, level 2, or
level 1/level 2 router.

Syntax Description
area_name Specifies the router process you are configuring.
level Specifies the IS-IS operation level for the router.

Default
both-1-and-2.

Usage Guidelines
Adjacencies are only formed with other routers of the same level. In addition, level 1
adjacencies are only formed with other level 1 routers with the same area address.

If there are no other L2 areas, the default is both-1-and-2. If an L2 or L1/L2 area is already
present, the default is L1. This is because there can be only one L2 area in each system.

Example
The following command configures the areax router to operate at level 1:

configure isis area areax is-type level 1

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

730 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure isis area metric-style

configure isis area metric-style

configure isis area area_name metric-style [[narrow | wide]
{transition}] | transition] {level [1 | 2]}

Description
This command specifies the metric style for the specified router process and IS-IS level.

Syntax Description
area_name Specifies the router process for which the metric style is to
be configured.
narrow Specifies the narrow metric style, which uses the 6-
bit default metric. Only narrow metrics are encoded
in originated TLVs; only narrow SPF calculations are
performed.
narrow transition Specifies the narrow metric style, which uses the 6-bit
default metric. Only narrow metrics are encoded in
originated TLVs; both narrow and wide SPF calculations are
performed.
wide Specifies the wide metric style, which uses the 24-bit
metric specified in RFC 3784. Only wide metrics area
encoded in originated TLVs; only wide SPF calculations are
performed.
wide transition Specifies the wide metric style, which uses the 24-bit
metric specified in RFC 3784. Only wide metrics are
encoded in originated TLVs; both narrow and wide SPF
calculations are performed.
transition Specifies both the narrow and wide metrics. Both narrow
and wide metric types are encoded in TLVs; both narrow
and wide SPF calculations are performed.
level Specifies the IS-IS level to which the metric style applies.

Default
Narrow.

Usage Guidelines
Refer to RFC 3787, Section 5.1, for information on how to migrate a network from narrow
metric-style to wide metric-style. Note that Section 5.2 is not supported. As a result,
each interface's narrow and wide metric values must match while transitioning the
metric style. Only when the entire network has transitioned to wide metric style should
the interface metrics be configured differently than the configured narrow metric.

Switch Engine™ Command Reference Guide for version 32.7.1 731

Example Commands

Example
The following command configures areax for the narrow metric style:

configure isis area areax metric-style narrow

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis area overload-bit on-startup

configure isis area area_name overload-bit on-startup [ off | {suppress
[external | interlevel | all]} seconds]

Description
This command enables or disables the overload bit feature while the specified IS-IS
process is initializing.

Syntax Description
area_name Specifies the area name of the IS-IS process for which this
feature is to be enabled or disabled.
off Disables the overload bit feature during initialization.
suppress Specifies that one or all types of reachability information
is to be suppressed or excluded from LSPs during
initialization.
external When included with the suppress option, this specifies that
external reachability information is to be excluded from
LSPs during initialization.
interlevel When included with the suppress option, this specifies that
interlevel reachability information is to be excluded from
LSPs during initialization.
all When included with the suppress option, this specifies
that external and interlevel reachability information is to be
excluded from LSPs during initialization.
seconds Specifies the period (in seconds) during which this feature
is enabled at initialization.

Default
Off.

732 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This command configures the overload bit to be set only while the configured router
is initializing, and only for the period of time specified. This can be useful to minimize
network churn while a new router joins and learns the topology. The suppress options
are used during startup if the router process is level 1/level 2 or is running another
protocol, such as BGP (in order to wait for the other protocol to converge). Note that in
the latter case, there is no signaling between protocols to indicate convergence. Again,
this can reduce churn while the topologies are learned during router initialization.

Note
Although enable isis area area_name overload-bit {suppress
[external | interlevel | all]} and disable isis area area_name
overload-bit override the overload bit behavior configured by the configure
isis area area_name overload-bit on-startup [ off | {suppress
[external | interlevel | all]}seconds] command, the enable and
disable commands do not modify the configured parameters.

Example
The following command enables the areax overload bit feature for 15 seconds during
initialization:

configure isis area areax overload-bit on-startup 15

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis area system-id

configure isis area area_name system-id [automatic | system_id]

Description
This command configures the system ID for an IS-IS router process.

Switch Engine™ Command Reference Guide for version 32.7.1 733

Syntax Description Commands

Syntax Description
area_name Specifies the area name of the IS-IS process to which to
add the system ID.
automatic Sets the system ID to the system MAC address.
system_id Specifies the 6-byte system ID using three sets of four
hexadecimal digits, where each set is separated by a
period. For example: 001B.1F62.1201.

Default
Automatic (system MAC address is used).

Usage Guidelines
The system ID must be a unique ID within the AS. Typically a system MAC address is
used as the system ID. Sometimes a combination of one of the router's IP addresses
and 2 prefix bytes are used. The assignment of the system ID may vary depending on
how the AS is chosen to be administered.

Example
The following example configures an IS-IS system ID for areax:

configure isis area areax system-id 001B.1F62.1201

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis area timer lsp-gen-interval

configure isis area area_name timer lsp-gen-interval seconds {level[1|
2]}

Description
This command configures the minimum time required to wait before regenerating the
same LSP.

734 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
area_name Specifies the router process for which you want to
configure the LSP generation interval.
seconds Specifies the generation level in seconds. The range is 1 to
120 seconds.
level Specifies the level to which you want to apply the
configuration. If neither level 1 nor level 2 is specified, the
configuration applies to both levels.

Default
30 seconds.

Usage Guidelines
In link flapping situations in a mesh network, this can greatly reduce the amount of
network traffic generated from LSP flooding.

Example
The following command sets the LSP generation interval to a value of 40 seconds:

configure isis area areax timer lsp-gen-interval 40

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis area timer lsp-refresh-interval

configure isis area area_name timer lsp-refresh-interval seconds

Description
This command configures the refresh rate for locally originated LSPs.

Switch Engine™ Command Reference Guide for version 32.7.1 735

Syntax Description Commands

Syntax Description
area_name Specifies the router process for which you are setting the
LSP refresh timer.
seconds Specifies the LSP refresh interval. The range is 1 to 65535
seconds.

Default
900 seconds.

Usage Guidelines
This value should be configured to be less than the maximum LSP lifetime value, which
is set with the configure isis area area_name timer max-lsp-lifetimeseconds
command. Locally originated LSPs are purged and retransmitted at the specified
interval regardless of link state.

Example
The following command sets the LSP refresh timer for areax to 1200 seconds:

configure isis area areax timer lsp-refresh-interval 1200

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis area timer max-lsp-lifetime

configure isis area area_name timer max-lsp-lifetime seconds

Description
This command configures the LSP lifetime timer for locally originated LSPs.

Syntax Description
area_name Specifies the router process for which you want to
configure the LSP lifetime timer.
seconds Specifies the LSP lifetime in seconds. The range is 1 to
65535 seconds.

736 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
1200 seconds.

Usage Guidelines
This value should be configured to be greater than the LSP refresh interval, which is set
with the configure isis area area_name timer lsp-refresh-intervalseconds
command. The remaining lifetime value is included in LSPs when they are flooded.
Routers age out LSPs from other routers using the remaining lifetime provided in the
LSP. If a refreshed version of the LSP is not received before it is aged out, an SPF
recalculation occurs, possibly resulting in routing around the router from which the LSP
originated.

Example
The following command configures the LSP lifetime timer for 1800 seconds:

configure isis area areax timer max-lsp-lifetime 1800

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis area timer restart

configure isis area area_name timer restart seconds {level [1 | 2]}

Description
This command configures the IS-IS T2 timer for the specified router process and level.

Syntax Description
area_name Specifies the router process for which the T2 timer
configuration applies.
seconds Specifies the T2 timer value. The range is 5 to 65535
seconds.
level Specifies the IS-IS level to which this timer configuration
applies. If neither level 1 nor level 2 is specified, the
configuration applies to both levels.

Switch Engine™ Command Reference Guide for version 32.7.1 737

Default Commands

Default
60 seconds.

Usage Guidelines
The T2 timer is the restart timer for the LSP database for an IS-IS level. If the T2 timer for
the respective level expires before the database has been resynchronized, SPF is run for
that level.

Example
The following command configures the areax level 1 T2 timer for 90 seconds:

configure isis area areax timer restart 90 level 1

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis area timer spf-interval

configure isis area area_name timer spf-interval seconds {level[1|2]}

Description
This command specifies the minimum time to wait between SPF calculations.

Syntax Description
area_name Specifies the router process for which you are configuring
the SPF interval.
seconds Specifies the minimum time between SPF calculations.
The range is 1 to 120 seconds.
level Specifies the IS-IS level to which the timer configuration
applies. If neither level 1 nor level 2 is specified, the
configuration applies to both levels.

Default
10 seconds.

738 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This helps prevent switch CPU overloading when a link flap causes several back-to-back
SPF calculations.

Example
The following command configures the SPF interval timer for 30 seconds on areax:

configure isis area areax timer spf-interval 30

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis area topology-mode

configure isis area area_name topology-mode [single | multi |
transition] {level [1 | 2]}

Description
This command enables or disables use of multi-topology TLVs as specified in draft-ietf-
isis-wg-multi-topology-11.

Syntax Description
area_name Specifies the router process to be configured.
single Specifies a single topology, where extended TLVs are used
in SPF calculation and TLVs.
multi Specifies a multi topology, where only the multi-topology
TLVs are used in SPF calculation and TLVs.
transition Specifies a transition topology, where both extended and
multi-topology TLVs are used in SPF calculation and TLVs.
The transition option is useful when migrating a routing
domain.
level For L1/L2 routers, this applies the configuration to IS-IS
level 1 or level 2. If the level option is not specified, the
configuration applies to both L1 and L2 areas. This option
has no affect on L1-only and L2-only routers.

Switch Engine™ Command Reference Guide for version 32.7.1 739

Default Commands

Default
Single.

Usage Guidelines
Multi-topology capability is desirable if both an IPv4 topology and an IPv6 topology
exist with different routing paths.

Extreme supports MT IDs 0 and 2 (IPv4 unicast and IPv6 unicast) only.

Example
The following command configures the transition topology mode for areax:

configure isis area areax topology-mode transition

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis circuit-type

configure isis [vlan all | {vlan} vlan_name] circuit-type level [1 | 2 |
both-1-and-2]

Description
This command configures the circuit type level for one or all IS-IS VLANs.

Syntax Description
vlan all Applies the selected circuit type to all IS-IS VLANs.
vlan_name Specifies a single VLAN to which the circuit type
configuration applies.
level [1 | 2 | Sets the circuit type level to level 1, level 2, or to both level 1
both-1-and-2] and level 2.

Default
Both-1-and-2.

740 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Hello PDUs are only sent on the specified level for the selected VLANs. This can be
useful for level 1/level 2 routers that are neighbors.

Note that for per-level VLAN configurable parameters L1 and L1/L2, point-to-point
interfaces use the level 1 parameters, and L2-only point-to-point interfaces use the L2
parameters.

Example
The following command configures all IS-IS VLANs to use circuit type level 1:

configure isis vlan all circuit-type level 1

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis delete vlan

configure isis delete [vlan all | {vlan} vlan_name] {area area_name}
{ipv4 | ipv6}

Description
This command removes a VLAN interface from the specified router process.

Syntax Description
vlan all Deletes all IS-IS VLANs.
vlan_name Specifies a single VLAN to delete.
area_name Specifies the router process from which the VLAN is
deleted. If you do not specify an IS-IS area, the software
deletes the VLAN from the configured IS-IS area.
ipv4 | ipv6 Specifies the IP address type for which the VLAN is deleted.
If you do not specify an IP address type, the VLAN for the
IPv4 address type is deleted. If the VLAN was added as
IPv6, the ipv6 option must be used to remove the VLAN. If
the VLAN was added as both IPv4 and IPv6, each VLAN IP
address type must be deleted with a separate command.

Switch Engine™ Command Reference Guide for version 32.7.1 741

Default Commands

Default
N/A.

Usage Guidelines
The associated adjacency is removed, causing the removal of the corresponding LSP
if there is one, and causing an SPF recalculation if the router process is enabled.
Hello PDUs are no longer sent on the specified interface. This command applies to
IS-IS-enabled VLANs only.

Example
The following command deletes the IPv4 address type for all VLANs in areax:

configure isis delete vlan all area areax

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis hello-multiplier

configure isis [vlan all | {vlan} vlan_name] hello-multiplier multiplier
{level [1 | 2]}

Description
This command sets the hello multiplier for one or all IS-IS VLANs.

Syntax Description
vlan all Applies the configuration to all IS-IS VLANs.
vlan_name Specifies a single VLAN to which the configuration applies.
multiplier Sets the hello multiplier. The range is 2 to 100.
level [1 | 2] Limits the configuration to either level 1 or level 2. If neither
level 1 nor level 2 is specified, the configuration applies to
both levels.

Default
3.

742 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
The hello multiplier is used in conjunction with the hello interval to compute the
holding time. The holding time is included in hello PDUs and is calculated by
multiplying the hello multiplier by the hello interval. If the hello interval is set to
minimal, the holding time is set to 1 second and the hello interval is calculated by
dividing 1 second by the hello multiplier. For example, a hello interval of minimal and
a hello multiplier of 4 means that the hold interval is set to 250 ms (and the holding
time to 1 second). The holding time tells the neighboring router how long to wait before
declaring the sending router dead.

Example
The following command sets the SJvlan hello multiplier to 4:

configure isis SJvlan hello-multiplier 4

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis import-policy

configure isis import-policy [policy-map | none]

Description
This command applies a policy map for routes imported to the FIB from all IS-IS router
processes on this virtual router.

Syntax Description
policy-map Specifies the policy to apply.
none Removes any policies assigned to this virtual router.

Default
None.

Switch Engine™ Command Reference Guide for version 32.7.1 743

Usage Guidelines Commands

Usage Guidelines
IS-IS policy files support the following policy match conditions:
• nlri IPv4-address/mask-len IPv6-address/mask-len
• route-origin [isis-level-1 | isis-level-2 | isis-level-1-external |
isis-level-2-external]

IS-IS policy files support the following policy action statements:

• cost

Example
The following command applies the IS-IS policy policy2 to the virtual router:

configure isis import-policy policy2

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis link-type

configure isis [vlan all | {vlan} vlan_name] link-type [broadcast |
point-to-point]

Description
This command specifies the link type for one or all IS-IS VLANs.

Syntax Description
vlan all Applies the link type configuration to all IS-IS VLANs.
vlan_name Specifies a single IS-IS VLAN to which the link type
configuration is applied.
broadcast Selects the broadcast link type for the specified VLANs.
point-to-point Selects the point-to-point link type for the specified VLANs.

Default
Broadcast.

744 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
On broadcast interfaces, a DIS is elected. There is no DIS election on point-to-point
interfaces. If it is known that only two routers will be present on a physical network,
it may be desirable to set their connecting interfaces to point-to-point mode. This
reduces the overhead associated with DIS election and periodic CSNP transmissions
and processing. In addition, if the adjacency is both level 1 and level 2, only one set
of hello PDUs are sent on a point-to-point interface whereas hello PDUs are sent for
both levels on broadcast interfaces. Interfaces in point-to-point mode must have an IP
address assigned to them. Unnumbered interfaces are not supported.

For point-to-point interfaces, level 1 parameters apply to L1-only and L1/L2 interfaces.
Level 2 parameters apply to L2-only point-to-point interfaces.

Example
The following command configures all IS-IS VLANs to use the broadcast link type:

configure isis vlan all link-type broadcast

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis mesh

configure isis [vlan all | {vlan} vlan_name] mesh [block-none | block-
all | block-group group_id]

Description
This command configures LSP flooding behavior for the specified interface.

Syntax Description
vlan all Applies the configuration to all IS-IS VLANs.
vlan_name Specifies a single VLAN to which the configuration applies.
block-none Disables LSP blocking.
block-all Blocks all LSPs. No LSPs are flooded out of the selected
interface.
block-group Blocks LSPs that contain the specified group ID.
group_id Specifies a group ID number. The range is 1 to 4294967295.

Switch Engine™ Command Reference Guide for version 32.7.1 745

Default Commands

Default
Block-none.

Usage Guidelines
In a mesh environment, which is a set of fully interconnected point-to-point interfaces,
LSP flooding can generate N2 PDUs because no router can tell which routers have and
have not received the flooded LSP. By carefully selecting the links over which LSPs are
flooded, traffic can be greatly reduced at the cost of some resiliency. Using mesh group
IDs instead of a full block (the block-all option) allows a finer granularity of control.

Example
The following command configures blocking on SJvlan for group 5:

configure isis SJvlan mesh block-group 5

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis metric

configure isis [vlan all | {vlan} vlan_name] metric metric {level[1|2]}

Description
This command sets the narrow metric for one or all IS-IS VLANs.

Syntax Description
vlan all Applies the configuration to all IS-IS VLANs.
vlan_name Specifies a single VLAN to which the configuration applies.
metric metric Sets the metric value. The range is 1 to 63.
level [1 | 2] Limits the configuration to either level 1 or level 2. If neither
level 1 nor level 2 is specified, the configuration applies to
both levels.

Default
10.

746 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
If narrow metrics are enabled, this value is used in the associated LSPs for the selected
VLANs.

Example
The following command sets the narrow metric for all IS-IS VLANs to 15:

configure isis vlan all metric 15

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis password vlan

configure isis [vlan all | {vlan} vlan_name] password [none | encrypted
simple encrypted_password | simple { password }] [level [1|2]]

Description
This command sets or clears the authentication password for one or all IS-IS VLANs.

Syntax Description
vlan all Applies the password configuration to all IS-IS VLANs.
vlan_name Specifies a single VLAN to which the password
configuration is applied.
none Clears the password configuration and disables hello PDU
authentication.
encrypted Specifies that the supplied password is encrypted and
must be decrypted prior to using it in a TLV.
password Specifies the password. Passwords may be up to 254
alphanumeric characters in length.
level [1 | 2] Limits the password configuration to level 1 or level 2.
If neither level 1 or level 2 is specified, the configuration
applies to both levels.

Default
None.

Switch Engine™ Command Reference Guide for version 32.7.1 747

Usage Guidelines Commands

Usage Guidelines
If configured, the specified password is included in Hello PDUs for the specified level.
In addition, received Hello PDUs on the specified interface are authenticated with the
same password. Hello PDUs that are not authenticated are discarded.

Only plain text passwords are supported. Note that if the password is changed on an
interface with an existing adjacency, the neighboring router needs to be configured
as well. Depending on how timers are configured, the adjacency may time out while
transitioning between passwords. Although passwords appear in plain text during
configuration, they are displayed and saved in encrypted form.

Example
The following command assigns password Extreme to all level 1 VLANs configured for
IS-IS:

configure isis vlan all password simple Extreme level 1

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis priority

configure isis [vlan all | {vlan} vlan_name] priority priority {level[1
| 2]}

Description
This command sets the priority used for DIS election on broadcast interfaces.

Syntax Description
vlan all Applies the configuration to all IS-IS VLANs.
vlan_name Specifies a single VLAN to which the configuration applies.
priority priority Sets the priority value. The range is 0 to 127.
level [1 | 2] Limits the configuration to either level 1 or level 2. If neither
level 1 nor level 2 is specified, the configuration applies to
both levels.

748 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
64.

Usage Guidelines
A higher priority value is preferred over a lower priority value. The priority is encoded
in level 1 or level 2 hello PDUs. This command is not valid for point-to-point interfaces.
Note that a priority of 0 has no special meaning other than the fact that it is the lowest
priority. A router with a priority of 0 can still become the DIS.

Example
The following command configures priority level 32 for SJvlan:

configure isis SJvlan priority 32

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis restart grace-period

configure isis restart grace-period seconds

Description
This command configures the T3 global restart timer for all IS-IS router processes on
the current virtual router.

Syntax Description
seconds Specifies the restart grace period in seconds. The range is 1
to 65535 seconds.

Default
65535.

Usage Guidelines
If the grace period expires before LSP resynchronization is complete, the virtual router
sets the overload bit in LSPs that it originates.

Switch Engine™ Command Reference Guide for version 32.7.1 749

Example Commands

Example
The following command sets the restart grace period to 5000 seconds:

configure isis restart grace-period 5000

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis restart

configure isis restart [ none | planned | unplanned | both ]

Description
This command configures IS-IS graceful restart behavior.

Syntax Description
none Disables IS-IS graceful restart. When graceful restart is
disabled, this router still operates as a helper to other
restarting routers.
planned Initiates IS-IS graceful restart only in response to the restart
process isis.
unplanned Initiates graceful restart only when the IS-IS process is
restarted due to a process crash or an unplanned failover.
both Initiates graceful restart for all events supported by the
planned and unplanned options.

Default
None.

Usage Guidelines
The command options specify under which circumstances graceful restart is to be
performed. This command has no effect during normal switch boot up. All IS-IS routing
processes in the current virtual router are affected by this command.

All neighboring routers must support IS-IS restart in order for graceful restart to work.
If graceful restart is not performed after a process restart or failover, the router's
adjacencies are re-initialized causing SPF recalculation throughout the network and, if

750 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

the overload bit is not configured to be set during startup, churn as adjacencies change
state and LSPs are learned.

Note
The planned and unplanned command options do not affect the actual restart
protocol operation of IS-IS; they only determine when the restart process
occurs.

Example
The following command configures the switch to initiate a graceful restart for all events
supported by the planned and unplanned options:

configure isis restart both

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis timer csnp-interval

configure isis [vlan all | {vlan} vlan_name] timer csnp-interval seconds
{level [1 | 2]}

Description
This command sets the minimum time between consecutive CSNP transmissions on
the specified interface.

Syntax Description
vlan all Applies the timer configuration to all IS-IS VLANs.
vlan_name Specifies a single VLAN to which the timer configuration
applies.
seconds Sets the timer interval. The range is 1 to 65535 seconds.
level [1 | 2] Limits the configuration to either level 1 or level 2. If neither
level 1 nor level 2 is specified, the configuration applies to
both levels.

Switch Engine™ Command Reference Guide for version 32.7.1 751

Default Commands

Default
10 seconds.

Usage Guidelines
Periodic CSNPs are only sent on broadcast interfaces and only by the DIS.

Example
The following command sets the CSNP interval time for all IS-IS VLANs to 15 seconds:

configure isis vlan all timer csnp-interval 15

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis timer hello-interval

configure isis [vlan all | {vlan} vlan_name] timer hello-interval
[seconds | minimal] {level [1 | 2]}

Description
This command sets the interval between two consecutive hello transmissions.

Syntax Description
vlan all Applies the timer configuration to all IS-IS VLANs.
vlan_name Specifies a single VLAN to which the timer configuration
applies.
seconds Sets the timer interval. The range is 1 to 65535 seconds.
minimal Specifies that the hello interval is calculated by dividing 1
second by the hello multiplier.
level [1 | 2] Limits the configuration to either level 1 or level 2. If neither
level 1 nor level 2 is specified, the configuration applies to
both levels.

Default
10 seconds.

752 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
If this router is the elected DIS, hellos are sent three times more frequently than the
configured interval.

When the timer configuration is set to minimal, the holding time included in the PDU
is set to 1 second. Otherwise, the holding time is computed by multiplying the hello
interval by the hello multiplier. The holding time tells the neighboring router how long
to wait before declaring the sending router dead.

Example
The following command sets the hello interval timer for all VLANs to 15 seconds:

configure isis vlan all timer hello-interval 15

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis timer lsp-interval

configure isis [vlan all | {vlan} vlan_name] timer lsp-interval
milliseconds

Description
This command sets the minimum time between LSP transmissions.

Syntax Description
vlan all Applies the timer configuration to all IS-IS VLANs.
vlan_name Specifies a single VLAN to which the timer configuration
applies.
milliseconds Specifies the timer value. The range is 1 to 4294967295
milliseconds.

Default
33 milliseconds.

Switch Engine™ Command Reference Guide for version 32.7.1 753

Usage Guidelines Commands

Usage Guidelines
This is used to throttle LSP flooding. Higher values reduce network traffic and can help
keep underpowered routers from becoming overloaded during network events. Lower
values speed up convergence.

Example
The following command sets the minimal LSP interval for IS-IS VLANs to 66
milliseconds:

configure isis vlan all timer lsp-interval 66

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis timer restart-hello-interval

configure isis [vlan all | {vlan} vlan_name] timer restart-hello-
interval seconds {level [1 | 2]}

Description
This command configures the T1 restart retransmit timer for one or all VLANs.

Syntax Description
vlan all Specifies that the T1 restart timer configuration applies to
all VLANs.
vlan_name Specifies a VLAN to which the T1 restart timer
configuration applies.
seconds Specifies the T1 restart timer value. The range is 1 to 65535
seconds.
level [1 | 2] Limits the configuration change to level 1 or level 2. If
neither level 1 nor level 2 is specified, the configuration
applies to both levels.

Default
3 seconds.

754 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
If, after sending a restart request, the router process associated with this interface does
not receive a restart acknowledgement and a CSNP within the period specified by this
command, another restart request is sent.

Example
The following command sets the T1 restart timer to 6 seconds on all level 1 VLANs:

configure isis vlan all timer restart-hello-interval 6 level 1

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis timer retransmit-interval

configure isis [vlan all | {vlan} vlan_name] timer retransmit-interval
seconds

Description
This command sets the time to wait for an acknowledgement of a transmitted LSP on a
point-to-point interface.

Syntax Description
vlan all Applies the timer value to all IS-IS VLANs.
vlan_name Specifies a single VLAN to which the timer configuration
applies.
seconds Defines the timer value. The range is 0 to 65535 seconds.

Default
5 seconds.

Usage Guidelines
If an acknowledgement is not received when the timer expires, the LSP is resent and
the timer is reset.

Switch Engine™ Command Reference Guide for version 32.7.1 755

Example Commands

Example
The following command sets the retransmit interval for the SJvlan to 10 seconds:

configure isis SJvlan timer retransmit-interval 10

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure isis wide-metric

configure isis [vlan all | {vlan} vlan_name] wide-metric metric {level[1
| 2]}

Description
This command sets the wide metric value for one or all IS-IS VLANs.

Syntax Description
vlan all Applies the configuration to all IS-IS VLANs.
vlan_name Specifies a single VLAN to which the configuration applies.
metric Sets the metric. The range is 1 to 16777214.
level [1 | 2] Limits the configuration change to either level 1 or level 2.
If neither level 1 nor level 2 is specified, the configuration
applies to both levels.

Default
10.

Usage Guidelines
If the wide metric style is enabled on the associated IS-IS router process, the wide
metric value is used in Extended IP reachability TLVs, Extended IS Reachability TLVs,
and IPv6 Reachability TLVs in LSPs.

756 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command sets the wide metric to 15 for all IS-IS VLANs:

configure isis vlan all wide-metric 15

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure jumbo-frame-size
configure jumbo-frame-size framesize

Description
Sets the maximum jumbo frame size for the switch.

Syntax Description
framesize Specifies a maximum transmission unit (MTU) size for a
jumbo frame. The range is 1523 to 9216; the default is 9216.

Default
Jumbo frames are disabled by default. The default size setting is 9216.

Usage Guidelines
Jumbo frames are used between endstations that support larger frame sizes for more
efficient transfers of bulk data. Both endstations involved in the transfer must be
capable of supporting jumbo frames.

The framesize keyword describes the maximum jumbo frame size “on the wire,” and
includes 4 bytes of cyclic redundancy check (CRC) plus another 4 bytes if 802.1Q
tagging is being used.

To enable jumbo frame support, you must configure the maximum transmission unit
(MTU) size of a jumbo frame that will be allowed by the switch.

Note
Extreme Networks recommends that you set the MTU size so that
fragmentation does not occur.

Switch Engine™ Command Reference Guide for version 32.7.1 757

Example Commands

Some network interface cards (NICs) have a configured maximum MTU size that does
not include the additional 4 bytes of CRC. Ensure that the NIC maximum MTU size is at
or below the maximum MTU size configured on the switch. Frames that are larger than
the MTU size configured on the switch are dropped at the ingress port.

Example
The following command configures the jumbo frame size to 5500:

configure jumbo-frame-size 5500

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure keychain accept-tolerance

configure keychain keychain_name accept-tolerance seconds

Description
This command configures a keychain accept tolerance in seconds.

Syntax Description
keychain_name Specifies the name of the keychain.
accept-tolerance Specifies the length of time an expired key can be
accepted for received packets.
seconds Specifies the tolerance in seconds. Range is 0-600 (default
is 0).

Default
The default is 0, no tolerance.

Usage Guidelines
Use this command to configure a keychain accept tolerance.

758 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command configures the keychain accept tolerance:

configure keychain accept-tolerance 55

History
This command was first available in ExtremeXOS 31.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure keychain add key

configure keychain keychain_name add key key_id key-string [text_string
{active-lifetime {local} start start_time [end end_time | [duration
[seconds | maximum]]]} | encrypted encrypted_string]

Description
This command configures a key to add to a keychain.

Syntax Description
keychain_name Specifies the name of the keychain.
add Specifies adding a key to the keychain.
key Authentication key entry.
key_id Specifies the unique identifier within a keychain. Range is
1-65535.
key-string Specifies the shared secret text string for the key.
text_string Specifies the string. Range is 1-127.
active-lifetime Specifies the time period the key will be active.
local Specifies the time in the local time zone instead of UTC.
start Specifies the start of the time period.
start_time Specifies the date and time the key will become active.
Format is YYYY-MM-DDThh:mm:ss.
end Specifies the end of the time period.
end_time Specifies the date and time the key will stop being active.
Format is YYYY-MM-DDThh:mm:ss.
duration Specifies the length of time the key will be active.
seconds Specifies the duration in seconds. Range is 1-15552000.

Switch Engine™ Command Reference Guide for version 32.7.1 759

Default Commands

maximum Specifies that the key will be active for 180 days from the
start time.
encrypted Specifies the key string in encrypted form.
encrypted_string Specifies the encrypted string.

Default
N/A

Usage Guidelines
A maximum of 8 keys can be added to a keychain.

The maximum length of a key string is 127 characters.

The maximum validity period of a key is 180 days.

Example
The following command configures the keychain to add an OSPFv3 key:

create keychain ospfv3-keys1

The following command adds a key string to the keychain:

configure keychain ospfv3-keys1 add key 3 key-string auth3

The following command adds additional options to the keychain:

configure keychain ospfv3-keys1 add key 1 key-string auth1 active-lifetime local start
2021-06-01T00:00:00 end 2021-07-01T00:00:00

History
This command was first available in ExtremeXOS 31.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure keychain delete key

configure keychain keychain_name delete key key_id

Description
This command deletes a key to add to a keychain.

760 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
keychain_name Specifies the name of the keychain.
delete Specifies deleting a key from the keychain.
key Authentication key entry.
key_id Specifies the unique identifier within a keychain. Range is
1-65535.

Default
N/A

Usage Guidelines
Use this command to delete a key from a configured keychain.

Example
The following command deleetes a key:

configure keychain ospfv3-keys1 delete key 3

History
This command was first available in ExtremeXOS 31.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure keychain key active-lifetime

configure keychain keychain_name key key_id active-lifetime {local}
start start_time [end end_time | [duration [seconds | maximum]]]

Description
This command configures the time period a key will be active.

Syntax Description
keychain_name Specifies the name of the keychain.
key Authentication key entry.
key_id Specifies the unique identifier within a keychain. Range is
1-65535.
active-lifetime Specifies the time period the key will be active.

Switch Engine™ Command Reference Guide for version 32.7.1 761

Default Commands

local Specifies the time in the local time zone instead of UTC.
start Specifies the start of the time period.
start_time Specifies the date and time the key will become active.
Format is YYYY-MM-DDThh:mm:ss.
end Specifies the end of the time period.
end_time Specifies the date and time the key will stop being active.
Format is YYYY-MM-DDThh:mm:ss.
duration Specifies the length of time the key will be active.
seconds Specifies the duration in seconds. Range is 1-15552000.
maximum Specifies that the key will be active for 180 days from the
start time.

Default
N/A.

Usage Guidelines
Use this command to configure the time period a key will be active.

Example
The following command configures the keychain active lifetime:

configure keychain ospfv3-keys1 key 3 active-lifetime local start 2021-08-01T00:00:00 end

2021-09-01T00:00:00

History
This command was first available in ExtremeXOS 31.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure keychain key hash-altorithm

configure keychain keychain_name key key_id hash-algorithm algorithm

Description
This command configures a keychain key hash-algorithm.

762 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
keychain_name Specifies the name of the keychain.
key Specifies the authentication key entry.
key_id Specifies the unique identifier within a keychain. Range is
1-65535.
hash-algorithm Specifies the hash algorithm to be used for the key.
algorithm Specifies the supported algorithms (default is hmac-
sha-256).

Default
The default algorithm is hmac-sha-256.

Usage Guidelines
Use this command to specify the hash algorithm to be used for the key.

Example
The following command configures the keychain hash algorithm:

configure keychain ospfv3-keys1 key 2 hash-algorithm hmac-sha-512

History
This command was first available in ExtremeXOS 31.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure l2pt profile add profile

configure l2pt profile profile_name add protocol filter filter_name
{action [tunnel {cos cos} {dscp dscp_value {replace}} | encapsulate
| none]}

Description
Adds an entry to an L2PT profile.

Switch Engine™ Command Reference Guide for version 32.7.1 763

Syntax Description Commands

Syntax Description
profile profile_name Specifies the profile that defines L2PT configuration for L2
protocols.
add protocol filter Adds the specified Layer 2 protocol filter.
filter_name
action Specifies the action to perform on PDUs of the protocol
(the default value is tunnel).
tunnel Specifies to tunnel PDUs through the network.
cos cos Specifies to override the class of service for tunneled PDUs,
and specifies the class of service value to use for tunneling
PDUs.
dscp Specifies to set DSCP in the outer IP header when
tunneled over VXLAN network.
dscp_value Specifies the DSCP value to use in the outer IP header
when the inner IP header is not present or when the
replace is specified (default is 0). Range is 0-63.
replace Specifies to replace the DSCP in the outer IP header with
the configured value (default is do not replace, copy the
inner DSCP to the outer header).
encapsulate Specifies to encapsulate PDUs at egress, and decapsulate
L2PT packets at ingress.
none Specifies to not participate in tunneling for this protocol.

Default
Disabled.

The default dscp_value is 0.

The default replace is to not replace the DSCP.

Usage Guidelines
Use this command to add an entry to an L2PT profile.

Example
The following example adds an entry to my_l2pt_prof to tunnel protocols in "mylistt" at
cos 2:
configure l2pt profile my_l2pt_prof add protocol filter mylist action tunnel cos 2

The following example adds an entry to my_l2pt_prof to encapsulate/decapsulate

protocols in "mylist":
configure l2pt profile my_l2pt_prof add protocol filter mylist action encapsulate

764 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The following example adds an entry to my_l2pt_prof that is in use by 2 services:

configure l2pt profile my_l2pt_prof add protocol filter mylist

The following example configures a DSCP value to be set in the outer IP header when
the inner DSCP is not present:
configure l2pt profile "vxlan_cdp" add protocol filter cdp action tunnel dscp 2

The following example copies the inner DSCP to the outer header when the inner
DSCP is present:
configure l2pt profile "vxlan_cdp" add protocol filter cdp action tunnel dscp 3

The following example overrides the outer DSCP (even if the inner DSCP is present):
configure l2pt profile "vxlan_cdp" add protocol filter cdp action tunnel dscp 2 replace

History
This command was first available in ExtremeXOS 15.5.

Support for DSCP on VXLAN supported platforms was added in ExtremeXOS 31.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure l2pt profile delete profile

configure l2pt profile profile_name delete protocol filter filter_name

Description
Deletes an entry to an L2PT profile.

Syntax Description
profile profile_name Specifies the profile that defines L2PT configuration for L2
protocols.
delete protocol filter Deletes the specified Layer 2 protocol filter.
filter_name

Default
Disabled.

Usage Guidelines
Use this command to delete an entry to an L2PT profile.

Switch Engine™ Command Reference Guide for version 32.7.1 765

Example Commands

Example
The following example deletes the entry for "mylist" from my_l2pt_prof:
configure l2pt profile my_l2pt_prof delete protocol filter mylist

The following example deletes the entry entry for "mylist" from my_l2pt_prof that is in
use by a service:
configure l2pt profile my_l2pt_prof delete protocol filter mylist

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure l2vpn add peer

configure l2vpn [vpls vpls_name | vpws vpws_name] add peer ipaddress
{{core {full-mesh | primary | secondary} | spoke}

Description
Configures a VPLS, H-VPLS, or VPWS peer for the node you are configuring.

Syntax Description
vpls_name Specifies the VPLS for which you are configuring a peer.
vpws_name Specifies the VPWS for which you are configuring a peer.
ipaddress Specifies the IP address of the peer node.
core Specifies that the peer is a core node. This option applies only to
VPLS peers.
full-mesh Specifies that the peer is a core full-mesh node. This is the default
setting if neither the core or spoke options are specified. This
option applies only to VPLS peers.
primary Specifies that the peer is an H-VPLS core node and configures a
primary H-VPLS connection to that core node. This option applies
only to H-VPLS peers.
secondary Specifies that the peer is an H-VPLS core node and configures
a secondary H-VPLS connection to that core node. This option
applies only to H-VPLS peers.
spoke Specifies that the peer is a H-VPLS spoke node. This option applies
only to H-VPLS peers.

766 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
Each VPLS or H-VPLS node supports up to 64 peers, and each VPWS supports one peer.
H-VPLS core nodes can peer with other core nodes and/or spoke nodes. H-VPLS spoke
nodes can peer with core nodes but not with other spoke nodes.

VPLS core nodes must be configured in a full-mesh with other core nodes. Thus, all
core nodes in the VPLS must have a configured PW to every other core node serving
this VPLS. By default, the best LSP is chosen for the PW. The underlying LSP used
by the PW can be configured by specifying the named LSP using the CLI command
configure l2vpn [vpls vpls_name | vpwsvpws_name] peeripaddress [add |
delete] mpls lsplsp_name.

H-VPLS spoke nodes establish up to two point-to-point connections to peer with core
nodes. If both primary and secondary peers are defined for a spoke node, the spoke
node uses one of the peers for all communications. If both peers are available, the
spoke node uses the connection to the primary peer. If the primary peer connection
fails, the spoke node uses the secondary peer. If the primary peer later recovers, the
spoke node reverts back to using the primary peer.

VPWS nodes establish a point-to-point connection to one peer.

The l2vpn keyword was introduced in ExtremeXOS Release 12.4 and is required when
configuring a VPWS peer. For backward compatibility, the l2vpn keyword is optional
when configuring a VPLS peer. However, this keyword will be required in a future
release, so we recommend that you use this keyword for new configurations and
scripts.

Example
The following command adds a connection from the local core switch to the core
switch at 1.1.1.202:

configure l2vpn vpls vpls1 add peer 1.1.1.202

The following command adds a connection from the local core switch to the spoke
switch at 1.1.1.201:

configure l2vpn vpls vpls1 add peer 1.1.1.201 spoke

The following command adds a primary connection from the local spoke switch to the
core switch at 1.1.1.203:

configure l2vpn vpls vpls1 add peer 1.1.1.203 core primary

Switch Engine™ Command Reference Guide for version 32.7.1 767

History Commands

The following command adds a VPWS connection from the local node to the peer
switch at 1.1.1.204:

configure l2vpn vpws vpws1 add peer 1.1.1.204

History
This command was first available in ExtremeXOS 11.6.

Support for H-VPLS was first available in ExtremeXOS 12.1.

The l2vpn and vpws keywords were first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure l2vpn add service

configure l2vpn [vpls vpls_name | vpws vpws_name] add service [{vlan}
vlan_name | {vman} vman_name]

Description
Adds a VLAN or VMAN service to a VPLS or VPWS.

Syntax Description
vpls_name Identifies the VPLS interface within the switch (character string).
vpws_name Identifies the VPWS interface within the switch (character string).
vlan_name Logically binds the VLAN to the specified VPLS or VPWS.
vman_name Adds the named VMAN to the VPLS or VPWS.

Default
N/A.

Usage Guidelines
Only one VLAN or VMAN can be configured per VPLS or VPWS.

When a VLAN service is added to a VPLS or VPWS, the VLAN ID is locally significant to
the switch. Thus, each VLAN VPLS or VPWS interface within the Layer 2 VPN can have a
different VLAN ID. This greatly simplifies VLAN ID coordination between metro network
access points. Traffic may be switched locally between VLAN ports if more than one
port is configured for the VLAN.

768 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

When a VMAN service has been configured for a VPLS or VPWS, the VMAN ID is locally
significant to the switch. Thus, each VMAN VPLS or VPWS interface within the Layer
2 VPN can have a different VMAN ID, just like the VLAN service. The only difference is
that the Layer 2 VPN overwrites the outer VMAN tag on Layer 2 VPN egress and leaves
the inner VLAN tag unmodified. Because the inner VLAN tag is considered part of the
customer packet data, the VMAN service can be used to emulate port-based services.
This is accomplished by configuring the Layer 2 VPN to strip the 802.1Q tag from the
tunneled packet. Since the switch inserts the VMAN tag when the packet is received
and the 802.1Q tag is stripped before the packet is sent on the VPLS or VPWS PW, all
packets received on ports that are members of the VMAN are transmitted unmodified
across the Layer 2 VPN. The command configure l2vpn [vpls vpls_name | vpws
vpws_name] dot1q tag exclude is used to configure the switch to strip the 802.1Q tag
on the VPLS.

The l2vpn keyword was introduced in ExtremeXOS Release 12.4 and is required when
adding a service to VPWS. For backward compatibility, the l2vpn keyword is optional
when adding a service to VPLS. However, this keyword will be required in a future
release, so we recommend that you use this keyword for new configurations and
scripts.

Example
The example below adds a VLAN and a VMAN to the named VPLS:

configure l2vpn vpls myvpls add service vlan myvlan

configure l2vpn vpls myvpls add service vman myvman

The following example adds a VLAN and a VMAN to the named VPWS:

configure l2vpn vpws myvpws add service vlan vlan2

The following example adds a vman:

configure l2vpn vpws myvpws add service vman vman2

History
This command was first available in ExtremeXOS 11.6.

The l2vpn and vpws keywords were first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure l2vpn delete peer

configure l2vpn [vpls vpls_name | vpws vpws_name] delete peer [ipaddress
| all]

Switch Engine™ Command Reference Guide for version 32.7.1 769

Description Commands

Description
Deletes the specified VPLS or VPWS peer.

Syntax Description
vpls_name Identifies the VPLS within the switch (character string).
vpws_name Identifies the VPWS within the switch (character string).
ipaddress Specifies the IP address for the peer node that is the
endpoint of the VC-LSP. This option applies only to VPLS
peers.
all Deletes all VPLS or VPWS peers. This option applies only to
VPLS peers.

Default
N/A.

Usage Guidelines
When the VPLS or VPWS peer is deleted, VPN connectivity to the peer is terminated.
The all keyword can be used to delete all peers associated with the specified Layer 2
VPN.

The l2vpn keyword was introduced in ExtremeXOS Release 12.4 and is required when
deleting a VPWS peer. For backward compatibility, the l2vpn keyword is optional when
deleting a VPLS peer. However, this keyword will be required in a future release, so we
recommend that you use this keyword for new configurations and scripts.

Example
The following example removes connectivity to 1.1.1.202 from VPLS1:
configure vpls vpls1 delete peer 1.1.1.202

History
This command was first available in ExtremeXOS 11.6.

The l2vpn and vpws keywords were first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements

770 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure l2vpn delete service

configure l2vpn delete service

configure l2vpn [vpls vpls_name | vpws vpws_name] delete service [{vlan}
vlan_name | {vman} vman_name]

Description
Deletes the specified VLAN or VMAN service from the specified Layer 2 VPN.

Syntax Description
vpls_name Identifies the VPLS interface within the switch (character string).
vpws_name Identifies the VPWS interface within the switch (character string).
vlan_name Logically binds the VLAN to the specified VPLS.
vman_name Adds the named VMAN to the VPLS.

Default
N/A.

Usage Guidelines
If there are no services configured for the VPLS or VPWS, all PWs within the Layer 2
VPN are terminated from the switch.

The l2vpn keyword was introduced in ExtremeXOS Release 12.4 and is required when
deleting a service from a VPWS. For backward compatibility, the l2vpn keyword is
optional when deleting a service from a VPLS. However, this keyword will be required
in a future release, so we recommend that you use this keyword for new configurations
and scripts.

Example
The following example removes a service interface from a VPLS:

configure vpls vpls1 delete vman vman1

History
This command was first available in ExtremeXOS 11.6.

The l2vpn and vpws keywords were first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 771

configure l2vpn health-check vccv Commands

configure l2vpn health-check vccv

configure l2vpn [vpls [vpls_name | all] | vpws [vpws_name |
all]] health-check vccv {interval interval_seconds} {fault-multiplier
fault_multiplier_number}

Description
Configures the Virtual Circuit Connectivity Verification (VCCV) health check test and
fault notification intervals for the specified VPLS or VPWS instance.

Syntax Description
vpls_name Identifies the VPLS instance for which health check is to be
configured.
vpws_name Identifies the VPWS instance for which health check is to be
configured.
all Specifies that the configuration applies to all VPLS instances on
the local node.
interval_seconds Defines the interval between health check tests. The range is 1 to
10 seconds.
fault_multiplier Specifies how long health check waits before a warning
_ number level message is logged. The wait period is the
interval_seconds multiplied by the fault_multiplier_number.
The fault_multiplier_number range is 2 to 6.

Default
Interval is 5 seconds.

Fault mulitplier is 4.

Usage Guidelines
The VCCV health-check configuration parameters can be configured at anytime after
the VPLS has been created.

The show l2vpn {vpls {{vpls_name} | vpws {{vpws_name}} {peeripaddress}

{detail} | summary} command displays the configured interval_seconds and fault-
multiplier_number values for the VPLS or VPWS and the VCCV activity state.

The l2vpn keyword is introduced in ExtremeXOS Release 12.4 and is required when
configuring health check for a VPWS. For backward compatibility, the l2vpn keyword
is optional when configuring health check for a VPLS. However, this keyword will
be required in a future release, so Extreme Networks recommends that you use this
keyword for new configurations and scripts.

772 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command configures the health check feature on the VPLS instance
myvpls:

configure vpls myvpls health-check vccv interval 10 fault-notification 40

History
This command was first available in ExtremeXOS 12.1.

The l2vpn and vpws keywords were first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure l2vpn peer mpls lsp

configure l2vpn [vpls vpls_name | vpws vpws_name] peer ipaddress [add |
delete] mpls lsp lsp_name

Description
Adds or deletes a named LSP as a specified PW for the specified Layer 2 VPN peer.

Syntax Description
vpls_name Identifies the VPLS within the switch (character string).
vpws_name Identifies the VPWS within the switch (character string).
ipaddress Specifies the IP address for the peer node that is the
endpoint of the PW-LSP. This option applies only to VPLS
peers.
add Permits addition of up to four RSVP-TE LSPs to the VPLS
peer.
delete Removes the LSP specified by the lsp_name parameter
from the PW-LSP aggregation list.
lsp_name Removes the specified lsp.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 773

Usage Guidelines Commands

Usage Guidelines
If all the named LSPs are deleted from the configured Layer 2 VPN peer, VPLS or
VPWS attempts to use the best-routed path LSP, if one exists. The delete portion of this
command cannot be used to remove a named LSP that was selected by the switch as
the best LSP. If no LSPs exist to the peer, Layer 2 VPN connectivity to the peer is lost.
Currently, the VPLS or VPWS PW uses only one LSP.

The l2vpn keyword was introduced in ExtremeXOS Release 12.4 and is required
when configuring a VPWS instance. For backward compatibility, the l2vpn keyword is
optional when configuring a VPLS instance. However, this keyword will be required in a
future release, so we recommend that you use this keyword for new configurations and
scripts.

Example
The following examples add and remove a named LSP:
configure l2vpn vpls vpls1 peer 1.1.1.202 add mpls lsp “to-olympic4"
configure l2vpn vpls vpls1 peer 1.1.1.202 delete mpls lsp “to-olympic4"

The following example adds a named LSP for a VPWS peer:

configure l2vpn vpws vpws1 peer 1.1.1.203 add mpls lsp “to-olympic5"

History
This command was first available in ExtremeXOS 11.6.

The l2vpn and vpws keywords were first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure l2vpn peer

configure l2vpn [vpls vpls_name ] peer ipaddress [limit-learning number
| unlimited-learning]

Description
Configures the maximum number of MAC SAs (Source Addresses) that can be learned
for a given VPLS or VPWS peer.

774 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vpls_name Identifies the VPLS within the switch (character string).
ipaddress Specifies the IP address for the peer node that is the
endpoint of the PW-LSP. This option applies only to VPLS
peers.
limit-learning Specifies a limit to the number of MAC SAs to be learned
for the specified VPLS and peer.
number The maximum number of MAC SAs that can be learned for
the specified VPLS and peer.
unlimited-learning Specifies no limit to the number of MAC SAs to be learned
for the specified VPLS and peer.

Default
Unlimited.

Usage Guidelines
This parameter can only be modified when the specified VPLS is disabled. The
unlimited-learning keyword can be used to specify that there is no limit. The default
value is unlimited-learning.

The l2vpn keyword was introduced in ExtremeXOS Release 12.4 and is required
when configuring a VPWS instance. For backward compatibility, the l2vpn keyword is
optional when configuring a VPLS instance. However, this keyword will be required in a
future release, so we recommend that you use this keyword for new configurations and
scripts.

Example
The following example causes no more than 20 MAC addresses to be learned on
VPLS1’s PW to 1.1.1.202:
configure vpls vpls1 peer 1.1.1.202 limit-learning 20

History
This command was first available in ExtremeXOS 11.6.

The l2vpn and vpws keywords were first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 775

configure l2vpn vpls add peer ipaddress Commands

configure l2vpn vpls add peer ipaddress

configure {l2vpn} vpls vpls_name add peer ipaddress { static-pw
transmit-label outgoing_pw_label receive-label incoming_pw_label }

Description
Configures L2VPN VPLS service over MPLS Static PW.

Syntax Description
vpls_name Specifies the VPLS for which you are configuring a peer.
ipaddress Specifies the IP address of the peer node.
static-pw Specifies the static pseudowire transmit label.
transmit label
outgoing_pw_lab Specifies the name of the egress label.
el
receive-label Specifies the static PW receive label.
ncoming_pw_labe Specifies the name of the ingress label.
l

Default
N/A.

Usage Guidelines
Use this command to statically configure a new MPLS Ethernet PW for the specified
VPLS. You must specify the outgoing (MPLS ingress) and incoming (MPLS egress) PW
labels. Similarly, you must configure the peer with a static PW that has the reverse PW
label mappings.

Locally, the incoming_pw_label must be unique and is allocated out of the static label
space. The outgoing_pw_label must match the peer’s configured incoming PW label.

Just like a signaled PW, a static PW can optionally be configured to use any type of
tunnel LSP: LDP, RSVP-TE, or Static. In the case of RSVP-TE and LDP, those protocols
must be configured and enabled and an LSP must be established before traffic can be
transmitted over the static PW.

For Static LSPs, only the MPLS ingress LSP (or outgoing LSP) is specified. Unlike
signaled PWs, there is no end-to-end PW communication that is used to verify that
the PW endpoint is operational, and in the case of static LSPs, that the data path to
the PW endpoint is viable. In the event of a network fault, if a secondary RSVP-TE LSP
is configured or the routing topology changes such that there is an alternate LDP LSP,
the static PW will automatically switch LSPs in order to maintain connectivity with the
PW endpoint. Static LSPs can be protected proactively by configuring BFD to verify the

776 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

static LSPs IP next hop connectivity. Optionally, the underlying LSP for the PW can be
explicitly specified using a named LSP. When a named LSP is explicitly specified, only
the specified named LSP is used to carry the PW. In the event that a specified named
LSP is withdrawn, the VPLS/VPWS remains operationally down until the named LSP is
restored.

Since VC Status signaling is not supported, the VC Status “standby” bit cannot be used
to allow support for PW redundancy and H-VPLS. Consequently, only “core full-mesh”
PWs are allowed to have statically configured labels.

Example
The following command configures a new MPLS ethernet pseudowire for vpls1 :
configure vpls vpls1 add peer 1.1.1.202

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure vpls add service

configure vpls vpls_name add service [{vlan} vlan_name | {vman}
vman_name]

Note
This command has been replaced with the following command: configure
l2vpn [vpls vpls_name | vpws vpws_name] add service [{vlan}
vlan_name | {vman}vman_name] . This command is still supported for
backward compatibility, but it will be removed from a future release, so
we recommend that you start using the new command.

Description
Configures service for VPLS.

Syntax Description
vpls_name Identifies the VPLS interface within the switch (character string)
vlan_name Logically binds the VLAN to the specified VPLS.
vman_name Adds the named VMAN to the VPLS.

Switch Engine™ Command Reference Guide for version 32.7.1 777

Default Commands

Default
N/A.

Usage Guidelines
This command configures the VPLS service for the specified vpls_name. The VPLS
service may be a customer VLAN or a customer VMAN. Specifying the vlan_name
logically binds the VLAN to the specified VPLS. Only one VLAN or VMAN may be
configured per VPLS.

When a VLAN service has been configured for a VPLS, the VLAN is added to the VPLS
specified by the vpls_name. The VLAN ID is locally significant to the switch. Thus,
each VLAN VPLS interface within the VPLS network may have a different VLAN ID
service bound to the VPLS. This greatly simplifies VLAN ID coordination between metro
network access points. Traffic may be switched locally between VLAN ports if more
than one port is configured for the VLAN.

When a VMAN service has been configured for a VPLS, the VMAN is added to the VPLS
specified by vpls_name. The VMAN ID is locally significant to the switch. Thus, each
VMAN VPLS interface within the VPLS network may have a different VMAN ID, just like
the VLAN service. The only difference is that the VPLS network overwrites the outer
VMAN tag on VPLS egress and leaves the inner VLAN tag unmodified. Because the
inner VLAN tag is considered part of the customer packet data, the VMAN service can
be used to emulate port-based services. This is accomplished by configuring the VPLS
to strip the 802.1Q tag from the tunneled packet. Since the switch inserts the VMAN
tag when the packet is received and the 802.1Q tag is stripped before the packet is
sent on the VPLS PW, all packets received on ports that are members of the VMAN are
transmitted unmodified across the VPLS. The command configure vpls vpls_name
dot1q tag exclude is used to configure the switch to strip the 802.1Q tag on the VPLS.

Example
The example below adds a VLAN and a VMAN to the named VPLS:
configure vpls myvpls add service vlan myvlan
configure vpls myvpls add service vman myvman

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

778 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure l2vpn vpls peer static-pw

configure l2vpn vpls peer static-pw

configure l2vpn vpls vpls_name peer ipaddress static-pw {transmit-label
outgoing_pw_label receive-label incoming_pw_label }

Description
Changes the labels of a statically configured Ethernet PW for a VPLS.

Syntax Description
vpls_name Specifies the VPLS for which you are configuring a peer.
peer Specifies the peer IP address.
ipaddress Specifies the IP address of the peer node.
static-pw Specifies the static pseudowire.
transmit label Specifies the pseudowire transmit label.
outgoing_pw_label Specifies the name of the egress label.
receive-label Specifies the static pseudowire receive label.
incoming_pw_label Specifies the name of the ingress label.

Default
N/A.

Usage Guidelines
Use this command to change the labels of a statically configured Ethernet PW for a
VPLS that already exists. Either or both the outgoing (MPLS ingress) and incoming
(MPLS egress) PW labels can be specified. The peer must be similarly configured with
a static PW that has the reverse PW label mappings. Locally, the incoming_pw_label
must be unique and is allocated out of the static label space. The outgoing_pw_label
must match the peer’s configured incoming PW label. The L2VPN can remain
operational during the change; however, the PW goes down and comes back up.

Example
The following command changes the VPLS label to "VPLS1":
# configure l2vpn vpls vpls1 peer static-pw 1.1.1.202

History
This command was first available in ExtremeXOS 15.4.

Switch Engine™ Command Reference Guide for version 32.7.1 779

Platform Availability Commands

Platform Availability
This command is available on all platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure l2vpn vpls redundancy

configure {l2vpn}vpls vpls_name redundancy [esrp esrpDomain | eaps |
stp]

Description
Configures a VPLS instance to provide protected access using the EAPS redundancy
type, the specified ESRP domain, or STP.

Syntax Description
vpls_name Specifies the VPLS for which you are configuring protection.
esrpDomain Configures a VPLS instance to provide protected access using the
specified ESRP domain.
eaps Configures a VPLS instance to use the EAPS redundancy type.
stp Configures a VPLS instance to request an FDB relearning process
on an adjacent node when STP responds to a topology change for
a VLAN.

Default
Redundancy disabled.

Usage Guidelines
Only one redundancy mode can be configured at a time on a VPLS, and the VPLS must
be disabled when the redundancy mode is configured. If you attempt to configure a
second mode, an error appears. The current redundancy mode must be unconfigured
before you configure a different redundancy mode.

The ESRP domain specified must be a valid ESRP domain of type vpls-redundancy.
If not, the command is rejected with an appropriate error message. When a VPLS
instance is associated with an ESRP domain, the user cannot delete the ESRP domain
unless the VPLS redundancy has been unconfigured. For VPLS access protection to
become fully functional, VPLS redundancy must also be configured on a second VPLS
peer using the same VPLS name and ESRP domain.

Specify the redundancy type as EAPS when using redundant EAPS access rings. This
configuration requires EAPS shared links to be configured between redundant VPLS
nodes. This configures VPLS to use a PW between VPLS attachment nodes instead of

780 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

using a customer VLAN. This configuration is only required when there is an EAPS ring
on the VPLS service VLAN.

Note
The EAPS master should not be on a VPLS node.

The STP option enables VPLS interfaces to respond appropriately to STP topology
changes in a VLAN. For example, if STP detects a link failure, it will flush the appropriate
FDB entries to initiate relearning on the STP protected interfaces. When this option
is selected and STP initiates relearning, the VPLS interfaces on the same VLAN also
initiate relearning so that a new VLAN path to the VPLS core can be learned. For more
information, including limitations and restrictions, see the “VPLS STP Redundancy
Overview” Section in the Switch Engine 32.7.1 User Guide.

The l2vpn keyword was introduced in ExtremeXOS Release 12.4. For backward
compatibility, the l2vpn keyword is optional when configuring a VPLS instance.
However, this keyword will be required in a future release, so we recommend that you
use this keyword for new configurations and scripts.

Example
The following command adds redundancy to the vpls1 VPLS using the esrp1 domain:
configure l2vpn vpls vpls1 redundancy esrp esrp1

The following command specifies the EAPS redundancy type for the vpls2 VPLS:
configure l2vpn vpls vpls2 redundancy eaps

The following command specifies the STP redundancy type for the vpls3 VPLS:
configure l2vpn vpls vpls3 redundancy STP

History
This command was first available in ExtremeXOS 12.1.

The l2vpn keyword and the STP option were added in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure l2vpn vpws add peer ipaddress

configure l2vpn vpws vpws_name add peer ipaddress ipaddress {static-pw
transmit-label outgoing_pw_label receive-label incoming_pw_label }

Switch Engine™ Command Reference Guide for version 32.7.1 781

Description Commands

Description
Configures L2VPN VPWS service over MPLS Static PW.

Syntax Description
vpws_name Specifies the VPWS for which you are configuring a peer.
ipaddress Specifies the peer IP address.
ipaddress Specifies the IP address of the peer node.
static-pw Specifies the static pseudowire transmit label.
transmit-label
outgoing_pw_lab Specifies the name of the egress label.
el
receive-label Specifies the static PW receive label.
incoming_pw_lab Specifies the name of the ingress label.
el

Default
N/A.

Usage Guidelines
Use this command to statically configure a new MPLS Ethernet PW for the specified
VPWS. You must specify the outgoing (MPLS ingress) and incoming (MPLS egress) PW
labels. Similarly, you must configure the peer with a static PW that has the reverse PW
label mappings.

Locally, the incoming_pw_label must be unique and is allocated out of the static label
space. The outgoing_pw_label must match the peer’s configured incoming PW label.

Just like a signaled PW, a static PW can optionally be configured to use any type of
tunnel LSP: LDP, RSVP-TE, or Static. In the case of RSVP-TE and LDP, those protocols
must be configured and enabled and an LSP must be established before traffic can be
transmitted over the static PW.

For Static LSPs, only the MPLS ingress LSP (or outgoing LSP) is specified. Unlike
signaled PWs, there is no end-to-end PW communication that is used to verify that
the PW endpoint is operational, and in the case of static LSPs, that the data path to
the PW endpoint is viable. In the event of a network fault, if a secondary RSVP-TE LSP
is configured or the routing topology changes such that there is an alternate LDP LSP,
the static PW will automatically switch LSPs in order to maintain connectivity with the
PW endpoint. Static LSPs can be protected proactively by configuring BFD to verify the
static LSPs IP next hop connectivity. Optionally, the underlying LSP for the PW can be
explicitly specified using a named LSP. When a named LSP is explicitly specified, only
the specified named LSP is used to carry the PW. In the event that a specified named
LSP is withdrawn, the VPLS/VPWS remains operationally down until the named LSP is
restored.

782 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Since VC Status signaling is not supported, the VC Status “standby” bit cannot be used
to allow support for PW redundancy and H-VPLS. Consequently, only “core full-mesh”
PWs are allowed to have statically configured labels.

Example
The following command configures VPWS service for VPWS1 on peer 1.1.1.202:
configure vpws vpws1 add peer 1.1.1.202

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure l2vpn vpws peer static-pw

configure l2vpn vpws vpws_name peer ipaddress static-pw {transmit-label
outgoing_pw_label receive-label incoming_pw_label }

Description
Changes the labels of a statically configured Ethernet pseudowire for a VPWS.

Syntax Description
vpws_name Specifies the VPWS for which you are configuring a peer.
peer Specifies the peer IP address.
ipaddress Specifies the IP address of the peer node.
static-pw Specifies the static pseudowire.
transmit label Specifies the pseudowire transmit label.
outgoing_pw_lab Specifies the name of the egress label.
el
receive-label Specifies the static pseudowire receive label.
incoming_pw_lab Specifies the name of the ingress label.
el

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 783

Usage Guidelines Commands

Usage Guidelines
Use this command to change the labels of a statically configured Ethernet pseudowire
for a VPWS that already exists. Either or both the outgoing (MPLS ingress) and
incoming (MPLS egress) PW labels can be specified. The peer must be similarly
configured with a static PW that has the reverse PW label mappings. Locally, the
incoming_pw_label must be unique and is allocated out of the static label space. The
outgoing_pw_label must match the peer’s configured incoming PW label. The L2VPN
can remain operational during the change; however, the PW goes down and comes
back up.

Example
The following command changes the VPWS label to "vpws1":
# configure l2vpn vpws vpws1 peer static-pw 1.1.1.202

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure l2vpn
configure l2vpn [vpls vpls_name | vpws vpws_name] {dot1q [ethertype
hex_number | tag [include | exclude]]} {mtu number}

Description
Configures VPLS or VPWS parameters.

Syntax Description
vpls_name Identifies the VPLS within the switch (character string).
vpws_name Identifies the VPWS within the switch (character string).
dot1q Specifies the action the switch performs with respect to the 802.1Q
ethertype or tag.
ethertype Overwrites the ethertype value for the customer traffic sent across
the PW
hex_number Identifies the ethertype, uses the format of 0xN.
tag Specifies the action the switch performs with respect to the 802.1Q
tag.

784 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

include Includes the 802.1Q tag when sending packets over the VPLS L2
VPN.
exclude Strips the 802.1Q tag before sending packets over the VPLS L2
VPN.
mtu Specifies the MTU value of the VPLS transport payload packet.
number The size (in bytes) of the MTU value. The configurable MTU range is
1492 through 9216. The default VPLS MTU value is 1500.

Default
dot1q tag - excluded.

ethertype - the configured switch ethertype is used.

number (MTU) - 1500.

Usage Guidelines
This command configures the VPLS and VPWS parameters. PWs are point-to-point
links used to carry VPN traffic between two devices within the VPLS. Each device must
be configured such that packets transmitted between the endpoints are interpreted
and forwarded to the local service correctly. The optional ethertype keyword may be
used to overwrite the Ethertype value for the customer traffic sent across the PW. By
default, the configured switch ethertype is used. If configured, the ethertype in the
outer 802.1q field of the customer packet is overwritten using the configured ethertype
value. The ethertype value is ignored on receipt.

Optionally, the switch can be configured to strip the 802.1q tag before sending packets
over the VPLS or VPWS Layer 2 VPN. This capability may be required to provide
interoperability with other vendor products or to emulate port mode services. The
default configuration is to include the 802.1q tag.

The mtu keyword optionally specifies the MTU value of the VPLS or VPWS transport
payload packet (customer packet). The MTU value is exchanged with VPLS-configured
peer nodes. All VPLS peer nodes must be configured with the same MTU value. If
the MTU values do not match, PWs cannot be established between peers. The MTU
values are signaled during PW establishment so that endpoints can verify that MTU
settings are equivalent before establishing the PW. By default the MTU is set to 1500.
The configurable MTU range is 1492 through 9216. Changing the MTU setting causes
established PWs to terminate. Payload packets might be dropped if the VPLS or VPWS
MTU setting is greater than the MPLS MTU setting for the PW interface.

Note
The maximum MTU value supported depends on the current configuration
options. For more information, see “Configuring the Layer 2 VPN MTU” in the
Switch Engine 32.7.1 User Guide.

The l2vpn keyword was introduced in ExtremeXOS Release 12.4 and is required when
enabling a VPWS. For backward compatibility, the l2vpn keyword is optional when

Switch Engine™ Command Reference Guide for version 32.7.1 785

Example Commands

enabling a VPLS. However, this keyword will be required in a future release, so we

recommend that you use this keyword for new configurations and scripts.

Example
The following commands change the various parameters of a particular VPLS:
configure vpls vpls1 dot1q ethertype 0x8508
configure vpls vpls1 dot1q ethertype 0x8509 mtu 2500
configure vpls vpls1 dot1q tag exclude mtu 2430
configure vpls vpls1 dot1q mtu 2500

History
This command was first available in ExtremeXOS 11.6.

The l2vpn and vpws keywords were first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure lacp member-port priority

configure lacp member-port port priority port_priority

Description
Configures the member port of an LACP to ensure the order that ports are added to
the aggregator. The lower value you configure for the port’s priority, the higher priority
that port has to be added to the aggregator.

Syntax Description
port Specifies the LACP member port that you are specifying
the priority for.
port_priority Specifies the priority you are applying to this member port
to be assigned to the LACP aggregator. The range is from
0 to 65535; the default is 0. The lower configured value has
higher priority to be added to the aggregator.

Default
The default priority is 0.

786 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
The port must be added to the LAG prior to configuring it for LACP. The default value is
0, or highest priority.

You can configure the port priority to ensure the order in which LAG ports join the
aggregator. If you do not configure this parameter, the lowest numbered ports in the
LAG are the first to be added to the aggregator; if there are additional ports configured
for that LAG, they are put in standby mode.

Use this command to override the default behavior and ensure the order in which LAG
ports are selected. Also, if more than one port is configured with the same priority, the
lowest numbered port joins the aggregator.

Example
The following command sets the port priority for the LAG port 5:1 to be 55 (which will
probably put that port in standby initially):
configure lacp member-port 5:1 priority 55

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ldap domain

configure ldap domain domain_name [default | non-default]

Description
This command is used to configure a previously added LDAP domain as default or
non-default. If a domain is configured as default, older default domain, if any, will no
longer be default since once only one domain can be default at a time.

Syntax Description
domain_name Name of domain to be configured.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 787

Usage Guidelines Commands

Usage Guidelines
Use this command to configure an LDAP domain as default or non-default.

Example
This command marks the LDAP domain sales.XYZCorp.com as the default domain.

configure ldap domain sales.XYZCorp.com default

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ldap domain add server

configure ldap {domain domain_name} add server [host_ipaddr | host_name]
{server_port} {client-ip client_ipaddr} {vr vr_name} {encrypted sasl
digest-md5}

Description
This command adds an LDAP server under an LDAP domain and configures the
parameters for contacting the server.

Syntax Description
domain_name Specifies the LDAP domain under which this server should
be added.
host_ipaddr Specifies a IP address for an LDAP server to add.
host_name Specifies a DNS hostname for an LDAP server to add.
server_port Specifies a port number for the LDAP service. The default
port number is 389.
client_ipaddr Specifies the LDAP client IP address, which should be set
to the IP address of the interface that will connect to the
LDAP server.

788 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

vr_name Specifies the VR name for the interface that will connect
to the LDAP server. The default VR for LDAP client
connections is VR-Mgmt.
encrypted sasl Specifies that the LDAP client uses Digest RSA Data
digest-md5 Security, Inc. MD5 Message-Digest Algorithm encryption
over SASL (Simple Authentication and Security Layer)
to communicate with the LDAP server. Note that this
mechanism encrypts only the password credentials, and
the LDAP information exchange uses plain text.

Note:
To support Digest RSA Data Security, Inc. MD5 Message-
Digest Algorithm over SASL, the LDAP client (bind user)
password must be stored using ‘reverse encryption,’ and
the host_name should be configured as the fully-qualified
host name for the LDAP server.

Default
client-ipaddr is optional. If client-ipaddr is not specified, the LDAP client looks up the
interface through which the LDAP server can be reached.

If vr_name is not specified, the LDAP client assumes it to be VR-Mgmt.

If "encrypted sasl digest-md5' is not specified, the LDAP client talks to the LDAP server
using plain text.

Usage Guidelines
You can configure up to 8 LDAP servers under one LDAP domain. The LDAP servers are
contacted in the order of configuration. If the first server does not respond before the
timeout period expires, the second server is contacted. This process continues until an
LDAP server responds, and then the responding server marked as 'active'. Subsequent
LDAP requests for that LDAP domain are sent to the 'active' server.

Note
If the switch cannot resolve the host name using a DNS server, the switch
rejects the command and generates an error message.
As of 15.2, the "identity-management" keyword is now optional in this
command.

Example
The following command configures LDAP client access to LDAP server LDAP1 using
encrypted authentication:

* Switch.6 # configure ldap add server LDAP1 client-ip 10.10.2.1

encrypted sasl digest-md5

Switch Engine™ Command Reference Guide for version 32.7.1 789

History Commands

The following command adds the LDAP server LDAPServer1.sales.XYZCorp.com under

the domain sales.XYZCorp.com and configures the LDAP client to contact it over VR-
Default. It also configures the LDAP client to communicate with the server using
digest-md5 encryption over SASL.

configure ldap domain sales.XYZCorp.com add server LDAPServer1.sales.XYZCorp.com vr VR-

Default encrypted sasl digest-md5

The following command adds the LDAP server 192.168.1.1 under the domain
sales.XYZCorp.com and also configures the LDAP client to contact it through the
interface 10.10.10.1 over VR-Mgmt.

configure ldap domain sales.XYZCorp.com add server 192.168.1.1 client-ip 10.10.10.1

History
This command was first available in ExtremeXOS 12.5.

This command was modified in ExtremeXOS 15.2 to make the identity management
keyword optional.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ldap domain base-dn

configure ldap {domain [domain_name | all]} base-dn [base_dn | none |
default

Description
Configures the LDAP base-dn to be used while searching an user under an LDAP
domain.

Syntax Description
domain_name Specifies the LDAP domain for which this base-dn is to be
configured.
base_dn Specifies the LDAP base domain under which the users are
to be searched.
none Specifies the LDAP root domain as the location under
which the users are to be searched.
default Restores the base_dn to it default value i.e., same as the
domain name.

790 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
By default base-dn is assumed to be the same as the domain name unless configured
otherwise.

If a domain is not specified, the base-dn is configured for the default domain.

Usage Guidelines
LDAP base-dn is the LDAP directory root under which the users are to be searched. By
default base-dn is assumed to be the same as the domain name.

For users upgrading from ExtremeXOS 15.1 and older versions, a domain is created with
the same name as the base-dn in the older configuration. This domain is marked as the
default domain. This can be changed later if required.

Example
The following commands configure the base-dn for the domain sales.XYZCorp.com.

The base-dn configured as XYZCorp.com means that XYZCorp.com is the base location
to search for user information.

* Switch.11 # configure ldap domain sales.XYZCorp.com base-dn XYZCorp.com

The base-dn configured as none means that the directory root is the base location to
search for user information.

* Switch.12 # configure ldap domain sales.XYZCorp.com base-dn none

History
This command was first available in ExtremeXOS 12.5.

This command was modified in ExtremeXOS 15.2 to add the {domain [domain_name |
all]} option.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ldap domain bind-user

configure ldap {domain [domain_name |all]} bind-user [user_name
{encrypted encrypted_password} | password | anonymous]

Switch Engine™ Command Reference Guide for version 32.7.1 791

Description Commands

Description
Configures the LDAP client credentials required for the switch to access an LDAP
server.

Syntax Description
domain_name Specifies the LDAP domain for which this bind-user is to be
configured.
user_name Specifies the user name for LDAP server access.
encrypted Indicates that the specified password is encrypted.
password Specifies the user password for LDAP server access.

Note:
To support Digest RSA Data Security, Inc. MD5 Message-
Digest Algorithm over SASL, the password must be stored
using ‘reverse encryption.’

anonymous Specifies user anonymous for LDAP server access.

Default
If no domain is specified, the bind-user is configured for the default domain.

Usage Guidelines
The bind-user is an LDAP user who has read access to user information in the LDAP
directory.

On many newer directory servers "anonymous" access is disabled. You may also find
that though the LDAP bind succeeds, the anonymous user might be denied read
access to user information.

Example
The following command configures the LDAP bind user as jsmith with password
Extreme for the domain sales.XYZCorp.com:

* Switch.14 # configure ldap domain sales.XYZCorp.com bind-user jsmith password Extreme

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

792 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure ldap domain delete server

configure ldap domain delete server

configure ldap {domain [domain_name |all]} delete server [host_ipaddr |
host_name] {server_port} {vr vr_name}

Description
This command is used to delete one or all LDAP servers from one or all LDAP domains.

Syntax Description
domain_name Specifies the LDAP domain from which this server is to be
deleted.
all Specifies that all configured LDAP servers are to be
deleted.
host_ipaddr Specifies the IP address of the LDAP server to delete.
host_name Specifies a DNS hostname of the LDAP server to delete.
server_port Specifies a port number for the LDAP service to delete. The
default port number is 389.
vr vr_name Specifies the virtual router to delete.

Default
If a domain is not specified, the server(s) under default domain is deleted.

Usage Guidelines
None.

Example
The following command deletes the LDAP server LDAPServer1.sales.XYZCorp.com from
the domain sales.XYZCorp.com:

* Switch.8 # configure ldap domain sales.XYZCorp.com delete server

LDAPServer1.sales.XYZCorp.com

The following command deletes all LDAP servers from all LDAP domains:

* Switch.8 # configure ldap domain all delete server all

History
This command was first available in ExtremeXOS 12.5.

Switch Engine™ Command Reference Guide for version 32.7.1 793

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure ldap domain netlogin

configure ldap { domain [ domain_name | all ] } [enable|disable]
netlogin [dot1x | mac | web-based]

Description
Enables or disables LDAP queries for the specified type of network login users.

Syntax Description
domain_name Specifies the LDAP doman for which this configuraton is to
be applied.
dot1x Enables or disables LDAP queries for dot1x network login.
mac Enables or disables LDAP queries for MAC network login.
web-based Enables or disables LDAP queries for web-based network
login.

Default
LDAP queries are enabled for all types of network login.

Usage Guidelines
It may be necessary to disable LDAP queries for specific type of netlogin user, for
example, netlogin mac users, whose username is the same as mac address. The
LDAP directory might not contain useful information about these type of users and
unnecessary LDAP queries can be avoided.

Note
LDAP queries are not sent for locally authenticated network login users.

Example
The following command enables LDAP queries for MAC network login:

* Switch.99 # configure ldap enable netlogin mac

The following command disables LDAP queries for dot1x network login:

* Switch.99 # configure ldap disable netlogin dot1x

794 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ldap hierarchical-search-oid

configure ldap {domain [domain_name|all]} hierarchical-search-oid [ldap-
matching-rule-in-chain | oid | none]

Description
Configures an OID to perform a hierarchical search if the LDAP server requires it.

Syntax Description
domain_name Domain name on which to configure ldap.
all All domains.
ldap-matching-rule- Configures the OID 1.2.840.113556.1.4.1941.
in-chain
oid Object identifier.
none Specifies that LDAP query should not include any OID for
hierarchical search.

Default
N/A.

Usage Guidelines
Use this command to configure an OID to perform a hierarchical search if the LDAP
requires it. The OID supplied with this command will be used to form the LDAP query. If
a server does not require extended control OID, the none option can be selected.

Example
configure ldap domain abc.com hierarchical-search-oid ldap_matching_rule_in_chain

History
This command was first available in ExtremeXOS 15.3.

Switch Engine™ Command Reference Guide for version 32.7.1 795

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp management-address

configure lldp management-address [[[{vlan} vlan_name | vlan vlan_id]
{primary-ip | secondary-ip secondary_ip_address}] | mac-address]

Description
Configures a specified VLAN’s IP address as the management address to be advertised
by LLDP.

Syntax Description
vlan Specifies a VLAN for the management IP address.
vlan_name Specifies a VLAN name for the management IP address
(default is "Mgmt").
vlan_id Specifies a VLAN ID for the management IP address.
primary-ip LLDP advertises the primary IP address of the specified
VLAN (default).
The specified VLAN must be already configured with at-
least one primary IPv4 address.
secondary-ip Specifies that LLDP advertises the secondary IP address of
the specified VLAN.
The specified secondary IP address must already be
configured on the specified VLAN.

Note: LLDP does not recognize IPv6 addresses in this field.

secondary_ip_address Specifies the secondary IP address of the specified VLAN.

mac-address Specifies that LLDP advertises the MAC address of the
switch. This is the default behavior if Management VLAN
IP address is not configured and no VLAN is specified by
this command.

Default
The system MAC address is advertised by default if the Management VLAN IP address is
not configured and no VLAN is specified by this command.

By default, the Management VLAN’s IP address is advertised by LLDP.

If you do not specify, LLDP advertises the primary IP address of the specified VLAN.

796 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
If the Management VLAN IP address is not configured, LLDP and CDP (Cisco Discovery
Protocol) advertise the system MAC address as the management address in their
management TLV, which makes the network device not accessible. If the Management
VLAN IP address is not configured, you can specify any user-defined VLAN’s IP address
or front panel port VLAN’s IP address as the management address for LLDP and CDP
protocols.

This command dictates the management address to be advertised by the LLDP

protocol; the equivalent command for CDP is configure cdp management-address on
page 351.

To use this command, the specified VLAN must already exist. The management IP
address configuration is removed if the specified VLAN is deleted, or if the primary IP
address of the specified VLAN is deleted (if primary-ip configured), or if the specified
secondary IP address of the specified VLAN is deleted (if secondary-ip configured).

If primary-ip is configured and the specified VLAN has multiple primary IP addresses
(IPv4 and IPv6), then LLDP advertises the first primary IP address that exists in the
address table.

If secondary-ip is configured and the specified VLAN has multiple secondary IP

addresses, then LLDP advertises only the specified secondary IP address of the
configuration.

Note
LLDP does not recognize IPv6 addresses in this field.

Example
The following example configures the primary IP address of the VLAN "vlan1" as the
management address to be advertised by LLDP protocol:
configure lldp management-address vlan vlan1 primary-ip

History
This command was first available in ExtremeXOS 22.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp med fast-start repeat-count

configure lldp med fast-start repeat-count count

Switch Engine™ Command Reference Guide for version 32.7.1 797

Description Commands

Description
The fast-start feature is automatically enabled when you enable the LLDP MED
capabilities TLV. This command configures how many times, from 1 to 10, the switch
sends out an LLDP MED packet with an interval of 1 second.

Syntax Description
count Specifies the number of times the switch transmits LLDP MED
TLVs each second (once it detects a neighbor transmitting LLDP
MED TLVs). The range is 1 to 10.

Default
3.

Usage Guidelines
When the switch detects a MED-capable device, this count determines how many
times the switch sends a LLDP MED TLVs with an interval of 1 second. The fast-start
feature enables the MED-capable device to quickly learn information; this command
changes the value from the default 3. The fast-start feature is automatically enabled
when you enable the LLDP MED capabilities TLV.

Note
After you configure the LLDP MED capability TLV, the fast-start feature
automatically runs. To configure the LLDP MED capability TLV, use the
configure lldp ports [all | port_list] [advertise | no-advertise]
vendor-specific med capabilities command.

Example
The following command configures fast learning on the switch to a value of 2:

configure lldp med fast-start repeat-count 2

History
This command was first available in ExtremeXOS 11.5.

Platform Availability
This command is available on all Universal switches supported in this document.

798 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure lldp ports dcbx add application

configure lldp ports dcbx add application

configure lldp ports [all | port_list] dcbx add application [name
application_name | ethertype ethertype_value | L4-port port_number |
tcp-port port_number | udp-port port_number] priority priority_value

Description
Configures an application priority to be advertised to DCBX end stations.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
application_name Specifies an application. Supported values are:
• fcoe—Fiber Channel Over Ethernet (FCoE).
• fip—FCoE Initiation Protocol (FIP).
• iscsi—Internet Small Computer System Interface (iSCSI).

ethertype_value Specifies an ethertype value in the range of 1536 to 65535.

L4-port port_number Specifies a Layer 4 port number in the range of 0 to 65535.
Supported Layer4 protocols include TCP, SCTP, UDP, and
DCCP.
tcp-port port_number Specifies a TCP port number in the range of 0 to 65535.
udp-port port_number Specifies a UDP port number in the range of 0 to 65535.
priority_value Specifies a priority in the range of 0 to 7.

Default
N/A.

Usage Guidelines
This command configures the switch to advertise the priority that an end station
should use for the specified application or port number. The priority number is mapped
to an 802.1p value, which determines how the switch manages traffic from that
application or port.

The switch supports a maximum of 8 DCBX applications per port. If an application

configuration already exists on the specified port or ports, the priority is updated to the
new value. If the maximum number of applications for a port is exceeded, the switch
logs an error message.

Switch Engine™ Command Reference Guide for version 32.7.1 799

Example Commands

Example
The following command configures the switch to advertise priority 4 for the iSCSI
application on ports1 to 24:

configure lldp ports 1-24 dcbx add application name iscsi priority 4

The following command configures the switch to advertise priority 3 for ethertype value
34525 on port1:

configure lldp ports 1 dcbx add application ethertype 34525 priority 3

The following command configures the switch to advertise priority 6 for Layer 4 port
992 on port1:

configure lldp ports 1 dcbx add application L4-port 992 priority 6

History
This command was first available in ExtremeXOS 12.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports dcbx delete application

configure lldp ports [all | port_list] dcbx delete application [all-
applications | name application_name | ethertype ethertype_value |
L4-port port_number | tcp-port port_number | udp-port port_number]

Description
Removes the priority configuration for one or all applications from the specified ports.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
application_name Specifies an application. Supported values are:
• fcoe—Fiber Channel Over Ethernet (FCoE).
• fip—FCoE Initiation Protocol (FIP).
• iscsi—Internet Small Computer System Interface (iSCSI).

ethertype_value Specifies an ethertype value in the range of 1536 to 65535.

L4-port port_number Specifies a Layer 4 port number in the range of 0 to 65535.
Supported Layer4 protocols include TCP, SCTP, UDP, and
DCCP.

800 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

tcp-port port_number Specifies a TCP port number in the range of 0 to 65535.

udp-port port_number Specifies a UDP port number in the range of 0 to 65535.

Default
N/A.

Usage Guidelines
This command configures the switch to advertise the priority that an end station
should use for the specified application or port number. The priority number is mapped
to an 802.1p value, which determines how the switch manages traffic from that
application or port.

If an application configuration already exists on the specified port or ports, the priority
is updated to the new value.

Example
The following command removes the priority configuration for Layer 4 port 30 on port
23:

configure lldp ports 23 dcbx delete application L4-port 30

History
This command was first available in ExtremeXOS 12.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports management-address

configure lldp ports [all | port_list] [advertise | no-advertise]
management-address

Description
Configures the LLDP port to advertise or not to advertise management address
information to its neighbors.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.

Switch Engine™ Command Reference Guide for version 32.7.1 801

Default Commands

advertise Specifies to send the information to neighbors.

no-advertise Specifies not to send the information to neighbors.

Default
No advertise.

Usage Guidelines
With ExtremeXOS, you can only add one management address TLV per LLDPDU and
the information must be the IP address configured on the management VLAN. If no
IP address is assigned to the management VLAN, the system sends the system MAC
address. LLDP does not send out IPv6 addresses in this field.

Example
The following command advertises the management address information for port 1:5:

configure lldp ports 1:5 advertise management-address

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports port-description

configure lldp ports [all | port_list] [advertise | no-advertise] port-
description

Description
Configures the LLDP port to advertise or not advertise port display information to its
neighbors.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
advertise Specifies to send the information to neighbors.
no-advertise Specifies not to send the information to neighbors.

802 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
No advertise.

Usage Guidelines
N/A.

Example
The following command configures port 1:7 to not advertise the port display
information to neighbors:

configure lldp ports 1:7 no-advertise port-description

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports system-capabilities

configure lldp ports [all | port_list] [advertise | no-advertise]
system-capabilities

Description
Configures the LLDP port to advertise or not to advertise its system capabilities to its
neighbors.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
advertise Specifies to send the information to neighbors.
no-advertise Specifies not to send the information to neighbors.

Default
No advertise.

Usage Guidelines
When at least one VLAN exists with more than two ports, bridging is sent to enabled.

Switch Engine™ Command Reference Guide for version 32.7.1 803

Example Commands

When at least one VLAN on the switch has IP forwarding enabled, the system
automatically sets the router bit.

Example
The following command configures all ports to advertise system capability information
to neighbors:

configure lldp ports all advertise system-capabilities

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports system-description

configure lldp ports [all | port_list] [advertise | no-advertise]
system-description

Description
Configures the LLDP port to advertise or not to advertise its system description to its
neighbors.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
advertise Specifies to send the information to neighbors.
no-advertise Specifies not to send the information to neighbors.

Default
Advertise.

Usage Guidelines
Although not mandatory according to the standard, this TLV is included in the LLDPU
by default when you enable LLDP.

804 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

When enabled, the system sends the following image (from the show version
command) in the system description TLV:

ExtremeXOS version 11.2.0.12 v1120b12 by release-manager

on Fri Mar 18 16:01:08 PST 2005

Example
The following command configures port 1:4 through port 1:8 to not advertise the system
description information to neighbors:

configure lldp ports 1:4 - 1:8 no-advertise system-description

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports system-name

configure lldp ports [all | port_list] [advertise | no-advertise]
system-name

Default
Configures the LLDP port to advertise or not to advertise its system name to its
neighbors.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
advertise Specifies to send the information to neighbors.
no-advertise Specifies not to send the information to neighbors.

Default
No advertise.

Usage Guidelines
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 805

Example Commands

Example
The following command configures port 1:6 to advertise the system name to neighbors:

configure lldp ports 1:4 - 1:8 advertise system-name

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports vendor-specific avaya-extreme call-server

The Avaya phone uses this proprietary LLDP TLV to learn the IP address(es) of the
call server(s) to use.
configure lldp ports [all | port_list] [advertise | no-advertise]
vendor-specific avaya-extreme call-server ip_address_ {ip_address_2
{ip_address_3 {ip_address_4 {ip_address_5 {ip_address_6 {ip_address_7
{ip_address_8}}}}}}}

Description
Configures the LLDP port to advertise or not advertise up to 8 call server IP addresses
to its neighbors.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
advertise Specifies to send the information to neighbors.
no-advertise Specifies not to send the information to neighbors.
ip_address_1... Specifies IP address of up to 8 call servers.
.8
Note:
NOTE: This parameter does not apply when you configure the
no-advertise parameter.

Default
No advertise.

806 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
The Avaya phone uses this proprietary LLDP TLV for addressing information. You can
configure the IP address for up to 8 call servers in a single TLV.

Example
The following command configures ports 1-5 to advertise two call server IP addresses to
neighbors:

configure lldp ports 1-5 advertise vendor-specific avaya-extreme call-server 10.10.10.10

10.11.10.10

History
This command was first available in ExtremeXOS 11.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports vendor-specific avaya-extreme dot1q-framing

configure lldp ports [all | port_list] [advertise | no-advertise]
vendor-specific avaya-extreme dot1q-framing [tagged | untagged |
auto]

Description
Configures the LLDP port to advertise or not advertise the 802.1q framing configuration
to its neighbors. The Avaya phone uses this proprietary LLDP TLV information. In
addition to this LLDP TLV, you must enable LLLDP as well as configure both the LLDP
MED capabilities TLV and the LLDP network policy TLV.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
advertise Specifies to send the information to neighbors.
no-advertise Specifies not to send the information to neighbors.
tagged Specifies to use tagging.
NOTE: This parameter applies only when you use the advertise
parameter.

Switch Engine™ Command Reference Guide for version 32.7.1 807

Default Commands

untagged Specifies not to use tagging.

NOTE: This parameter applies only when you use the advertise
parameter.
auto Specifies following a predetermined sequence (see Usage
Guidelines below).
NOTE: This parameter applies only when you use the advertise
parameter.

Default
No advertise.

Usage Guidelines
Before configuring this LLDP TLV, you must take the following steps:
• Enable LLDP using the enable lldp ports command.
• Enable the LLDP MED capabilities TLV using the configure lldp ports vendor-
specific med capabilities command.
• Enable the LLDP MED network policy TLV using the configure lldp ports
vendor-specific med policy application command.

This TLV is used to exchange information about Layer 2 priority tagging between the
network connectivity device (switch) and the Avaya phone.

If you configure the TLV to advertise tagging, the phone uses tagging information,
which it retrieves from the configure lldp ports vendor-specific med policy
application command. If you configure the TLV to advertise untagged, the phone
does not use any tagging, including 802.1q priority tagging.

If you configure the TLV to advertise auto, the phone cycles through the following
sequence until an action is successful:
• Uses the configuration advertised by the LLDP MED network policy TLV, as
configured by the configure lldp ports vendor-specific med policy
application command.
• Uses the priority tagged frames configured by the phone’s server.
• Sends the traffic untagged.

Example
The following command configures al ports to advertise the dot1q framing as untagged
to neighbors:

configure lldp ports all advertise vendor-specific avaya-extreme dot1q-framing untagged

History
This command was first available in ExtremeXOS 11.5.

808 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports vendor-specific avaya-extreme file-server

configure lldp ports [all | port_list] [advertise | no-advertise]
vendor-specific avaya-extreme file-server ip_address_1 {ip_address_2
{ip_address_3 {ip_address_4}}}

Description
Configures the LLDP port to advertise or not advertise up to 4 file server IP addresses
to its neighbors. The Avaya phone uses this proprietary LLDP TLV to learn the IP
address(es) of the file server(s) to use.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
advertise Specifies to send the information to neighbors.
no-advertise Specifies not to send the information to neighbors.
ip_address_1...4 Specifies IP address of up to 4 file servers.
NOTE: This parameter does not apply when you configure the
no-advertise parameter.

Default
No advertise.

Usage Guidelines
The Avaya phone uses this proprietary LLDP TLV for addressing information. You can
configure the IP address for up to 4 file servers in a single TLV.

Example
The following command configures all ports to advertise two file server IP addresses to
neighbors:

configure lldp ports 1-5 advertise vendor-specific avaya-extreme call-server 10.20.10.10

10.12.10.10

History
This command was first available in ExtremeXOS 11.5.

Switch Engine™ Command Reference Guide for version 32.7.1 809

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports vendor-specific avaya-extreme poe-conservation-

request
configure lldp ports [all | port_list] [advertise | no-advertise]
vendor-specific avaya-extreme poe-conservation-request

Description
Configures the LLDP port to advertise or not advertise a requested conservation level.
By default, the requested conservation value on this proprietary LLDP TLV is 0, which is
no power conservation. This LLDP TLV is sent out only on PoE-capable Ethernet ports.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
advertise Specifies to send the information to neighbors.
no-advertise Specifies not to send the information to neighbors.

Default
No advertise.

Usage Guidelines
The switch sends this proprietary LLDP TLV to request a PD to go into a certain power
conservation level or request the PD to go to the maximum conservation level. This
LLDP TLV is transmitted only on PoE-capable ports.

When configured to advertise, the switch sends this TLV with a requested conservation
power level of 0, which requests no power conservation. To temporarily change this
conservation level, use the SNMP lldpXAvExLocPortXPoEPSEPortReqLevel object to set
a new value; the reconfigured value is not saved over a reboot. (This SNMP object can
be set from 0 to 243 or 255.)

Example
The following command configures all ports to advertise the currently requested
conservation level to neighbors:

configure lldp ports all advertise vendor-specific avaya-extreme poe-conservation-request

810 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports vendor-specific dcbx

configure lldp ports [all | port_list] [advertise | no-advertise]
vendor-specific dcbx {ieee|baseline}

Description
Configures the LLDP port to advertise or not to advertise Data Center Bridging
Exchange (DCBX) information to its neighbors.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
advertise Specifies to send the information to neighbors.
no-advertise Specifies not to send the information to neighbors.
ieee Specifies the DCBX protocol defined in IEEE 802.1Qaz.
baseline Specifies the DCBX protocol known as Baseline Version 1.01,
which was defined before IEEE 802.1Qaz.

Default
No advertisement for both DCBX protocols.

Usage Guidelines
If you do not specify a protocol with this command, the advertise option enables
advertisement for the IEEE 802.1Qaz protocol, and the no-advertise option disables
advertisement for both protocols.

Example
The following command advertises DCBX information according to IEEE 802.1Qaz for
port 1:5:
configure lldp ports 1:5 advertise vendor specific dcbx

The following command advertises DCBX information according to Baseline Version

1.01 for port 2:1:
configure lldp ports 2:1 advertise vendor specific dcbx baseline

Switch Engine™ Command Reference Guide for version 32.7.1 811

History Commands

The following command disables advertisement of DCBX information on all ports:

configure lldp ports all no-advertise vendor specific dcbx

History
This command was first available in ExtremeXOS 12.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports vendor-specific dot1 port-protocol-vlan-ID

configure lldp ports [all | port_list] [advertise | no-advertise]
vendor-specific dot1 port-protocol-vlan-ID {vlan [all | vlan_name |
vlan_id]}

Description
Configures the LLDP port to advertise or not advertise port VLAN information to its
neighbors.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
advertise Specifies to send the information to neighbors.
no-advertise Specifies not to send the information to neighbors.
all Specifies all VLANs on the port.
vlan_name Specifies the name of the VLAN on the port that you want
to advertise.
vlan_id Specifies the ID of the VLAN on the port that you want to
advertise.

Default
No advertise.

Usage Guidelines
When configured to advertise, the switch inserts a port and protocol VLAN ID TLV for
each VLAN configured on the ports. The port and protocol VLAN ID TLV allows the
port to advertise if it supports protocol and/or tagged VLANs, along with the associated
tagged values. A separate TLV is sent for each VLAN that you want to advertise.

812 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

By default, once you configure this TLV, the system sends all protocol-based VLANs on
the port. However, the LLDPDU cannot exceed 1500 bytes, so you should configure the
port to advertise only the specified VLANs.

Note
The total LLPDU size is 1500 bytes; any TLVs after that limit are dropped.

This TLV does not send information on the type of protocol that the VLAN has enabled;
it just says whether the port is enabled or disabled for protocol-based VLANs. As
Extreme Networks devices are always capable of supporting protocol-based VLANs,
once you configure this TLV, the system always advertises support for these VLANs.

Example
The following command configures all ports to advertise port and protocol VLAN
information to neighbors for all VLANs on all ports:

configure lldp ports all advertise vendor-specific dot1 port-protocol-vlan-id

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports vendor-specific dot1 port-vlan-ID

configure lldp ports [all | port_list] [advertise | no-advertise]
vendor-specific dot1 port-vlan-ID

Description
Configures the LLDP port to advertise or not advertise port vlan ID information to its
neighbors. This allows a VLAN bridge port to advertise the port VLAN identifier that is
associated with untagged or priority-tagged frames.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
advertise Specifies to send the information to neighbors.
no-advertise Specifies not to send the information to neighbors.

Switch Engine™ Command Reference Guide for version 32.7.1 813

Default Commands

Default
No advertise.

Usage Guidelines
The port VLAN ID TLV allows the port to transmit the VLAN ID associated with
untagged VLANs. There can be only one port VLAN ID in each LLPDU.

If no untagged VLANs are configured on the specified port, the TLV is not added to the
LLPDU, even if you configured this to advertise.

Example
The following command configures all ports to advertise port vlan ID information to
neighbors:

configure lldp ports all advertise vendor-specific dot1 port-vlan-ID

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports vendor-specific dot1 vlan-name

configure lldp ports [all | port_list] [advertise | no-advertise]
vendor-specific dot1 vlan-name {vlan [all | vlan_name]}

Description
Configures the LLDP port to advertise or not advertise VLAN name information to its
neighbors. Use this TLV to advertise information for the tagged VLANs you want to
specify on the port. This allows an IEEE 802.1Q-compatible 802 LAN station to advertise
the assigned name of any VLAN with which it is configured.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
advertise Specifies to send the information to neighbors.
no-advertise Specifies not to send the information to neighbors.
vlan Specifies all VLANs on the port.
vlan_name Specifies the VLAN on the port that you want to advertise.

814 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
No advertise.

Usage Guidelines
The VLAN name TLV sends the VLAN name and the tag used; it associates a name to
a tag for the specified VLAN. This allows an IEEE 802.1Q-compatible 802 LAN station to
advertise the assigned name of any VLAN with which it is configured.

You can enable this TLV for tagged and untagged VLANs. When you enable this TLV
for tagged VLANs, the TLV advertises the IEEE 802.1Q tag for that VLAN. (For untagged
VLANs, the internal tag is advertised.) You can specify exactly which VLANs to advertise.

When configured to advertise, the switch inserts a VLAN name TLV for every VLAN
configured on the ports. By default, once you configure this TLV, the system sends all
VLAN names on the port. However, each VLAN name can require up to 32 bytes and the
LLDPDU cannot exceed 1500 bytes, so you should configure the port to advertise only
the specified VLANs, using the keyword vlan_name.

Note
The total LLPDU size is 1500 bytes; any TLVs after that limit are dropped.

Example
The following command configures all ports to not advertise VLAN name information
to neighbors:

configure lldp ports all no-advertise vendor-specific dot1 vlan-name

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports vendor-specific dot3 link-aggregation

configure lldp ports [all | port_list] [advertise | no-advertise]
vendor-specific dot3 link-aggregation

Description
Configures the LLDP port to advertise or not advertise link-aggregation capabilities to
its neighbors.

Switch Engine™ Command Reference Guide for version 32.7.1 815

Syntax Description Commands

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
advertise Specifies to send the information to neighbors.
no-advertise Specifies not to send the information to neighbors.

Default
No advertise.

Usage Guidelines
When configured, this TLV is added to each LLDP port LLDPDU indicating the link-
aggregation capabilities, status, and value of the master port of the load-sharing group.

Example
The following command configures port 1:12 to not advertise link-aggregation
capabilities to neighbors:

configure lldp ports 1:12 no-advertise vendor-specific dot3 link-aggregation

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports vendor-specific dot3 mac-phy

configure lldp ports [all | port_list] [advertise | no-advertise]
vendor-specific dot3 mac-phy

Description
Configures the LLDP port to advertise or not advertise MAC and physical layer
capabilities to its neighbors. The capabilities include duplex and bit rate.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.

816 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

advertise Specifies to send the information to neighbors.

no-advertise Specifies not to send the information to neighbors.

Default
No advertise.

Usage Guidelines
When configured, the system advertises information about the speed capabilities, as
well as autonegotiation support and status, of the LLDP port.

Example
The following command configures all ports to advertise MAC/PHY capabilities to
neighbors:

configure lldp ports all advertise vendor-specific dot3 mac-phy

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports vendor-specific dot3 max-frame-size

configure lldp ports [all | port_list] [advertise | no-advertise]
vendor-specific dot3 max-frame-size

Description
Configures the LLDP port to advertise or not advertise its maximum frame size to its
neighbors.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
advertise Specifies to send the information to neighbors.
no-advertise Specifies not to send the information to neighbors.

Switch Engine™ Command Reference Guide for version 32.7.1 817

Default Commands

Default
No advertise.

Usage Guidelines
When jumbo frames are not enabled on the specified port, the TLV reports a value of
1518 once you configure it to advertise. If jumbo frames are enabled, the TLV inserts the
configured value for the jumbo frames.

Example
The following command configures ports 1:12 and 1:13 to advertise the maximum frame
size to neighbors:

configure lldp ports 1:12 - 1:13 advertise vendor-specific dot3 max-frame-size

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports vendor-specific dot3 power-via-mdi

configure lldp ports [all | port_list] [advertise | no-advertise]
vendor-specific dot3 power-via-mdi {with-classification}

Description
Configures the LLDP port to advertise or not advertise Power over Ethernet (PoE)
capabilities to its neighbors.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
advertise Specifies to send the information to neighbors.
no-advertise Specifies not to send the information to neighbors.
with-classification Specifies to use LLDP for Data Link Layer Classification.
This option is available only on PoE+ ports.

Default
No advertise.

818 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
When configured, the system includes this TLV. We recommend enabling this TLV only
on PoE-capable ports.

The following information is transmitted for LLDP ports with this TLV:
• Support PoE or not
• Port class
◦ Power sourcing equipment (PSE)
◦ Powered device (PD)
• Power pairs used to supply power
◦ Signal
◦ Spare
• Power status
• Support pairs control or not
• Power class
◦ Class0
◦ Class1
◦ Class2
◦ Class2
◦ Class3
◦ Class4

Data link layer classification allows fine-grained dynamic re-allocation of power

based on changing needs. This feature is enabled by enabling LLDP (transmit and
receive) and configuring transmission of the power-via-MDI TLV. The ExtremeXOS
software sends an LLDPDU containing a power-via-MDI TLV within 10 seconds of DLL
classification being enabled. A PD may request a new power value using an LLDPDU.
The allocated power might be changed if a request is received and approved after a
power review. The software responds with an allocated power value within 10 seconds
of receipt of an LLDPDU with a different requested power from a PD. Power allocation
can be controlled to a granularity of 0.1 watts. When DLL classification is enabled, it
takes precedence over physical classification.

Note
For more information on advertising power support, see the configure lldp
ports vendor-specific med power-via-mdi command.

Example
The following command configures all ports to advertise power capabilities to
neighbors:

configure lldp ports all advertise vendor-specific dot3 power-via-mdi

Switch Engine™ Command Reference Guide for version 32.7.1 819

History Commands

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports vendor-specific med capabilities

configure lldp ports [all | port_list] [advertise | no-advertise]
vendor-specific med capabilities

Description
Configures the LLDP port to advertise or not advertise MED capabilities. This TLV must
be enabled before any of the other MED TLVs can be enabled. Also, this TLV must be set
to no-advertise after all other MED TLVs are set to no-advertise.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
advertise Specifies to send the information to neighbors.
no-advertise Specifies not to send the information to neighbors.

Default
No advertise.

Usage Guidelines
This command enables the LLDP media endpoint discovery (MED) capabilities TLV,
which allows LLDP-MED network connectivity devices to definitively determine that
particular endpoints support LLDP MED, and if so, to discover which LLDP MED TLVs
the particular endpoint devices are capable of supporting and to which specific device
class the device belongs to.

This TLV must be enabled before any of the other MED TLVs can be enabled; and this
TLV must be set to no-advertise after all other MED TLVs are set to no-advertise.

820 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

As with all the LLDP MED TLVs, the switch sends this TLV only after it detects a MED-
capable device on the port. The switch does not automatically send this TLV after it is
enabled; the switch must first detect a MED-capable device on the port.

Note
Network connectivity devices wait to detect LLDP MED TLVs from endpoints
before they send out LLDP MED TLVs; so L2 network connectivity devices do
not exchange LLDP MED messages.

The following information is included in the LLDP MED capabilities TLV when it is
transmitted:
• The supported LLDP MED TLVs—For Extreme Networks devices, these are
capabilities, network policy, location, and extended power (extended power only
advertised only on PoE-capable ports).
• The MED device type—For Extreme Networks devices, this is advertised as a network
connectivity device (set to 4).

Example
The following command configures all ports to advertise MED capabilities to neighbors:

configure lldp ports all advertise vendor-specific med capabilities

History
This command was first available in ExtremeXOS 11.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports vendor-specific med location-identification

configure lldp ports [all | port_list] [advertise | no-advertise]
vendor-specific med location-identification [coordinate-based
hex_value | civic-based hex_value | ecs-elin elin]

Description
Configures the LLDP port to advertise or not advertise MED location information. You
configure up to 3 different location identifiers.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.

Switch Engine™ Command Reference Guide for version 32.7.1 821

Default Commands

advertise Specifies to send the information to neighbors.

no-advertise Specifies to not send the information to neighbors.
coordinate-based Specifies using the coordinate-based location identifier.
This value is exactly 16 bytes long; see RFC 3825 for details.
hex_value Enter a hexadecimal value with each byte separated by
a colon. Or, you can obtain this value from a network
management application.
NOTE: This parameter is not used when the no-advertise
parameter is configured.
civic-based Specifies using the civic-based location identifier. This
value must have a minimum length of 6 bytes; see
RFC3825 for details.
ecs-elin Specifies using the ecs location identifier. (Emergency Call
Service, as defined in the TIA-TSB-146.)
elin Enter a numerical string; the range is 10 to 25 characters.
Or, you can obtain this value from a network management
application. (See the TIA-TSB-146 standard for a definition
of these numbers; also, the network management
application must be able to handle the LLDP MED MIB.)
NOTE: This parameter is not used when the no-advertise
parameter is configured.

Default
No advertise.

Usage Guidelines
You might need to use a specific format for your specific VoIP implementation; see the
VoIP manufacturer’s manual for details.

You must configure the LLDP MED capabilities TLV before configuring this TLV.
Configure the LLDP MED capabilities TLV using the configure lldp ports [all
| port_list] [advertise | no-advertise] vendor-specific med capabilities
command.

As with all the LLDP MED TLVs, the switch sends this TLV only after it detects a MED-
capable device on the port. The switch does not automatically send this TLV after it is
enabled; the switch must first detect a MED-capable device on the port.

Example
The following command configures all ports to advertise MED location information to
neighbors using the ECS format:

configure lldp ports all advertise vendor-specific med location-identification ecs-elin

423233455676

822 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports vendor-specific med policy application

configure lldp ports [all | port_list] [advertise | no-advertise]
vendor-specific med policy application [voice | voice-signaling
|guest-voice | guest-voice-signaling | softphone-voice | video-
conferencing | streaming-video | video-signaling] vlan [ vlan_name |
vlan_id] dscp dscp_value {priority-tagged}

Description
Configures the LLDP port to advertise or not advertise MED network policy TLVs. This
TLV advertises VLAN configuration and associated Layer 2 and Layer 3 attributes that
apply for a set of specific applications on that port. You can advertise up to 8 TLVs, each
for a specific application, per port/VLAN. Each application type can exist only once per
port. This TLV tells the endpoint the specific VLAN to use for the specific application,
along with its unique priority.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
advertise Specifies to send the information to neighbors.
no-advertise Specifies not to send the information to neighbors.
advertise Specifies to send the information to neighbors.
voice Specifies voice application on specified port/VLAN(s).
voice- Specifies voice signaling application on specified port/VLAN(s).
signaling
guest-voice Specifies guest voice application on specified port/VLAN(s).
guest-voice- Specifies guest voice signaling application on specified port/
signaling VLAN(s).
softphone- Specifies soft phone voice application on specified port/VLAN(s).
voice
video- Specifies videoconferencing application on specified port/VLAN(s).
conferencing
streaming- Specifies streaming video application on specified port/VLAN(s).
video
video- Specifies video signaling application on specified port/VLAN(s).
signaling

Switch Engine™ Command Reference Guide for version 32.7.1 823

Default Commands

vlan_name Specifies the name of the VLAN the specified application is using.
NOTE: This parameter does not apply when the no-advertise
parameter is configured.
vlan_id Specifies the ID of the VLAN the specified application is using.
NOTE: This parameter does not apply when the no-advertise
parameter is configured.
dscp_value Specifies the DSCP value for the specified application. This is a 6-bit
value from 0 to 63.
NOTE: This parameter does not apply when the no-advertise
parameter is configured.
priority- Use this if you want priority tagging, and the VLAN is configured
tagged as untagged on the port. (The endpoint sends out frames for the
specified application with a tag of 0.)
NOTE: This parameter does not apply when the no-advertise
parameter is configured.

Default
No advertise.

Usage Guidelines
This command enables the LLDP MED network policy TLV, which allows network
connectivity devices and endpoint devices to advertise VLAN configuration and
associated Layer 2 and Layer 3 attributes that apply for a set of specific application
on that port. This TLV can be enabled on a per port/VLAN basis. Each application type
can exist only once on a port.

You can enable the transmission of a TLV policy for each application. A maximum of 8
TLVs can be enabled, and each can have a unique DSCP value and/or priority tagging.

You must configure the LLDP MED capabilities TLV before configuring this TLV.
Configure the LLDP MED capabilities TLV using the configure lldp ports [all
| port_list] [advertise | no-advertise] vendor-specific med capabilities
command.

As with all the LLDP MED TLVs, the switch sends this TLV only after it detects a MED-
capable device on the port. The switch does not automatically send this TLV after it is
enabled; the switch must first detect a MED-capable device on the port.

The following information is transmitted for LLDP ports with this TLV:
• Application type

Used as configured.
• Unknown policy flag

Set to 0.
• Tagged flag

824 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Set to tagged for tagged VLANs; set to untagged for untagged VLANs. By default,
set to 0.
• VLAN ID

Copied from the VLAN. However, if you configure the priority-tagged parameter, this
value is set to 0.
• Layer 2 priority

Copied from the VLAN priority.

• DSCP value

Uses the value configured in the dscp parameter.

Note
See the documentation provided by the manufacturer of connected devices
regarding values.

Example
The following command configures all ports to advertise videoconferencing on the
VLAN video with a DSCP of 7 to neighbors:

configure lldp ports all advertise vendor-specific med policy application video-
conferencing vlan video dscp 7

History
This command was first available in ExtremeXOS 11.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp ports vendor-specific med power-via-mdi

configure lldp ports [all | port_list] [advertise | no-advertise]
vendor-specific med power-via-mdi

Description
Configures the LLDP port to advertise or not advertise MED power requirement details.
This TLV can only be enabled on a PoE-capable port and is used for advanced power
management between the MED network connectivity and endpoint devices.

Switch Engine™ Command Reference Guide for version 32.7.1 825

Syntax Description Commands

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
advertise Specifies to send the information to neighbors.
no-advertise Specifies not to send the information to neighbors.

Default
No advertise.

Usage Guidelines
When enabled, this LLDP MED TLV advertises fine-grained power requirement details
about PoE settings and support. This TLV can be enabled only on a PoE-capable port;
the switch returns an error message if this TLV is configured for a non-PoE-capable
port.

You must configure the LLDP MED capabilities TLV before configuring this TLV.
Configure the LLDP MED capabilities TLV using the configure lldp ports [all
| port_list] [advertise | no-advertise] vendor-specific med capabilities
command.

As with all the LLDP MED TLVs, the switch sends this TLV only after it detects a MED-
capable device on the port. The switch does not automatically send this TLV after it is
enabled; the switch must first detect a MED-capable device on the port.

Note
For additional information on power support, see the configure lldp ports
vendor-specific dot3 power-via-mdi command.

The following information is transmitted for LLDP MED PoE-capable ports with this TLV:
• Power type

Set to PSE.
• Power source

Set to primary power source.

• Power priority

Taken from PoE port configuration.

• Power value

Taken from PoE port configuration.

826 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command configures all ports to advertise MED power information to
neighbors:

configure lldp ports all advertise vendor-specific med power-via-mdi

History
This command was first available in ExtremeXOS 11.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp reinitialize-delay

configure lldp reinitialize-delay seconds

Description
Configures the delay before the receive state machine is reinstalled once the LLDP
transmit mode has been disabled.

Syntax Description
seconds Specifies the delay that applies to the reinitialization
attempt. The range is 1 to 10 seconds.

Default
2 seconds.

Usage Guidelines
N/A.

Example
The following command configures a reinitialization delay of 10 seconds:

configure lldp reinitialize-delay 10

History
This command was first available in ExtremeXOS 11.2.

Switch Engine™ Command Reference Guide for version 32.7.1 827

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp snmp-notification-interval

configure lldp snmp-notification-interval seconds

Description
Configures the allowed interval at which SNMP notifications are sent.

Syntax Description
seconds Specifies the interval at which LLDP SNMP notifications are
sent. The range is 5 to 3600 seconds.

Default
5 seconds.

Usage Guidelines
This is a global timer. If one port sends a notification, no notifications for other ports go
out for the configured interval.

Example
The following command configures an interval of 60 seconds for LLDP SNMP
notifications:

configure lldp snmp-notification-interval 60

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp transmit-delay

configure lldp transmit-delay [ auto | seconds]

828 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures the delay time between successive frame transmissions initiated by a value
change or status change in any of the LLDP local systems Management Information
Base (MIB).

The auto option uses a formula (0.25 * transmit-interval) to calculate the number of
seconds.

Syntax Description
auto Uses the formula (0.25 * transmit-interval) to calculate the
seconds.
seconds Specifies the interval at which LLDP notifications are sent.
The range is 1 to 8291.

Default
2 seconds.

Usage Guidelines
This is the timer between triggered updates.

Example
The following command configures the delay between LLDP frame transmissions for
triggered updates to be automatically calculated:

configure lldp transmit-delay auto

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp transmit-hold

configure lldp transmit-hold hold

Description
Calculates the actual time-to-live (TTL) value used in the LLDPDU messages.

Switch Engine™ Command Reference Guide for version 32.7.1 829

Syntax Description Commands

The formula is transmit-interval * transmit-hold; by default the TTL value is (30*4) 120
seconds.

Syntax Description
hold Used to calculate the TTL value; the range is 2 to 10.

Default
4.

Usage Guidelines
N/A.

Example
The following command configures the transmit-hold value (which is used to calculate
the TTL of the LLDP packets) to 5:

configure lldp transmit-hold 5

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure lldp transmit-interval

configure lldp transmit-interval seconds

Description
Configures the periodic transmittal interval for LLDPDUs.

Syntax Description
seconds Specifies the time between LLDPDU transmissions. The
range is 5 to 32768.

Default
30 seconds.

830 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
N/A.

Example
The following command configures a transmittal interval of 20 seconds for LLDPDUs.

configure lldp transmit-interval 20

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure log display

configure log display severity {only}

Description
Configures the real-time log-level message to display.

Syntax Description
severity Specifies a message severity. Severities include critical,
error, warning, notice, info, debug-summary, debug-
verbose, and debug-data.
only Specifies only log messages of the specified severity level.

Default
If not specified, messages of all severities are displayed on the console display.

Usage Guidelines
You must enable the log display before messages are displayed on the log display.
Use the enable log display command to enable the log display. This allows you to
configure the system to maintain a running real-time display of log messages on the
console.

Severity filters the log to display messages with the selected severity or higher (more
critical). Severities include critical, error, warning, info, notice, debug-summary, debug-
verbose, and debug-data.

Switch Engine™ Command Reference Guide for version 32.7.1 831

Example Commands

You can also control log data to different targets. The command equivalent to
configure log display is the following:
configure log target console-display severity severity

To display the current configuration of the log display, use the following command:
show log configuration target console-display

In a stack, this command is applicable only to Master and Backup nodes and not
applicable to the standby nodes.

Example
The following command configures the system log to maintain a running real-time
display of log messages of critical severity or higher:

configure log display critical

The following command configures the system log to maintain a running real-time
display of only log messages of critical severity:

configure log display critical only

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure log filter events

configure log filter name [add | delete] {exclude} events [event-
condition | [all | event-component] {severity severity {only}}]

Description
Configures a log filter to add or delete detailed feature messages based on a specified
set of events.

In a stack, this command is applicable only to Master and Backup nodes and not
applicable to the standby nodes.

Syntax Description
name Specifies the filter to configure.
add Add the specified events to the filter.

832 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

delete Remove the specified events from the filter.

exclude Events matching the specified events will be excluded.
event-condition Specifies an individual event.
all Specifies all components and subcomponents.
event-component Specifies all the events associated with a particular
component.
severity Specifies the minimum severity level of events (if the
keyword only is omitted).
only Specifies only events of the specified severity level.

Default
If the exclude keyword is not used, the events will be included by the filter. If severity is
not specified, then the filter will use the component default severity threshold (see the
note note: If no severity is specified when delete or exclude is specified, severity all is
used when delete or exclude is specified).

Usage Guidelines
This command controls the incidents that pass a filter by adding, or deleting, a
specified set of events. If you want to configure a filter to include or exclude incidents
based on event parameter values (for example, MAC address or BGP Neighbor) see the
command configure log filter events match.

When the add keyword is used, the specified event name is added to the beginning
of the filter item list maintained for this filter. The new filter item either includes the
events specified, or if the exclude keyword is present, excludes the events specified.

The delete keyword is used to remove events from the filter item list that were
previously added using the add command. All filter items currently in the filter item list
that are identical to, or a subset of, the set of events specified in the delete command
will be removed.

Event Filtering Process

From a logical standpoint, the filter associated with each enabled log target is
examined to determine whether a message should be logged to that particular target.
The determination is made for a given filter by comparing the incident with the most
recently configured filter item first. If the incident matches this filter item, the incident
is either included or excluded, depending on whether the exclude keyword was used.
Subsequent filter items on the list are compared if necessary. If the list of filter items
has been exhausted with no match, the incident is excluded.

Events, Components, and Subcomponents

As mentioned, a single event can be included or excluded by specifying the event’s
name. Multiple events can be added or removed by specifying an ExtremeXOS

Switch Engine™ Command Reference Guide for version 32.7.1 833

Severity Levels Commands

component name plus an optional severity. Some components, such as BGP, contain
subcomponents, such as Keepalive, which is specified as BGP.Keepalive. Either
components or subcomponents can be specified. The keyword all in place of a
component name can be used to indicate all ExtremeXOS components.

Severity Levels
When an individual event name is specified following the events keyword, no severity
value is needed since each event has pre-assigned severity. When a component,
subcomponent, or the all keyword is specified following the events keyword, a severity
value is optional. If no severity is specified, the severity used for each applicable
subcomponent is obtained from the pre-assigned severity threshold levels for those
subcomponents. For example, if STP were specified as the component, and no severity
is specified for the add of an include item, then only messages with severity of error and
greater would be passed, since the threshold severity for the STP component is error.
If STP.InBPDU were specified as the component, and no severity is specified, then only
messages with severity of warning and greater would be passed, since the threshold
severity for the STP.InPBDU subcomponent is warning. Use the show log components
command to see this information.

The severity keyword all can be used as a convenience when delete or exclude is
specified. The use of delete (or exclude) with severity all deletes (or excludes) previously
added events of the same component of all severity values.

Note
If no severity is specified when delete or exclude is specified, severity all is used.

If the only keyword is present following the severity value, then only the events in the
specified component at that exact severity are included. Without the only keyword,
events in the specified component at that severity or more urgent are included. For
example, using the option severity warning implies critical, error, or warning events,
whereas the option severity warning only implies warning events only. Severity all only
is not a valid choice.

Any EMS events with severity debug-summary, debug-verbose, or debug-data will not
be logged unless debug mode is enabled. See the command enable log debug-mode.

Filter Optimization
Each time a configure log filter command is issued for a given filter name, the events
specified are compared against the current configuration of the filter to try to logically
simplify the configuration.

For example, if the command:

configure log filter bgpFilter1 add events bgp.keepalive severity error
only

were to be followed by the command:

configure log filter bgpFilter1 add events bgp severity info

834 Switch Engine™ Command Reference Guide for version 32.7.1

Commands More Information

the filter item in the first command is automatically deleted since all events in the
BGP.Keepalive subcomponent at severity error would be also included as part of the
second command, making the first command redundant.

More Information
See the command show log for more information about severity levels.

To get a listing of the components present in the system, use the following command:
show log components

To get a listing of event condition definitions, use the following command:

show log events

To see the current configuration of a filter, use the following command:

show log configuration filter {filter name}

Example
The following command adds all STP component events at severity info to the filter
mySTPFilter:
configure log filter myStpFilter add events stp severity info

The following command adds the STP.OutBPDU subcomponent, at the pre-defined

severity level for that component, to the filter myStpFilter:
configure log filter myStpFilter add events stp.outbpdu

The following command excludes one particular event, STP.InBPDU.Drop, from the
filter:
configure log filter myStpFilter add exclude events stp.inbpdu.drop

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure log filter events match

configure log filter name [add | delete] {exclude} events [event-
condition | [all | event-component] {severity severity {only}}]
[match | strict-match] type value

Switch Engine™ Command Reference Guide for version 32.7.1 835

Description Commands

Description
Configures a log filter to add or delete detailed feature messages based on a specified
set of events and match parameter values.

In a stack, this command is applicable only to Master and Backup nodes and not
applicable to the standby nodes.

Syntax Description
name Specifies the filter to configure.
add Add the specified events to the filter.
delete Remove the specified events from the filter.
exclude Events matching the filter will be excluded.
event-condition Specifies the event condition.
all Specifies all events.
event-component Specifies all the events associated with a particular
component.
severity Specifies the minimum severity level of events (if the
keyword only is omitted).
only Specifies only events of the specified severity level.
match Specifies events whose parameter values match the type
value pair.
strict-match Specifies events whose parameter values match the type
value pair, and possess all the parameters specified.
type Specifies the type of parameter to match. For more
information about types and values see Types and Values.
value Specifies the value of the parameter to match. For more
information about types and values see Types and Values.

Default
If the exclude keyword is not used, the events will be included by the filter. If severity is
not specified, then the filter will use the component default severity threshold (see the
note on note: If no severity is specified when delete or exclude is specified, severity all is
used when delete or exclude is specified).

Usage Guidelines
This command controls the incidents that pass a filter by adding or deleting a specified
set of events that match a list of type value pairs. This command is an extension of
the command configure log filter events , and adds the ability to filter incidents
based on matching specified event parameter values to the event.

836 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Types and Values

See the configure log filter events command configure log filter events
for more information on specifying and using filters, on event conditions and
components, and on the details of the filtering process. The discussion here is about
the concepts of matching type value pairs to more narrowly define filters.

Types and Values

Each event in ExtremeXOS is defined with a message format and zero or more
parameter types. The show log events command show log events can be used
to display event definitions (the event text and parameter types). The syntax for the
parameter types (represented by type in the command syntax above) is:
[address-family [ipv4-multicast | ipv4-unicast | ipv6-multicast | ipv6-
unicast] | bgp-neighbor ip address | bgp-routeridip address | eaps eaps
domain name | {destination | source} [ipaddress ip address | L4-port
| mac-address ] | esrpesrp domain name | {egress | ingress} [slotslot
number | portsport_list] | ipaddressip address | L4-portL4-port | mac-
addressmac_address | netmask netmask | number number | portport_list |
processprocess name | slot slotid | stringexact string to be matched |
vlanvlan name | vlan tagvlan tag]

Note
The slot parameters are available only on SummitStacks.

Beginning with ExtremeXOS 11.2, you can specify the ipaddress type as IPv4 or IPv6,
depending on the IP version. The following examples show how to configure IPv4
addresses and IPv6 addresses:
• IPv4 address.

To configure an IP address, with a mask of 32 assumed, use the following command:

configure log filter myFilter add events all match ipaddress 12.0.0.1

To configure a range of IP addresses with a mask of 8, use the following command:

configure log filter myFilter add events all match ipaddress 12.0.0.0/8
• IPv6 address.

To configure an IPv6 address, with a mask of 128 assumed, use the following
command:
◦ configure log filter myFilter add events all match ipaddress 3ffe::1
◦ To configure a range of IPv6 addresses with a mask of 16, use the following
command:
◦ configure log filter myFilter add events all match ipaddress
3ffe::/16

• IPv6 scoped address.

IPv6 scoped addresses consist of an IPv6 address and a VLAN. The following
examples identify a link local IPv6 address.

Switch Engine™ Command Reference Guide for version 32.7.1 837

Match Versus Strict-Match Commands

To configure a scoped IPv6 address, with a mask of 128 assumed, use the following
command:

Note
In the previous example, if you specify the VLAN name, it must be a full match;
wild cards are not allowed.

The value depends on the parameter type specified. As an example, an event may
contain a physical port number, a source MAC address, and a destination MAC address.
To allow only those incidents with a specific source MAC address, use the following in
the command:
configure log filter myFilter add events aaa.radius.requestInit secerity
notice match source mac-address 00:01:30:23:C1:00 configure log filter
myFilter add events bridge severity notice match source mac-address
00:01:30:23:C1:00

The string type is used to match a specific string value of an event parameter, such
as a user name. The exact string is matched with the given parameter and no regular
expression is supported.

Match Versus Strict-Match

The match and strict-match keywords control the filter behavior for incidents whose
event definition does not contain all the parameters specified in a configure log
filter events match command. This is best explained with an example. Suppose
an event in the XYZ component, named XYZ.event5, contains a physical port number,
a source MAC address, but no destination MAC address. If you configure a filter to
match a source MAC address and a destination MAC address, XYZ.event5 will match
the filter when the source MAC address matches regardless of the destination MAC
address, since the event contains no destination MAC address. If you specify the strict-
match keyword, then the filter will never match, since XYZ.event5 does not contain the
destination MAC address.

In other words, if the match keyword is specified, an incident will pass a filter so long as
all parameter values in the incident match those in the match criteria, but all parameter
types in the match criteria need not be present in the event definition.

More Information
See the command show log for more information about severity levels.

To get a listing of the components present in the system, use the following command:
show log components

To get a listing of event condition definitions, use the following command:

show log events

To see the current configuration of a filter, use the following command:

show log configuration filter {filter name}

838 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
By default, all log targets are associated with the built-in filter, DefaultFilter. Therefore,
the most straightforward way to send additional messages to a log target is to modify
DefaultFilter. In the following example, the command modifies the built-in filter to
allow incidents in the STP component, and all subcomponents of STP, of severity
critical, error, warning, notice and info. For any of these events containing a physical
port number as a match parameter, limit the incidents to only those occurring on
physical ports 3, 4 and 5 on slot 1, and all ports on slot 2:
configure log filter DefaultFilter add events stp severity info match ports 1:3-1:5, 2:*

If desired, issue the unconfigure log DefaultFilter command to restore the DefaultFilter
back to its original configuration.

History
This command was first available in ExtremeXOS 10.1.

New parameter type values, including esrp and eaps were added in ExtremeXOS 11.0
and 11.1.

Support for IPv6 addresses was added in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure log messages privilege

configure log messages privilege [ admin | user ]

Description
This command configures the minimum user account level needed to view logs.

Syntax Description
messages NVRAM and memory-buffer message targets.
privilege Configure minimum privilege level needed to view logs.
admin Only admin (read-write) accounts can view log.
user User (read-only) accounts can view log also (default).

Default
User.

Switch Engine™ Command Reference Guide for version 32.7.1 839

Usage Guidelines Commands

Usage Guidelines
Use this command to configure the account level needed to view logs.

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure log target filter

configure log target [console | memory-buffer | | primary-node | |
backup-node | nvram | session | syslog [all | ipaddress {udp-port
{udp_port}} | ipPort | ipaddress tls-port {tls_port} ]{vr vr_name}
{local0...local7}] filter filter-name {severity severity {only}}

Description
Associates a filter to a target.

In a stack, this command is applicable only to Master and Backup nodes. This
command is not applicable to standby nodes.

Syntax Description
target Specifies the device to send the log entries.
console Specifies the console display.
memory-buffer Specifies the switch memory buffer.
primary-node Specifies the primary node in a stack.
backup-node Specifies the backup node in a stack.
nvram Specifies the switch NVRAM.
session Specifies the current session (including console display).
syslog Specifies a syslog remote server.
all Specifies all of the syslog remote servers.
ipaddress Specifies the syslog IP address.
ipPort Specifies the UDP port number for the syslog target.
vr_name Specifies the virtual router that can reach the server IP
address.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

840 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

local0 ... local7 Specifies the local syslog facility.

filter-name Specifies the filter to associate with the target.
severity Specifies the minimum severity level to send (if the
keyword only is omitted).
only Specifies that only the specified severity level is to be sent.

Default
If severity is not specified, the severity level for the target is left unchanged. If a virtual
router is not specified, VR-Mgmt is used.

Usage Guidelines
This command associates the specified filter and severity with the specified target. A
filter limits messages sent to a target.

Although each target can be configured with its own filter, by default, all targets are
associated with the built-in filter, DefaultFilter. Each target can also be configured with
its own severity level. This provides the ability to associate multiple targets with the
same filter, while having a configurable severity level for each target.

A message is sent to a target if the target has been enabled, the message passes the
associated filter, the message is at least as severe as the configured severity level, and
the message output matches the regular expression specified. By default, the memory
buffer and NVRAM targets are enabled. For other targets, use the command enable
log target. The following table describes the default characteristics of each type of
target.

Table 13: Default target log characteristics

Target Enabled Severity Level
console display no info
memory buffer yes debug-data
NVRAM yes warning
session no info
syslog no debug-data

The built-in filter, DefaultFilter, and a severity level of info are used for each new telnet
session. These values may be overridden on a per-session basis using the configure
log target filter command and specify the target as session. Use the following
form of the command for per-session configuration changes:
configure log target session filter filtername {severity severity
{only}}

Configuration changes to the current session target are in effect only for the duration of
the session, and are not saved in FLASH memory. The session option can also be used

Switch Engine™ Command Reference Guide for version 32.7.1 841

SummitStack Only Commands

on the console display, if the changes are desired to be temporary. If changes to the
console-display are to be permanent (saved to FLASH memory), use the following form
of the command:
configure log target console filter filtername {severity severity
{only}}

SummitStack Only
The backup-node target is only active on the primary-node, and the primary-node
target is active on backup-node and standby-nodes.

Example
The following example sends log messages to the previously syslog host at 10.31.8.25,
port 8993, and facility local3, that pass the filter myFilter and are of severity warning and
above:
configure log target syslog 10.31.8.25:8993 local3 filter myFilter severity warning

The following example sends log messages to the current session, that pass the filter
myFilter and are of severity warning and above:
configure log target session filter myFilter severity warning

History
This command was first available in ExtremeXOS 10.1.

The ipPort parameter was first available in ExtremeXOS 11.1.

The udp-port parameter was added in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure log target format

For console display, session, memory buffer, and NVRAM targets:
configure log target [ console | session | memory-buffer | nvram ]
format [timestamp [seconds | hundredths | none]] [date [ dd-Mmm-yyyy
| yyyy-mm-dd | Mmm-dd | mm-dd-yyyy | mm/dd/yyyy | dd-mm-yyyy | none]]
{event-name [component | condition | none]} {process-name} {severity}
{source-line} {host-name}

For Syslog targets:

configure log target syslog [all | ipaddress {udp-port {udp_port}} |
ipPort | ipaddress tls-port {tls_port}] {vr vr_name} {local}format
[timestamp [ seconds | hundredths | none]] [date [ dd-Mmm-yyyy |

842 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

yyyy-mm-dd | Mmm-dd | mm-dd-yyyy | mm/dd/yyyy | dd-mm-yyyy | none]]

{event-name [component | condition | none]} {severity} {priority}
{host-name} {source-line} {tag-id} {tag-name}

Description
Configures the formats of the displayed message, on a per-target basis.

In a stack, this command is applicable only to Master and Backup nodes and not
applicable to the standby nodes.

Syntax Description
console Specifies the console display.
session Specifies the current session (including console display).
memory-buffer Specifies the switch memory buffer.
nvram Specifies the switch NVRAM.
syslog Specifies a syslog target.
all Specifies all remote syslog servers.
ipaddress Specifies the syslog IP address.
ipPort Specifies the UDP port number for the syslog target.
vr_name Specifies the virtual router that can reach the server IP
address.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

local0 ... local7 Specifies the local syslog facility.

timestamp Specifies a timestamp formatted to display seconds,
hundredths, or none.
date Specifies a date formatted as specified, or none.
event-name Specifies how detailed the event description will be.
Choose from none, component or condition.
host-name Specifies whether to include the syslog host name.
priority Specifies whether to include the priority.
process-name Specifies whether to include the internal process name.
severity Specifies whether to include the severity.
source-line Specifies whether to include the source file name and line
number.
tag-id Specifies whether to include the tag ID.
tag-name Specifies whether to include the tag name.

Switch Engine™ Command Reference Guide for version 32.7.1 843

Default Commands

Default
The following defaults apply to console display, memory buffer, NVRAM, and session
targets:
• timestamp—hundredths
• date—mm-dd-yyyy
• event-name—condition
• process-name—off
• severity—on
• source-line—off
• host-name—off

The following defaults apply to syslog targets (per RFC 3164):

• timestamp—seconds
• date—mmm-dd
• event-name—none
• severity—on
• priority—on
• host-name—off
• source-line—off
• tag-id—off
• tag-name—on

If a virtual router is not specified, VR-Mgmt is used.

Usage Guidelines
This command configures the format of the items that make up log messages. You can
choose to include or exclude items and set the format for those items, but you cannot
vary the order in which the items are assembled.

When applied to the targets console or session, the format specified is used for the
messages sent to the console display or telnet session. Configuration changes to the
session target, be it either a telnet or console display target session, are in effect only for
the duration of the session, and are not saved in FLASH.

When this command is applied to the target memory-buffer, the format specified is
used in subsequent show log and upload log commands. The format configured for
the internal memory buffer can be overridden by specifying a format on the show log
and upload log commands.

When this command is applied to the target syslog, the format specified is used for the
messages sent to the specified syslog host.

844 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Timestamps

Timestamps
Timestamps refer to the time an event occurred, and can be output in either seconds
as described in RFC 3164 (for example, “13:42:56”), hundredths of a second (for example,
“13:42:56.98”), or suppressed altogether. To display timestamps as hh:mm:ss, use the
seconds keyword, to display as hh:mm:ss.HH, use the hundredths keyword, or to
suppress timestamps altogether, use the none keyword. Timestamps are displayed in
hundredths by default.

Date
The date an event occurred can be output as described in RFC 3164. Dates are output
in different formats, depending on the keyword chosen. The following lists the date
keyword options, and how the date “March 26, 2005” would be output:
• Mmm-dd—Mar 26
• mm-dd-yyyy—03/26/2005
• dd-mm-yyyy—26-03-2005
• yyyy-mm-dd—2005-03-26
• dd-Mmm-yyyy—26-Mar-2005

Dates are suppressed altogether by specifying none. Dates are displayed as mm-dd-
yyyy by default.

Event Names
Event names can be output as the component name only by specifying event-name
component and as component name with condition mnemonic by specifying event-
name condition, or suppressed by specifying event-name none. The default setting is
event-name condition to specify the complete name of the events.

Host Name
The configured SNMP name of the switch can be output as HOSTNAME described in
RFC 3164 by specifying host-name. The default setting is off.

Process Name
For providing detailed information to technical support, the (internal) ExtremeXOS task
names of the applications detecting the events can be displayed by specifying process-
name. The default setting is off.

Severity
A four-letter abbreviation of the severity of the event can be output by specifying
severity on or suppressed by specifying severity off. The default setting is severity
on. The abbreviations are: Crit, Erro, Warn, Noti, Info, Summ, Verb, and Data. These
correspond to: Critical, Error, Warning, Notice, Informational, Debug-Summary, Debug-
Verbose, and Debug-Data.

Switch Engine™ Command Reference Guide for version 32.7.1 845

Source Line Commands

Source Line
For providing detailed information to technical support, the application source file
names and line numbers detecting the events can be displayed by specifying source-
line. The default setting is off. You must enable debug mode using the enable log
debug-mode command to view the source line information. For messages generated
prior to enabling debug mode, the source line information is not displayed.

Tag ID
The process-id of the (internal) ExtremeXOS process that generated the event that
resulted in the log message can be displayed by specifying tag-id. The default setting is
off.

Tag Name
The name of the log component to which the generated event belongs can be
displayed by specifying tag-name. The default setting is on. The tag name would be
the same as the output of event-name component.

Example
In the following example, the switch generates the identical event from the component
SNTP (Simple Network Time Protocol), using three different formats.

Using the default format for the session target, an example log message might appear
as:
05/29/2005 12:15:25.00 <Warn:SNTP.RslvSrvrFail> The SNTP server parameter value
(TheWrongServer.example.com) can not be resolved.

If you set the current session format using the following command:
configure log target session format timestamp seconds date mm-dd-yyyy event-name component

The same example would appear as:

05/29/2005 12:16:36 <Warn:SNTP> The SNTP server parameter value
(TheWrongServer.example.com) can not be resolved.

To provide some detailed information to technical support, you set the current session
format using the following command:
configure log target session format timestamp hundredths date mmm-dd event-name condition
source-line process-name

The same example would appear as:

May 29 12:17:20.11 SNTP: <Warn:SNTP.RslvSrvrFail> tSntpc: (sntpcLib.c:606) The SNTP
server parameter value (TheWrongServer.example.com) can not be resolved.

History
This command was first available in ExtremeXOS 10.1.

846 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

The ipPort and host-name parameters were first introduced in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure log target match

configure log target [console | memory-buffer | nvram | primary-node|
backp-node | session | syslog [all | ipaddress {udp-port {udp_port}}
| ipPort | ipaddress tls-port {tls_port} ] {vr vr_name} {local0 ...
local7}] match [any |match-expression]

Description
Associates a match expression to a target.

In a stack, this command is applicable only on a Master and Backup nodes. This
command is not applicable for standby nodes.

Syntax Description
console Specifies the console display.
memory-buffer Specifies the switch memory buffer.
nvram Specifies the switch NVRAM.
primary-node Specifies the primary node in a stack.
backup-node Specifies the backup-node in a stack.
session Specifies the current session (including console display).
syslog Specifies a syslog target.
all Specifies all of the remote syslog servers.
ipaddress Specifies the syslog IP address.
ipPort Specifies the UDP port number for the syslog target.
vr_name Specifies the virtual router that can reach the server IP
address.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

local0 ... local7 Specifies the local syslog facility.

any Specifies that any messages will match. This effectively
removes a previously configured match expression.
match-expression Specifies a regular expression. Only messages that match
the regular expression will be sent.

Switch Engine™ Command Reference Guide for version 32.7.1 847

Default Commands

Default
By default, targets do not have a match expression. If a virtual router is not specified,
VR-Mgmt is used.

Usage Guidelines
This command configures the specified target with a match expression. The filter
associated with the target is not affected. A message is sent to a target if the target
has been enabled, the message passes the associated filter, the message is at least as
severe as the configured severity level, and the message output matches the regular
expression specified.

See the command show log for a detailed description of simple regular expressions. By
default, targets do not have a match expression.

Specifying any instead of match-expression effectively removes a match expression

that had been previously configured, causing any message to be sent that has satisfied
all of the other requirements.

To see the configuration of a target, use the following command:

show log configuration target {console | memory-buffer | nvram |
primary-node | backup-node | session | syslog {ipaddress {udp-port
{udp_port }}| ipPort |ipaddress tls-port {tls_port}} {vr vr_name}
{[local0...local7]}}

To see the current configuration of a filter, use the following command:

show log configuration filter {filter name}

Example
The following command sends log messages to the current session, that pass the
current filter and severity level, and contain the string user5:
configure log target session match user5

History
This command was first available in ExtremeXOS 10.1.

The ipPort parameter was first available in ExtremeXOS 11.1.

The udp-port parameter was added in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

848 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure log target memory-buffer alert percent-full

configure log target memory-buffer alert percent-full

configure log target memory-buffer alert percent-full [ percent | none ]

Description
This command configures the log buffer threshold alert.

Syntax Description
percent-full Generate a log event when the memory buffer percentage
fully exceeds the specified percentage threshold.
percent Percent-full threshold to generate a log event [50-100].
none No alert.

Default
None.

Usage Guidelines
Use this command to configure the log buffer threshold alert.

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure log target severity

configure log target [console | memory-buffer | nvram |primary-
node |backup-node | session | syslog [all | ipaddress {udp-port
{udp_port}} | ipPort | ipaddress tls-port {tls_port} ] {vr vr_name}
{local0...local7 }] {severity severity {only}}

Description
Sets the severity level of messages sent to the target.

In a stack, this command is applicable only to Master and Backup nodes. You cannot
run this command on standby nodes.

Switch Engine™ Command Reference Guide for version 32.7.1 849

Syntax Description Commands

Syntax Description
console Specifies the console display.
memory-buffer Specifies the switch memory buffer.
nvram Specifies the switch NVRAM.
primary-node Specifies the primary node in a stack.
backup-node Specifies the backup node in a stack.
session Specifies the current session (including console display).
syslog Specifies a syslog target.
all Specifies all of the remote syslog servers.
ipaddress Specifies the syslog IP address.
ipPort Specifies the UDP port number for the syslog target.
vr_name Specifies the virtual router that can reach the server IP
address.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

local0 ... local7 Specifies the local syslog facility.

severity Specifies the least severe level to send (if the keyword only
is omitted).
only Specifies that only the specified severity level is to be sent.

Default
By default, targets are sent messages of the following severity level and above:
• console display—info
• memory buffer—debug-data
• NVRAM—warning
• session—info
• syslog—debug-data
• primary node—warning (stack only)
• backup node—warning (stack only)

If a virtual router is not specified, VR-Mgmt is used.

Usage Guidelines
This command configures the specified target with a severity level. The filter associated
with the target is not affected. A message is sent to a target if the target has been
enabled, the message passes the associated filter, the message is at least as severe as
the configured severity level, and the message output matches the regular expression
specified.

850 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

See the command show log for a detailed description of severity levels.

To see the current configuration of a target, use the following command:

show log configuration target {console | memory-buffer | nvram |
primary-node | backup-node | session | syslog {ipaddress {udp-port
{udp_port }}| ipPort |ipaddress tls-port {tls_port}} {vr vr_name}
{[local0...local7]}}

To see the current configuration of a filter, use the following command:

show log configuration filter {filter name}

Example
The following command sends log messages to the current session, that pass the
current filter at a severity level of info or greater, and contain the string user5:
configure log target session severity info

History
This command was first available in ExtremeXOS 10.1.

The ipPort parameter was first available in ExtremeXOS 11.1.

The udp-port parameter was added in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure log target syslog

configure log target syslog [all | ipaddress {udp-port {udp_port}}
| ipPort | ipaddress tls-port {tls_port}] {vr vr_name}
{local0...local7} from source-ip-address

Description
This command specifies the source-ip-address to use when sending log messages to
the Syslog server. The Syslog server's IP address along with the ipPort and local facility
(a tuple) identify which Syslog server target is to be configured.

Syntax Description
syslog Specifies a Syslog target.
all Specifies all of the remote Syslog servers.
ipaddress Specifies the Syslog server’s IP address.

Switch Engine™ Command Reference Guide for version 32.7.1 851

Default Commands

udp-port Remote Syslog server UDP port. Default 514.

udp_port UDP port number.
ipPort Specifies the UDP port number for the Syslog target.
tls_port Specifies remote Syslog server Transport Layer Security
(TLS) for connection type.
tls_port TLS port number.
vr_name Specifies the virtual router that can reach the server IP
address.

Note: User-created VRs are supported only on the platforms

listed for this feature in the Switch Engine 32.7.1 Feature
License Requirements document.

local0 ... local7 Specifies the local Syslog facility.

source-ip-address Specifies the local source IP address to use.

Note: The address family (i.e IPv4 or IPv6) of the specified

source IP address must be the same as the address family
of the Syslog server's.

Default
If a virtual router is not specified, the following virtual routers are used:
• ExtremeXOS 10.1—VR-0
• ExtremeXOS 11.0 and later—VR-Mgmt

Usage Guidelines
Use this command to identify and configure the Syslog server’s IP address. By
configuring a source IP address, the Syslog server can identify from which switch it
received the log message.

If you do not configure a source IP address for the Syslog target, the switch uses the IP
address in the configured VR that has the closed route to the destination.

Example
The following command configures the IP address for the specified Syslog target:
configure log target syslog 10.12.1.15 from 10.234.56.78
configure log target syslog 2001:12:1::1 from 2001:44::1

History
This command was first available in ExtremeXOS 10.1.

The udp-port parameter and support for the EMS to send log messages to Syslog
servers having IPv6 address was added in ExtremeXOS 21.1.

852 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Transport Layer Security (TLS) option added in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure log target upm filter

configure log target upm {upm_profile_name} filter filter-name {severity
[[severity] {only}]}

Description
Configures a log target to receive events that conform to a specific EMS filter and
severity level requirements.

Syntax Description
upm_profile_name Specifies a UPM log target to configure.
filter-name Assigns an EMS filter to the specified log target.
severity Specifies the minimum severity level for events sent to the
log target.
only Specifies that only events at the specified severity are sent
to the log target.

Default
N/A.

Usage Guidelines
Events that meet the criteria established in the EMS filter and the optional severity
requirements are forwarded to the UPM log target profile. You can further restrict the
forwarded events with the following command:
configure log target upm {upm_profile_name} match {any |regex}.

Example
The following example configures UPM log target testprofile1 to receive events that
meet the criteria defined in EMS filter testfilter1:
configure log target upm testprofile1 filter testfilter1

History
This command was first available in ExtremeXOS 12.1.

Switch Engine™ Command Reference Guide for version 32.7.1 853

Platform Availability Commands

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the Universal Port feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure log target upm match

configure log target upm {upm_profile_name} match {any | regex}

Description
Configures a log target to receive only those events that meet the specified match
criteria.

Syntax Description
upm_profile_name Specifies the UPM log target to be configured.
any Matches any event. Use this option to remove a limitation
configured with the regex option.
regex Specifies an expression that must be contained in all
forwarded events.

Default
N/A.

Usage Guidelines
This command further restricts the events selected by the command: configure log
target upm {upm_profile_name} filter filter-name {severity [[severity]
{only}]}.

Example
The following example configures UPM log target testprofile1 to receive events that
meet the criteria contain the text warning:

configure log target upm testprofile1 match warning

History
This command was first available in ExtremeXOS 12.1.

854 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the Universal Port feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure log target xml-notification filter

configure log target xml-notification xml_target_name filter filter-name
{severity [[severity] {only}]}

Description
Configures a Web server target with an EMS filter.

Syntax Description
xml_target_name Specifies the name of the xml notification target.
filter-name Specifies the name of the EMS filter.
severity Specifies the least severe level to send (if the keyword only
is omitted).

Default
N/A.

Usage Guidelines
Use this command to configure a Web server target with an EMS filter. All EMS filters
can be applied.

Example
The following command configures the Web server target test2 with EMS filter
filtertest2:
configure log target xml-notification test filter filtertest2

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 855

configure mac-lockdown-timeout ports aging-time Commands

configure mac-lockdown-timeout ports aging-time

configure mac-lockdown-timeout ports [all | port_list] aging-time
seconds

Description
Configures the MAC address lock down timeout value in seconds for the specified port
or group of ports or for all ports on the switch.

Syntax Description
all Specifies all ports.
port_list Specifies one or more ports or slots and ports.
seconds Configures the length of the time out value in seconds. The
default is 15 seconds; the range is 15 to 2,000,000 seconds.

Default
The default is 15 seconds.

Usage Guidelines
This timer overrides the FDB aging time.

This command only sets the duration of the MAC address lock down timer. To enable
the lock down timeout feature, use the following command:
enable mac-lockdown-timeout ports [all | port_list]

Example
The following command configures the MAC address lock down timer duration for 300
seconds for ports 2:3, 2:4, and 2:6:

configure mac-lockdown-timeout ports 2:3, 2:4, 2:6 aging-time 300

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

856 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure mac-locking ports first-arrival aging

configure mac-locking ports first-arrival aging

configure mac-locking ports port_list first-arrival aging [enable |
disable]

Description
Enables and disables the aging of first-arrival MAC addresses.

Syntax Description
port_list Specifies one or more ports or slots and ports.
enable MAC addresses aged out from the forwarding database are
removed from MAC locking.
disable MAC addresses aged out from the forwarding database are
not removed from MAC locking.

Default
First-arrival MAC lock aging is disabled by default.

Usage Guidelines
This command does not apply to MAC addresses locked by static locking.

When enabled, first-arrival MAC addresses that are aged out of the forwarding
database are removed from the associated port MAC lock. New MAC addresses can
be learned until the configured first-arrival limit is reached.

Example
The following command enables first-arrival MAC lock aging on port 2:3:
configure mac-locking ports 2:3 first-arrival aging enable

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mac-locking ports first-arrival limit-learning

configure mac-locking ports port_list first-arrival limit-learning
learn_limit

Switch Engine™ Command Reference Guide for version 32.7.1 857

Description Commands

Description
Configures dynamic MAC locking on a port by restricting MAC locking on a port to a
maximum number of end station addresses first connected to that port.

Syntax Description
port_list Specifies one or more ports or slots and ports.
learn_limit Specifies the maximum number of first-arrival end station
MAC addresses that can be connected to the port. Valid
values are 0–600.

Default
600 first-arrival end station MAC addresses

Usage Guidelines
When the configured limit is reached, no further entries are learned. If, however, the
learned entries are aged out, new MAC addresses can be learned.

You cannot specify a value that is lower than the number of MACs locked in the MAC
lock station table.

Example
The following example configures 400 as the maximum number of first-arrival MAC
addresses that can connect to port 14.
configure mac-locking ports 14 first-arrival limit-learning 400

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mac-locking ports first-arrival link-down-action

configure mac-locking ports port_list first-arrival link-down-action
[clear-macs | retain-macs]

Description
Clears or retains first arrival MAC locking addresses when the link goes down.

858 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
port_list Specifies one or more ports or slots and ports.
clear-macs First arrival MAC locking addresses will be cleared when
the link goes down.
retain-macs First arrival MAC locking addresses will be retained when
the link goes down.

Default
When the link goes down, by default, all the first arrival MAC locking addresses will be
removed (cleared).

Usage Guidelines
If you specify retain-macs, the first arrival MAC locking addresses will be retained even
when the link goes down.

Example
The following example disables the clearing of first arrival MAC locking addresses on
port 14.
configure mac-locking ports 14 first-arrival link-down-action retain-macs

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mac-locking ports first-arrival move-to-static

configure mac-locking ports port_list first-arrival move-to-static

Description
Moves all current first-arrival MAC locking addresses to static entries.

Syntax Description
port_list Specifies one or more ports or slots and ports.

Default
N/A

Switch Engine™ Command Reference Guide for version 32.7.1 859

Usage Guidelines Commands

Usage Guidelines
This command converts dynamic MAC locked station entries to static MAC locked
entries. The static MAC locked entries are saved in configuration and preserved across
reboots.

This command does not convert the forwarding database entries to static-permanent
entries.

Example
The following example converts the dynamic MAC locked station entries on port 14 to
static MAC locked entries.
configure mac-locking ports 14 first-arrival move-to-static

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mac-locking ports learn-limit-action

configure mac-locking ports port_list learn-limit-action [disable-port |
remain-enabled]

Description
Configures a port to be disabled or remain enabled when the port learns the
configured maximum number of MACs.

Syntax Description
port_list Specifies one or more ports or slots and ports.
disable-port Disables the port when the configured MAC limit is
reached.
remain-enabled Port remains enabled after the configured MAC limit is
reached.

Default
The port remains enabled after the configured MAC limit is reached.

Usage Guidelines
This command is used for both first arrival and static MAC locking methods.

860 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example configures port 14 to be disabled when the configured MAC
limit is reached.
configure mac-locking ports 14 learn-limit-action disable-port

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mac-locking ports log

configure mac-locking ports port_list log {violation | threshold} [on |
off]

Description
Enables or disables the sending of a syslog message for MAC lock messages.

Syntax Description
port_list Specifies one or more ports or slots and ports.
violation Sends a syslog message if the maximum value configured
for dynamic and static MAC locking is exceeded.
threshold Sends a syslog message if the maximum value configured
for dynamic and static MAC locking is reached.
on Sending a syslog message for the specified event is
enabled.
off Sending a syslog message for the specified event is
disabled.

Default
If neither violation nor threshold is specified, violation is used by default.

Usage Guidelines
When MAC locking violations are enabled, the device sends a syslog message if a
connected end station exceeds the maximum value configured for dynamic and static
MAC locking.

Switch Engine™ Command Reference Guide for version 32.7.1 861

Example Commands

When MAC locking thresholds are enabled, the device sends an syslog message if a
connected end station reaches the maximum value configured for dynamic and static
MAC locking.

Example
The following example enables threshold syslog messages on port 14.
configure mac-locking ports 14 log threshold on

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mac-locking ports static delete station

configure mac-locking ports port_list static delete station
[station_mac_address | all]

Description
Deletes MAC locking for all MAC address or the specified MAC address on the specified
port.

Syntax Description
port_list Specifies one or more ports or slots and ports.
station_mac_address Specifies the MAC address from which MAC locking will be
deleted.
all Deletes MAC locking from all MAC addresses associated
with the specified port.

Default
N/A

Usage Guidelines
None.

862 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example deletes MAC locking from the MAC address 00-a0-c9-0d-32-11
on port 14.
configure mac-locking ports 14 static delete station 00-a0-c9-0d-32-11

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mac-locking ports static limit-learning

configure mac-locking ports port_list static limit-learning learn_limit

Description
Restricts MAC locking on a port to a maximum number of static (management
defined) MAC addresses for end stations connected to this port.

Syntax Description
port_list Specifies one or more ports or slots and ports.
learn_limit Specifies the maximum number of static end station MAC
addresses that can be connected to the port. Valid values
are 0–64.

Default
64 static end station MAC addresses.

Usage Guidelines
When the configured limit is reached, no further entries are learned. If, however, the
learned entries are aged out, new MAC addresses can be learned.

You cannot set a value that is lower than the number of MACs locked in the MAC lock
station table.

You cannot configure the learning limit on both a port and a port-VLAN. If the learning
limit is configured on a port, configuration on a port-VLAN will is not allowed. Similarly,
if the learning limit is configured on a port-VLAN, configuration on port is not allowed.

Switch Engine™ Command Reference Guide for version 32.7.1 863

Example Commands

Example
The following example configures 40 as the maximum number of static MAC addresses
that can connect to port 14.
configure mac-locking ports 14 static limit-learning 40

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mac-locking ports static

configure mac-locking ports port_list static [add | enable | disable]
station station_mac_address

Description
Creates, enables, and disables a static MAC locking entry.

Syntax Description
port_list Specifies one or more ports or slots and ports.
add Adds a MAC locking association between the specified
MAC address and port.
enable Enables an existing MAC locking association between the
specified MAC address and port.
disable Disables an existing MAC locking association between the
specified MAC address and port.
station_mac_address Specifies the MAC address.

Default
A static MAC locking association is enabled by default.

Usage Guidelines
Up to 64 MAC addresses can be locked per port.

When added and enabled, a static MAC lock configuration allows only the end station
designated by the MAC address to participate in frame relay.

Disabled entries are counted when calculating the total number of locked stations.

864 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example creates a MAC locking association between port 14 and 00-a0-
c9-0d-32-11.
configure mac-locking ports 14 static add 00-a0-c9-0d-32-11

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mac-locking ports trap

configure mac-locking ports port_list trap {violation | threshold} [on |
off]

Description
Enables or disables the sending of an SNMP trap for MAC lock messages.

Syntax Description
violation Sends an SNMP trap if the maximum value configured for
dynamic and static MAC locking is exceeded.
threshold Sends an SNMP trap if the maximum value configured for
dynamic and static MAC locking is reached.
on Sending an SNMP trap for the specified event is enabled.
off Sending an SNMP trap for the specified event is disabled.

Default
If neither violation nor threshold is specified, violation is used by default.

Usage Guidelines
When MAC locking violations are enabled, the device sends an SNMP trap if a
connected end station exceeds the maximum value configured for dynamic and static
MAC locking.

When MAC locking thresholds are enabled, the device sends an SNMP trap if a
connected end station reaches the maximum value configured for dynamic and static
MAC locking.

Switch Engine™ Command Reference Guide for version 32.7.1 865

Example Commands

Example
The following example enables threshold traps on port 14.
configure mac-locking ports 14 trap threshold on

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure macsec cipher-suite

configure macsec cipher-suite [gcm-aes-128 | gcm-aes-256] ports
port_list

Description
Configures the preferred cipher suite for MAC Security (MACsec).

Syntax Description
cipher-suite Selects provisioning MACsec cipher suite to be used if
elected as key server.
gcm-aes-128 Galois/Counter Mode of AES-128 symmetric block cipher
(Default).
gcm-aes-256 Galois/Counter Mode of AES-256 symmetric block.
ports Specifies configuring ports.
port_list Lists which ports to configure the selected cipher suite on.

Default
The cipher suite gcm-aes-128 is selected by default.

Usage Guidelines

Table 14: Cipher Support

GCM-AES-256 and GCM-AES-128
Ports with LRM/MACsec Adapter
ExtremeSwitching 5320 (except
5320-24X-4X-XT), 5420, 5720 on all ports.
ExtremeSwitching 5520 on all ports,
except 5520-VIM-4X and 24X 10G ports.

866 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

If GCM-AES-256 is desired between two switches using the LRM/MACsec Adapter, you
need to issue this command on at least the key server side, but preferably on both
sides.

If the port is elected as MKA key server, then the configured cipher suite is used to
protect all port traffic. If the peer port is elected as MKA key server, then the peer
chooses which cipher suite to use.

Example
The following example selects the gcm-aes-256 cipher suite on ports 22, 30–33:
# configure macsec cipher-suite gcm-aes-256 22,30-33

The following example selects the gcm-aes-128 cipher suite on port 30:
# configure macsec cipher-suite gcm-aes-128 30

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on the following platforms.

Note
The MACsec feature requires the installation of the MAC Security feature pack
license.

Platform Ports
ExtremeSwitching 5320 All ports of all models except stacking ports.
ExtremeSwitching 5420 All ports of all models except stacking ports.
ExtremeSwitching 5520 All ports, except 5520-VIM-4X and 5520-24X 10G
ports
ExtremeSwitching 5720 All ports of all models except stacking ports.
Extreme 7520-48YE-8CE All front-panel ports.

configure macsec connectivity-association

configure macsec connectivity-association ca_name [pre-shared-key {ckn
ckn} {cak [encrypted encrypted_cak] | cak} | ports [port_list]
[enable | disable]]

Description
Configures a previously created connectivity-association (CA) object that holds MAC
Security (MACsec) key authentication data. For a particular CA, you can change the
pre-shared key and enable/disable authentication on one or more ports.

Switch Engine™ Command Reference Guide for version 32.7.1 867

Syntax Description Commands

Syntax Description
connectivity- Secures connectivity provided between MACsec stations.
association
ca_name Selects CA object to configure.
pre-shared-key Selects static MACsec key consisting of both a CKN and
CAK:
ckn Selects changing the CA key name.
This public (non-secret) key name allows each of the MKA
participants to select which connectivity association key
(CAK) to use to process a received MACsec key agreement
(MKA) protocol packets (MKPDU).
ckn Sets the CA key name. Length allowed is 1–32 characters,
entered as ASCII or an octet string preceded with 0x.
cak Sets the connectivity association key (CAK). If you are using
256-bit cipher suite, then the CAK must be 32 octets. The
128-bit cipher suite can use either a 16- or 32-octet CAK.
This is a long-lived secret key used to derive short-lived
lower-layer keys (ICK, KEK, and SAK) that are used for key
distribution and data encryption.
cak Sets the non-encrypted CAK value. Must be entered as
an octet string (for example: “0x859e72f0…”). A 128-bit (16
octet) CAK requires 32 hexadecimal digits, and a 256-bit (32
octet) CAK requires 64 hexadecimal digits. These values are
secret and should be generated off switch with a suitable
pseudorandom number generator.
encrypted Designates that secret key value is in encrypted format.
encrypted_cak Sets the value for the secret key. The encrypted CAK
value is generated by the show configuration macsec
command for previously configured CAKs.
ports Specifies configuring ports.
port_list Lists which ports to configure.
enable Enable the MKA connectivity association on the selected
port list.
disable Disables the MKA connectivity association on the selected
port list.

Default
N/A.

Usage Guidelines
You can only enable/disable CAs on ports that support MACsec.

If execution of this command results in MACsec being enabled on more than 48 ports
for a given 5320 or 5420 series switch, then the command will fail.

868 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example sets CKN to "the red key" and CAK to a 128-bit key
"0x01020304050607080910111213141516” for CA object "testca":

Note
The CAK shown here is an example. Use your own random number for
maximum security.

configure macsec connectivity-association testca pre-shared-key ckn “the red key” cak
“0x01020304050607080910111213141516”

The following example enables MACsec authentication on port 13 for CA object "testca":
# configure macsec connectivity-association testca ports 13 enable

The following example disables MACsec authentication on port 13 for CA object "testca":
# configure macsec connectivity-association testca ports 13 disable

History
This command was first available in ExtremeXOS 30.1.

Support for 256-cipher suite was added in ExtremeXOS 30.2.

Platform Availability
This command is available on the following platforms.

Note
The MACsec feature requires the installation of the MAC Security feature pack
license.

Platform Ports
ExtremeSwitching 5320 All ports of all models except stacking ports.
ExtremeSwitching 5420 All ports of all models except stacking ports.
ExtremeSwitching 5520 All ports, except 5520-VIM-4X and 5520-24X 10G
ports
ExtremeSwitching 5720 All ports of all models except stacking ports.
Extreme 7520-48YE-8CE All front-panel ports.

configure macsec include-sci

configure macsec include-sci [enable | disable] ports port_list

Description
Configures the include-SCI flag to ensure interoperability with third-party devices that
do not decode encrypted MAC Security (MACsec) packets when the SCI is not present.

Switch Engine™ Command Reference Guide for version 32.7.1 869

Syntax Description Commands

Syntax Description
include-sci Provision inclusion of SCI in SecTAG field while transmitting
MACsec frames.
enable Include SCI in SecTAG.
disable Do not include SCI in SecTAG (Default).
ports Specifies configuring ports.
port_list Lists which ports to configure the include-SCI flag on.

Default
Disabled by default (SCI is not included in MAC Security Tag (SecTAG)).

Usage Guidelines
The SecTAG appended to each data packet contains an optional parameter called
Secure Channel Indicator (SCI). The SCI is used to identify the sending Secure
Association (SA) when the connectivity-association (CA) comprises three or more peers.

Because ExtremeXOS only supports point-to-point links (which have exactly two peers),
the SCI is not sent by default (which saves 8-octets per SecTAG’d packet). Certain
third-party MACsec devices, such as the CentOS’s MACsec client and Cisco Catalyst
3650, fail to decode encrypted MACsec packets when the SCI is not present. To ensure
interoperability with such devices, you can configure the Include-SCI flag. When this
flag is set, the port always includes the 8-octet SCI in the SecTAG of all outgoing
packets.

Important
After enabling MACsec, if you change the include-SCI flag, you must run
the configure macsec initialize ports port_list command afterward.
Otherwise, the change is not applied.

Example
The following example enables including SCI in SecTAG field while transmitting MACsec
frames on port 13:
configure macsec include-sci enable port 13

The following example disables including SCI in SecTAG field while transmitting
MACsec frames on port 44:
# configure macsec include-sci disable port 44

History
This command was first available in ExtremeXOS 30.1.

870 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on the following platforms.

Note
The MACsec feature requires the installation of the MAC Security feature pack
license.

Platform Ports
ExtremeSwitching 5320 All ports of all models except stacking ports.
ExtremeSwitching 5420 All ports of all models except stacking ports.
ExtremeSwitching 5520 All ports, except 5520-VIM-4X and 5520-24X 10G
ports
ExtremeSwitching 5720 All ports of all models except stacking ports.
Extreme 7520-48YE-8CE All front-panel ports.

configure macsec initialize ports

configure macsec initialize ports port_list

Description
Resets the MAC Security (MACsec) Key Agreement (MKA) protocol state machine on
one or more ports and applies MACsec configuration changes to already enabled ports.

Syntax Description
initialize Selects resetting the MACsec Key Agreement protocol
state machine.
ports Specifies configuring ports.
port_list Lists which ports to reset the MACsec Key Agreement
protocol state machine on.

Default
N/A.

Usage Guidelines
Issuing this command resets the MKA state machine, which in turn deletes any secured
channels and their secure association keys (SAKs). This command is also used to apply
MACsec configuration changes (mka actor-priority, include-sci, replay-protect, mka life-
time) to an already enabled port. All traffic is blocked until MKA renegotiates a new set
of keys and those keys are installed. For more information, see IEEE802.1X-2010 Clause
12.9.3 Initialization.

Switch Engine™ Command Reference Guide for version 32.7.1 871

Example Commands

Example
The following example resets the MACsec Key Agreement protocol state machine on
port 13:
configure macsec initialize ports 13

History
This command was first available in ExtremeXOS 30.1.

Platform Availability
This command is available on the following platforms.

Note
The MACsec feature requires the installation of the MAC Security feature pack
license.

Platform Ports
ExtremeSwitching 5320 All ports of all models except stacking ports.
ExtremeSwitching 5420 All ports of all models except stacking ports.
ExtremeSwitching 5520 All ports, except 5520-VIM-4X and 5520-24X 10G
ports
ExtremeSwitching 5720 All ports of all models except stacking ports.
Extreme 7520-48YE-8CE All front-panel ports.

configure macsec mka actor-priority

configure macsec mka actor-priority actor_priority ports port_list

Description
Configures MAC Security (MACsec) actor’s priority for port(s).

Syntax Description
mka Configures MACsec key agreement (MKA) parameters.
actor-priority Designates setting the priority advertised during MKA key
server election.
actor-priority Sets the actor priority value. A lower value denotes higher
priority.Range is 0–255 or 0x0–0xFF. Default is 0x10.
ports Specifies configuring ports.
port_list Lists which ports to configure the actor priority on.

872 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Default value for actor priority is 0x10.

Usage Guidelines
Each MKA participant selects the participant advertising the highest priority as the
key server. In the event of a tie, the participant with the highest priority MAC address
(lowest value) is selected. The recommended priority range for infrastructure ports is
0x00 to 0x1f, with a default of 0x10. You can assign the full range of priorities, 0x00 to
0xff:
• To have a port become a key server, raise the priority by assigning a priority value less
than 0x10.
• To not have a port become key server, lower the priority by assigning a priority value
greater than 0x10.

Important
After enabling MACsec, if you change the actor priority, you must run the
configure macsec initialize ports port_list command afterward.
Otherwise, the change is not applied.

Example
The following example raises the actor priority value to 0x5 on port 13:
# configure macsec mka actor-priority "0x5" port 13
# configure macsec initialize port 13

The following example lowers the actor priority value to "31" on port 14:
# configure macsec mka actor-priority 31 port 14
# configure macsec initialize port 14

History
This command was first available in ExtremeXOS 30.1.

Platform Availability
This command is available on the following platforms.

Note
The MACsec feature requires the installation of the MAC Security feature pack
license.

Platform Ports
ExtremeSwitching 5320 All ports of all models except stacking ports.
ExtremeSwitching 5420 All ports of all models except stacking ports.

Switch Engine™ Command Reference Guide for version 32.7.1 873

configure macsec mka life-time Commands

Platform Ports
ExtremeSwitching 5520 All ports, except 5520-VIM-4X and 5520-24X 10G
ports
ExtremeSwitching 5720 All ports of all models except stacking ports.
Extreme 7520-48YE-8CE All front-panel ports.

configure macsec mka life-time

configure macsec mka life-time mka_life_time ports port_list

Description
Configures MAC Security (MACsec) lifetime for port(s).

Syntax Description
mka Configures MACsec key agreement (MKA) parameters.
life-time Designates setting the lifetime of potential and live peers.
Expiration causes removal from a list, and higher intervals
increase MKA protocol stability.
mka_life_time Sets the lifetime of potential and live peers. Range is 6-30.
Default is 6 seconds.
ports Specifies configuring ports.
port_list Lists which ports to configure the actor priority on.

Default
Default value for life-time 6 seconds.

Usage Guidelines
If MACsec link flap occurs, loosen the life-time equally on both sides of the MACsec
connection.

Note
MACsec link flap is likely to only occur on links connected to lower-end
switches (the ExtremeSwitching X620 switch, for example).

Important
After enabling MACsec, if you change the MKA lifetime, you must run
the configure macsec initialize ports port_list command afterward.
Otherwise, the change is not applied.

874 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following configures the MKA lifetime to 10 seconds on port 3:
# configure macsec mka life-time 10 port 3
# configure macsec initialize port 3

History
This command was first available in ExtremeXOS 31.5.

Platform Availability
This command is available on the following platforms:

Note
The MACsec feature requires the installation of the MAC Security feature pack
license.

Platform Ports
ExtremeSwitching 5320 All ports of all models except stacking ports.
ExtremeSwitching 5420 All ports of all models except stacking ports.
ExtremeSwitching 5520 All ports, except 5520-VIM-4X and 5520-24X 10G
ports
ExtremeSwitching 5720 All ports of all models except stacking ports.
Extreme 7520-48YE-8CE All front-panel ports.

configure macsec replay-protect

configure macsec replay-protect [window_size_in_packets | disable] ports
port_list

Description
Configures MAC Security (MACsec) replay-protect window size for port(s).

Syntax Description
replay-protect Configures dropping out-of-order packets received on a
port.
window_size_in_packet Sets replay-protect window size value. Out-of-order
s packets up to selected value are accepted. Range is
0–4,294,967,295. Default is 0 (out-of-order packets are
dropped).
disable Disables replay protection. Out-of-order packets are
allowed.

Switch Engine™ Command Reference Guide for version 32.7.1 875

Default Commands

ports Specifies configuring ports.

port_list Lists which ports to configure the replay-protect window
on.

Default
Default value for replay-protect window is 0 packets, which drops all out-of-order
packets.

Usage Guidelines
The replay protection feature provides for the dropping of out-of-order packets received
on a port. The window size is set to 0 by default, meaning any packet received out-
of-order is dropped. Setting the window size to non-zero sets the range of sequence
numbers that are tolerated, to allow receipt of packets that have been misordered by
the network. If replay protection is disabled, packet sequence numbers are not checked
and out-of-order packets are not dropped.

Important
After enabling MACsec, if you change the replay protect window size, you
must run the configure macsec initialize ports port_list command
afterward. Otherwise, the change is not applied.

Example
The following example disables replay protection on port 13:
# configure macsec replay-protect disable port 13
# configure macsec intialize port 13

The following example sets replay-protect window size to 50 packets on port 14. If the
last data packet received has a packet number (PN) of N, then the next received packet
is accepted if its PN is greater than or equal to N-50. If the PN is less than N-50, the
packet is dropped and the "Late Pkts" counter is incremented:
# configure macsec replay-protect 50 port 14
# configure macsec intialize port 14

History
This command was first available in ExtremeXOS 30.1.

876 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on the following platforms.

Note
The MACsec feature requires the installation of the MAC Security feature pack
license.

Platform Ports
ExtremeSwitching 5320 All ports of all models except stacking ports.
ExtremeSwitching 5420 All ports of all models except stacking ports.
ExtremeSwitching 5520 All ports, except 5520-VIM-4X and 5520-24X 10G
ports
ExtremeSwitching 5720 All ports of all models except stacking ports.
Extreme 7520-48YE-8CE All front-panel ports.

configure mcast ipv4 cache timeout

configure mcast ipv4 cache timeout {seconds | none}

Description
Configures the IPv4 multicast cache timeout.

Syntax Description
seconds Idle time after which cache entries are deleted.
none Cache entries are not timed out.

Default
300 seconds.

Usage Guidelines
Cache timeout is the time after which the cache entries are deleted if traffic is not
received for that duration. This applies only for snooping and MVR caches and does not
apply for PIM caches.

The range is 90 to 100000 seconds. You can use the option none if you do not want the
cache entry to be deleted. If none is configured, the cache entries can be deleted only
using the following command:
clear igmp snooping

Switch Engine™ Command Reference Guide for version 32.7.1 877

Example Commands

Example
The following example configures the IPv4 multicast cache timeout to 400 seconds.
configure mcast ipv4 cache timeout 400

The following command clears he IPv4 multicast cache timeout.

configure mcast ipv4 cache timeout none

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IGMP snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure mcast ipv6 cache timeout

configure mcast ipv6 cache timeout {seconds | none}

Description
Configures the IPv6 multicast cache timeout.

Syntax Description
seconds Idle time after which cache entries are deleted.
none Cache entries are not timed out.

Default
300 seconds.

Usage Guidelines
Cache timeout is the time after which the cache entries are deleted if traffic is not
received for that duration. This applies only for snooping and MVR caches and does not
apply for PIM caches.

The range is 90 to 100000 seconds. You can use the option none if you do not want the
cache entry to be deleted. If none is configured, the cache entries could be deleted only
using the following command:
clear igmp snooping

878 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example configures the IPv6 multicast cache timeout to 400 seconds.
configure mcast ipv6 cache timeout 400

The following command clears he IPv6 multicast cache timeout.

configure mcast ipv6 cache timeout none

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the MLD snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure meter
configure meter metername {committed-rate cir [Gbps | Mbps | Kbps
| Pps]} {max-burst-size burst-size [Kb | Mb | packets]} {out-
actions [{disable-port} {drop | set-drop-precedence {dscp [none |
dscp-value]} {dot1p [ none | dot1p-value ]}} {log} {trap}]} {ports
[port_group | port_list]}

Description
Configures an ACL meter to provide ingress traffic rate shaping.

Syntax Description
metername Specifies the ACL meter name.
committed-rate Specifies the committed information rate in gigabits per
second (Gbps), megabits per second (Mbps), or kilobits per
second (Kbps).
max-burst-size Specifies the maximum burst size or peak burst size in
kilobits (Kb) or megabits (Mb).
out-actions Specifies actions to take if traffic exceeds the profile.
drop Specifies to drop out of profile traffic.
set-drop-precedence Specifies to mark packet for high drop precedence.
dscp Specifies to set DSCP.
dscp-value DSCP value (0-63).
none Specifies to leave the DSCP or dot1p value unchanged.
dot1p Specifies dot1p value to be set.

Switch Engine™ Command Reference Guide for version 32.7.1 879

Default Commands

dot1p-value Dot1p value (0-7).

log Generate log event if trafic exceeds configured rate.
trap Generate SNMP trap if traffic exceeds configured rate.
ports Meter configuration is applicable to ports in the specified
port_group or port_list.
port_group Port group name.
port_list Port list separated by a comma.

Default
By default, a newly committed meter has no maximum burst size, no committed rate,
and a default action of drop.

Usage Guidelines
The meter configured with this command is associated with an ACL rule by specifying
the meter name using the meter action modifier within the rule.

The committed-rate keyword specifies the traffic rate allowed for this meter, and the
configured rate operates as described in Table 15. The rate you specify is rounded up to
the next granularity increment value. For example, if you configure a 1 Mbps committed
rate for a platform with a 64Kbps granularity increment, this value falls between the
increment values of 960 Kbps and 1024 Kbps, so the effective committed rate is set to
1024 Kbps. Also, note that some platforms listed below require an adjustment to the
expected rate to calculate the configured rate.

Table 15: Rate Configuration Notes

Platform Granularity Notes
All platforms 64Kbps Specify the traffic rate in Kbps, Mbps, or
Gbps.
The range is 64Kbps to 1 Gbps for GE ports
and 1Mbps to 10 Gbps for 10GE ports.
Add 20 bytes per frame to the expected rate
to determine the configured rate.

The max-burst-size keyword specifies the maximum number of consecutive bits that
are allowed to be in-profile at wire-speed. The max-burst-size parameter can be
specified in Kb, Mb, or Gb. The specified max-burst-size is rounded down to the nearest
supported size. The max-burst-size range on ExtremeSwitching switches is 32Kb to
128Mb.

The keyword out-actions specifies the action that is taken when a packet is out-
of-profile. The supported actions include dropping the packet, marking the drop
precedence for the packet, setting the DSCP value in the packet, or setting the DOT1P
value in the packet. The keyword drop indicates that any out-of-profile packet is
immediately dropped. The keyword set-drop-precedence marks out-of-profile packets

880 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

with high drop precedence. If the optional keyword set-dscp is specified, the DSCP
value, as specified by the parameter dscp-value, is written into the out-of-profile
packet. Setting the DSCP value to none leaves the DSCP value in the packet
unchanged. If the optional keyword set-dot1p is specified, the DOT1P value, as specified
by the parameter dot1p-value, is written into the out-of-profile packet. Setting the
DOT1P value to none leaves the DOT1P value in the packet unchanged.

Example
The following example configures the ACL meter maximum_bandwidth, assigns it a
rate of 10 Mbps, and sets the out of profile action to drop:
configure meter maximum_bandwidth committed-rate 10 Mbps out-action drop

The following example uses the port_groups variable:

configure meter ingmeter0 committed-rate 50 Mbps out-actions drop log disable-port ports
GroupA
configure meter ingmeter1 committed-rate 75 Mbps out-actions drop log disable-port ports
GroupA
configure meter ingmeter0 committed-rate 100 Pps out-actions drop log disable-port ports
GroupB
configure meter ingmeter1 committed-rate 150 Pps out-actions drop log disable-port ports
GroupB

History
This command was available in ExtremeXOS 11.1.

The log, trap and ports keywords and port-group and port_list variables were
added in ExtremeXOS 16.1

The dot1p keyword and variable were added in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mirror add

configure mirror { mirror_name} add [ {vlan} vlan_name | vlan vlan_id]
{ingress | [port port {ingress}}| ip-fix | port port vlan [vlan_id |
vlan_name ] {ingress}]

Description
Specifies mirror source filters for an instance.

Switch Engine™ Command Reference Guide for version 32.7.1 881

Syntax Description Commands

Syntax Description
mirror_name Specifies the mirror's name.
vlan Specifies a VLAN.
vlan_id Specifies a VLAN ID.
port Specifies a port or slot and port.
port Specifies particular ports or slots and ports.
ingress Specifies packets be mirrored as they are received on a
port.

Note: This parameter is available only with port-based

mirroring.

ip-fix Enables mirroring of the first fifteen packets of every IPFIX

flow.
egress Specifies packets be mirrored as they are sent from a port.

Note: This parameter is available only with port-based

mirroring.

ingress-and-egress Specifies all forwarded packets be mirrored. This is the

default for port-based mirroring.

Note: This parameter is available only with port-based

mirroring.

Default
N/A.

Usage Guidelines
You must enable port-mirroring using the enable mirroring to port command
before you can configure the mirroring filter definitions.

Port mirroring configures the switch to copy all traffic associated with one or more
ports to a monitor port on the switch. The switch uses a traffic filter that copies a group
of traffic to the monitor port.

Up to 128 mirroring filters can be configured with the restriction that a maximum of 16
of these can be configured as VLAN and/or virtual port (port + VLAN) filters.

One monitor port or 1 monitor port list can be configured. A monitor port list may
contain up to 16 ports.

Frames that contain errors are not mirrored.

For general guideline information and information for various platforms, see
“Guidelines for Mirroring” in the Switch Engine 32.7.1 User Guide or the Usage
Guidelines of the enable mirroring to port command.

882 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example sends all traffic coming into a switch on port 11 and the VLAN
default to the mirror port:
configure mirror add port 11 vlan default

History
This command was first available in ExtremeXOS 15.3.

The vlan_id option was added in ExtremeXOS 16.1.

The ip-fix option was added in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mirror add ports anomaly

configure mirror add ports port_list anomaly

Description
Mirrors detected anomaly traffic to the mirror port.

Syntax Description
port_list Specifies the list of ports.

Default
N/A.

Usage Guidelines
The command mirrors detected anomaly traffic to the mirror port. You must enable a
mirror port and enable protocol anomaly protection on the slot that has the port to
be monitored before using this command. After configuration, only detected anomaly
traffic from these ports are dropped or mirrored to the mirror port, and legitimate
traffic is not affected.

This command takes effect after enabling anomaly-protection.

Switch Engine™ Command Reference Guide for version 32.7.1 883

History Commands

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mirror control_index

configure mirror control_index [ add | delete ] mirror_name

Description
Adds or deletes existing mirrors to a mirror MIB instance (specified by a control index) .

Syntax Description
mirror_name Specifies a specific mirror name to add to or delete from a
mirror MIB instance.
control_index Mirror destination control index (1–4).
Also known as: etsysMirrorDestinationControlIndex. Each
comprises a group of mirror names.
add Specifies adding a mirror name to group referenced by a
control index.
delete Specifies deleting a mirror name from a group referenced
by a control index.

Default
N/A.

Usage Guidelines
To use policy-based mirroring, you need a mirror MIB instance (designated by a control
index) with one or more associated mirrors to apply mirrors to a policy profile.

Only mirrors with a single 'to' port or remote-ip can be applied to a mirror MIB instance.

Example
The following example adds existing mirror "mirror1" to mirror MIB instance with
control index "2":
configure mirror 2 add mirror1

884 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mirror delete

configure mirror {mirror_name} delete [ {vlan} vlan_name | vlan vlan_id]
{port port} | ip-fix | port port vlan [vlan_id | vlan_name]

Description
Deletes mirror source filters for an instance.

Syntax Description
mirror_name Specifies the mirror's name.
port Specifies a port or a slot and port.
port Specifies particular ports or slots and ports.
ip-fix Disables mirroring packets of IPFIX flows.
vlan Specifies a VLAN.
vlan_id Specifies a VLAN ID.
name Specifies a VLAN name.

Default
N/A.

Example
The following example deletes the mirroring filter on port 1:

configure mirroring delete ports 1

History
This command was first available in ExtremeXOS 10.1.

The VLAN option was added in ExtremeXOS 11.0.

The vlan_id option was added in ExtremeXOS 16.1.

Switch Engine™ Command Reference Guide for version 32.7.1 885

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure mirror description

configure mirror mirror_name description [ mirror-desc | none ]

Description
Creates, edits or deletes a mirroring instance description string.

Syntax Description
mirror_name Specifies the mirror name.
description Specifies the mirror description to create or edit.
none Deletes the existing mirror description.

Default
N/A.

Usage Guidelines
Use this command to create, edit or delete a mirroring instance description string.

Example
The following example configures the mirror description.

configure mirror description

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mirror name

configure mirror mirror_name name new_name

Description
Updates or specifies the "to port" definitions for a named mirroring instance .

886 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
mirror_name Specifies the mirror name.
name Specifies a new mirror name.
new_name Specifies the new mirror name.

Default
N/A.

Usage Guidelines
Use this command to update or specify the "to port" definitions for a named mirroring
instance.

Example
configure mirror m1 name m2

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mirror to
configure mirror mirror_name {to [port port | port-list port_list
| loopback port port] | remote-ip {add} remote_ip_address {{vr}
vr_name } {from [source_ip_address | auto-source-ip]} {ping-check [on
| off]}] {remote-tag rtag | port none} {priority priority_value}

Description
Updates or specifies the "to port", "to port list", or remote IP address destination
definitions for a named mirroring instance.

Syntax Description
mirror_name Specifies the mirror name.
port Specifies the mirror output port.
port-list Specifies the list of ports where traffic is to be mirrored.

Switch Engine™ Command Reference Guide for version 32.7.1 887

Default Commands

loopback port Specifies an otherwise unused port required when

mirroring to a port_list. The loopback-port is not available
for switching user data traffic.
port Specifies a single loopback port that is used internally to
provide this feature.
remote-tag Specifies the value of the VLAN ID used by the mirrored
packets when egressing the monitor port.
port Specifies the port definition for the mirroring instance.
none Specifies none for the to port definition.
remote-ip Sends mirrored packets to specified remote destination IP
address.
remote_ip_address Specifies the destination remote IP address for mirrored
packets.
add Adds a redundant (more than one) remote IP address with
a unique priority to a mirror instance.
vr Specifies the virtual router of the remote IP address.
vr_name Specifies the virtual router name. If not specified, VR of
current command context is used.
from Configures source IP address of encapsulated mirrored
packets.
source_ip_address Specifies the local source IPv4 address for encapsulated
mirrored packets.
auto-source-ip Automatically use source IP address of egress VLAN to be
used to reach remote IP address.
ping-check Configure ping health check for remote IP address.
on Only send mirrored packets to remote IP address if
periodic pings to remote IP address are successful
(default).
off Send mirrored packets to remote IP address without any
ping health check, assuming MAC address and port of next
hop IP address are static or learned.
priority Configures a unique priority value for each redundant
remote IP address of a mirror instance.
priority_value Sets a unique priority value for a remote IP address.
The priority value must be unique for each remote IP
address in the mirror instance.
The range is from 1 (least preferred) to 100 (most preferred).
The default is 50.

Default
Ping health check of the remote IP address is enabled unless otherwise specified.

If a VR is not specified, the VR of the current command context is used.

The default priority value for multiple redundant IP addresses is 50.

888 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use this command to update, or specify the "to port", "to port-list", or remote IP address
destination definitions for a named mirroring instance.

The none keyword can be used to remove a previously configured port/port-list , or

remote IP address on a disabled mirror instance.

For high availability, you can add up to four redundant remote IP addresses. For each
mirror instance, the remote IP address with the highest configured priority value that
has status “up” is used as the destination IP address for GRE-tunneled mirrored traffic.
All other remote IP addresses deemed “up” for that mirror instance are standby—ready
to be used in the event the preferred remote IP address becomes “down”. If you are
adding another (redundant) remote IP address to an existing mirror that already has a
remote IP address configured, you must use the add option.

The remote-ip cannot be the IP from vr-mgmt.

You cannot specify vr-mgmt as VR.

Example
The following example configures a mirror instance to port 3, slot 4:
# configure mirror to port 3:4

The following example configures multiple (redundant) remote IP addresses ("5.1.1.2",

"4.1.1.2", "3.1.1.2", "2.1.1.2") for mirror "analytics_chicago_1":
# enable mirror analytics_chicago_1 to remote-ip 5.1.1.2
# configure mirror analytics_chicago_1 to remote-ip add 4.1.1.2 priority 40
# configure mirror analytics_chicago_1 to remote-ip add 3.1.1.2 priority 30
# configure mirror analytics_chicago_1 to remote-ip add 2.1.1.2 priority 20
# configure mirror analytics_chicago_1 add vlan v1

# show mirror

analytics_chicago_1 (Enabled)
Description:
Mirror to remote IP: 5.1.1.2 VR : VR-Default
From IP : Auto source IP Ping check: On
Priority : 50
Status : Up. Active

Mirror to remote IP: 4.1.1.2 VR : VR-Default

From IP : Auto source IP Ping check: On
Priority : 40
Status : Up. Standby

Mirror to remote IP: 3.1.1.2 VR : VR-Default

From IP : Auto source IP Ping check: On
Priority : 30
Status : Down. Ping timed out

Mirror to remote IP: 2.1.1.2 VR : VR-Default

From IP : Auto source IP Ping check: On
Priority : 20
Status : Up. Standby

Switch Engine™ Command Reference Guide for version 32.7.1 889

History Commands

Source filter instances used : 1

All ports, vlan v1, ingress only

History
This command was first available in ExtremeXOS 15.3.

The remote IP address option was added in ExtremeXOS 22.4.

Redundant remote IP addresses capability was added in ExtremeXOS 30.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mirror to remote-ip delete

configure mirror {mirror_name to remote-ip delete [all |
remote_ip_address {{vr} vr_name}] }

Description
Removes one or all of the redundant remote IP addresses from a mirror instance.

Syntax Description
mirror_name Mirror instance name.
to Selects mirroring to another location.
remote-ip Send mirrored packets to specified destination IP address
using L2 GRE encapsulation.
delete Delete all or one remote IP addresses from a mirror
instance.
all Delete all remote IP addresses from a disabled mirror
instance.
remote_ip_address Delete the specified existing remote IP address from a
mirror instance.
vr Specifies a virtual router.
vr_name Specifies the name of the virtual router to which this
command applies. If a name is not specified, the current
CLI context is used.

Default
If a virtual router is not specified, the current CLI context is used.

890 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
To delete all or the last remaining remote IP address, you must disable the mirror first
(disable mirror [mirror_name | all]).

Example
The following example removes the remote IP address "1.1.3.3" from the mirror instance
"m1":
# configure mirror m1 to remote-ip delete 1.1.3.3

History
This command was first available in ExtremeXOS 30.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mirror to remote-ip protocol-type

configure mirror to remote-ip protocol-type [erspan-v1 | trans-ether-
bridging | user-defined protocol_value]

Description
Adds a configurable GRE protocol type for mirror-to-remote IP addresses.

Syntax Description
mirror Specifies configuring mirrors.
to Selects mirroring to another location.
remote-ip Sends mirrored packets to specified destination IP address
using L2 GRE encapsulation.
protocol-type Selects GRE protocol type in the header of mirrored
packets to all remote IP addresses.
erspan-v1 Specifies GRE protocol type 0x88BE, Encapsulated Remote
Switched Port Analyzer version 1, also known as ERSPAN
type II (default).
trans-ether-bridging Specifies GRE protocol type 0x6558, Trans Ether Bridging.
user-defined Specifies GRE protocol type specified in hexadecimal (for
example, 0x6558).
protocol_value Specifes a user-defined, two-byte hexadecimal value for
GRE protocol type (for example, 0x6558).

Switch Engine™ Command Reference Guide for version 32.7.1 891

Default Commands

Default
By default, the type is erspan-v1.

Usage Guidelines
The configured value is global, and the new value is applied immediately in hardware
for all active mirrors to remote IP addresses.

To view the current setting, use the show mirror [mirror_name | control_index |
mirror_name_li] | [all | enabled] command.

Example
The following example sets the type as trans-ether-bridging:
# configure mirror to remote-ip protocol-type trans-ether-bridging

History
This command was first available in ExtremeXOS 30.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mlag peer alternate ipaddress

configure mlag peer peer_name alternate ipaddress ip_address vr vr_name
| none

Description
This command configures the IP address for alternate health check mechanism.

Syntax Description
mlag Multi-switch Link Aggregation used to combine remote
ports and local ports to a common logical connection.
peer Multi-switch Link Aggregation Group peer switch.
peer_name Alphanumeric string identifying the peer.
alternate Health check on an alternate path.
ipaddress MLAG peer IP address for alternate path health checks.
vr Virtual router.
vr_name Virtual router name.
none Do not use alternate path health checks.

892 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
None.

Usage Guidelines
Use this command to configure the IP address for alternate health check mechanism.
Use the none option to unconfigure the configured IP.

Example
The following example displays show mlag peer output with the alternate path IP
configured:

w4.10 # show mlag peer

Multi-switch Link Aggregation Peers:

MLAG Peer : sw3

VLAN : two Virtual Router : VR-Default
Local IP Address : 2100:51:2::4
Peer IP Address : 2100:51:2::3
MLAG ports : 1 Tx-Interval : 100 ms
Checkpoint Status : Up Peer Tx-Interval : 100 ms
Rx-Hellos : 13212 Tx-Hellos : 13485
Rx-Checkpoint Msgs: 121 Tx-Checkpoint Msgs: 316
Rx-Hello Errors : 0 Tx-Hello Errors : 0
Hello Timeouts : 0 Checkpoint Errors : 0
Up Time : 0d:0h:17m:47s Peer Conn.Failures: 0
Local MAC : 00:04:96:51:ac:d7 Peer MAC : 00:04:96:36:52:91
Config'd LACP MAC : None Current LACP MAC : 00:04:96:51:ac:d7
Authentication: : md5
Authentication Key: .{:OFarc#'qX)+6zid#smIE+',+)ocijk (encrypted)

Alternate path information:

VLAN : Mgmt Virtual Router : VR-Mgmt
Local IP Address : 10.127.7.74 Peer IP Address : 10.127.7.73
Rx-Hellos : 243 Tx-Hellos : 551
Rx-Hello Errors : 0 Tx-Hello Errors : 0
Hello Timeouts : 1

When the alternate path IP is not configured, the following output is shown:

sw4.10 # show mlag peer

Multi-switch Link Aggregation Peers:

MLAG Peer : sw3

VLAN : two Virtual Router : VR-Default
Local IP Address : 2100:51:2::4
Peer IP Address : 2100:51:2::3
MLAG ports : 1 Tx-Interval : 100 ms
Checkpoint Status : Up Peer Tx-Interval : 100 ms
Rx-Hellos : 13212 Tx-Hellos : 13485
Rx-Checkpoint Msgs: 121 Tx-Checkpoint Msgs: 316
Rx-Hello Errors : 0 Tx-Hello Errors : 0
Hello Timeouts : 0 Checkpoint Errors : 0
Up Time : 0d:0h:17m:47s Peer Conn.Failures: 0
Local MAC : 00:04:96:51:ac:d7 Peer MAC : 00:04:96:36:52:91
Config'd LACP MAC : None Current LACP MAC : 00:04:96:51:ac:d7
Authentication: : md5

Switch Engine™ Command Reference Guide for version 32.7.1 893

History Commands

Authentication Key: .{:OFarc#'qX)+6zid#smIE+',+)ocijk (encrypted)

Alternate path information: None

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mlag peer authentication

configure mlag peer peer_name authentication [md5 key {encrypted
encrypted_auth_key | auth_key } | none]

Description
Configures the MD5 authentication key for checkpoint connection to peer.

Syntax Description
mlag Multi-switch Link Aggregation Group used to combine
remote ports and local ports to a common logical
connection.
peer Multi-switch Link Aggregation Group peer switch.
peer_name Alphanumeric string identifying the MLAG peer.
authentication Authentication for MLAG checkpoint connection.
md5 MD5 authentication type.
key Authentication key for checkpoint connection to the MLAG
peer.
encrypted Authenticaton key is in encrypted format.
auth_key Authentication key. Max 32 characters.
none Do not use authentication.

Default
None.

Usage Guidelines
Use this command to configure MD5 authentication key for checkpoint connection to
MLAG peer.

894 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example displays show mlag peer output when authentication is not
configured:

* Switch # show mlag peer

Multi-switch Link Aggregation Peers:

MLAG Peer : p2
VLAN : isc Virtual Router : VR-Default
Local IP Address : 10.1.1.1 Peer IP Address : 10.1.1.2
MLAG ports : 1 Tx-Interval : 1000 ms
Checkpoint Status : Up Peer Tx-Interval : 1000 ms
Rx-Hellos : 8722 Tx-Hellos :
8725

Rx-Checkpoint Msgs: 1322 Tx-Checkpoint Msgs: 947

Rx-Hello Errors : 0 Tx-Hello Errors : 0
Hello Timeouts : 0 Checkpoint Errors : 0
Up Time : 0d:2h:22m:26s Peer Conn.Failures: 0
Local MAC : 00:04:96:7e:13:93 Peer MAC : 00:04:96:7e:13:71
Config'd LACP MAC : None Current LACP MAC : 00:04:96:7e:13:71
Authentication : None

Alternate path information:

VLAN : Mgmt Virtual Router : VR-Mgmt
Local IP Address : 1.1.1.1 Peer IP Address : 1.1.1.2
Rx-Hellos : 722 Tx-Hellos : 725
Rx-Hello Errors : 0 Tx-Hello Errors : 0
Hello Timeouts : 0

The following example displays show mlag peer output when authentication is
configured:

* Switch # show mlag peer

Multi-switch Link Aggregation Peers:

MLAG Peer : p2
VLAN : isc Virtual Router : VR-Default
Local IP Address : 10.1.1.1 Peer IP Address : 10.1.1.2
MLAG ports : 1 Tx-Interval : 1000 ms
Checkpoint Status : Up Peer Tx-Interval : 1000 ms
Rx-Hellos : 8722 Tx-Hellos :
8725

Rx-Checkpoint Msgs: 1322 Tx-Checkpoint Msgs: 947

Rx-Hello Errors : 0 Tx-Hello Errors : 0
Hello Timeouts : 0 Checkpoint Errors : 0
Up Time : 0d:2h:22m:26s Peer Conn.Failures: 0
Local MAC : 00:04:96:7e:13:93 Peer MAC : 00:04:96:7e:13:71
Config'd LACP MAC : None Current LACP MAC : 00:04:96:7e:13:71
Authentication : md5
Authentication Key: abcdefghijklmnopqrstuvwxyz (encrypted)

Alternate path information:

VLAN : Mgmt Virtual Router : VR-Mgmt
Local IP Address : 1.1.1.1 Peer IP Address : 1.1.1.2
Rx-Hellos : 722 Tx-Hellos : 725
Rx-Hello Errors : 0 Tx-Hello Errors : 0
Hello Timeouts : 0

Switch Engine™ Command Reference Guide for version 32.7.1 895

History Commands

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mlag peer interval

configure mlag peer peer_name interval msec

Description
Configures the length of time between health check hello packets.

Syntax Description
peer_name Specifies an alpha numeric string identifying the peer.
msec Specifies an MLAG peer health-check hello interval in
milliseconds. The range is 50-10000ms. The default is
1000ms.

Default
The interval default is 1000 milliseconds.

Usage Guidelines
Use this command to configure the length of time between health check hello packets
exchanged between MLAG peer switches. After three health check hellos are lost, the
MLAG peer switch is declared to be failed, triggering an MLAG topology change.

Example
The following command sets an interval of 700 milliseconds on the switch101 peer.
switch:
# configure mlag peer switch101 interval 700

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

896 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure mlag peer ipaddress

configure mlag peer ipaddress

configure mlag peer peer_name ipaddress peer_ip_address {vr VR}

Description
Associates an peer switch with an MLAG peer structure.

Syntax Description
peer_name Specifies an alpha numeric string identifying the MLAG
peer.
peer_ip_address Specifies an IPv4 or IPv6 address.
VR Specifies a virtual router.

Default
N/A.

Usage Guidelines
Use this command to associate an MLAG peer structure with an MLAG peer switch IP
address.

The specified IP address must be contained within an existing direct route. If not, the
following error message is displayed:
ERROR: Specified IP address is not on directly attached subnet in VR.

The link connecting MLAG peer switches should use load sharing. If it does not, a
output similar to the following is displayed:
Note: VLAN v1 will be used as the Inter-Switch Connection to the
MLAG peer mp1. Warning: The VLAN v1 does not have a load share port
configured yet. It is recommended that the Inter-Switch Connection use
load sharing.

Example
The following command associates the MLAG peer structure switch101 with the MLAG
peer switch IP address 1.1.1.1 on VR-USER:
# configure mlag peer switch101 ipaddress 1.1.1.1 vr “VR-USER”

History
This command was first available in ExtremeXOS 12.5.

Switch Engine™ Command Reference Guide for version 32.7.1 897

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure mlag peer lacp-mac

configure mlag peer peer_name lacp-mac [auto | lacp_mac_address]

Description
Configures LACP MAC on each of the MLAG peer switches. This MAC address will be
used as the system identifier in the LACPDUs sent over the MLAG ports.

Syntax Description
mlag Multi-switch link aggregation used to combine remote
ports and local ports to a common logical connection.
peer_name Alphanumeric string identifying the MLAG peer.
lacp-mac MAC address to be used as the system identifier in
LACPDU for MLAG ports.
auto System identifier in LACPDU automatically uses switch
MAC of MLAG peer with higher IP address for ISC control
VLAN (default).
lacp_mac_address MAC address.

Default
Auto.

Usage Guidelines
This command is used to configure the System Identifier used in LACPDU for MLAG
ports. The same value has to be configured on both the MLAG peers.

Example
# configure mlag peer "peer1" lacp-mac auto
# configure mlag peer "peer1" lacp-mac 00:01:02:03:04:05

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

898 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure mlag peer name

configure mlag peer name

configure { mlag peer } peer_name name new_peer_name

Description
Renames an established peer.

Syntax Description
mlag Specifies configuring MLAG settings.
peer Specifies configuring aspects of the MLAG peer switch.
peer_name Current MLAG peer name.
name Specifies renaming the MLAG peer.
new_peer_name Specifies the new name for the MLAG peer.

Default
N/A.

Usage Guidelines
To view changes made with this command, use the show mlag peer {peer_name}
command.

Example
The following example changes the MLAG peer name from "mlag1" to "mlag2":

# configure mlag peer mlag1 name mlag2

# show mlag peer

Multi-switch Link Aggregation Peers:

MLAG Peer : mlag2

VLAN : Virtual Router :
Local IP Address : Peer IP Address :
MLAG ports : 0 Tx-Interval : 1000 ms
Checkpoint Status : Down Peer Tx-Interval : N/A ms
Rx-Hellos : Tx-Hellos :
Rx-Checkpoint Msgs: Tx-Checkpoint Msgs:
Rx-Hello Errors : Tx-Hello Errors :
Hello Timeouts : N/A Checkpoint Errors :
Up Time : N/A Peer Conn.Failures: N/A
Local MAC : 00:04:96:9b:f5:cc Peer MAC : None
Config'd LACP MAC : None Current LACP MAC : 00:04:96:9b:f5:cc
Authentication : None

Alternate path information: None

Switch Engine™ Command Reference Guide for version 32.7.1 899

History Commands

History
This command was first available in ExtremeXOS 32.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mlag ports convergence-control

configure mlag ports convergence-control [conserve-access-lists | fast]

Description
Sets a preference for having a fast convergence time or conserving access lists.

Syntax Description
conserve-access-lists Specifies that conserving access lists is preferred over low
traffic convergence time.
fast Specifies that low traffic convergence time is preferred at
the expense of the number of user access lists.

Default
Conserve-access-lists.

Usage Guidelines
Achieving fast convergence times on local port state changes (down and up),
independent of the number of FDB entries learned on the MLAG port, requires the use
of ACLs. This limits the number of ACLs you have available. This command allows you
to set your preference for having either fast convergence time or conserving available
access lists for your users.

Note
Configuring fast convergence-control limits the number of ACLs that can be
supported by the switch. You must ensure that the system has sufficient
user ACLs free when fast mode is selected. Configuring conserve-access-lists
convergence-control may increase convergence times on MLAG port failures.

Fast convergence configuration has global significance in that it applies to all MLAG
groups that are currently configured and those that may be configured in the future.

900 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command specifies a priority of conserving access lists over low traffic
convergence time:
# configure mlag ports convergence-control conserve-access-lists

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mlag ports link-up-isolation

configure mlag ports link-up-isolation [on | off]

Description
Configures linkup isolation, which prevents flood traffic received on newly operational
MLAG ports from being forwarded to ISC ports before the ISC blocking filter is installed.

Syntax Description
on Isolate MLAG ports from sending traffic to local ISC
port during link-up transition until remote ISC port is
configured.
off Do not isolate MLAG ports from sending traffic to local ISC
port during link-up transition.

Default
The default is off.

Usage Guidelines
Under certain circumstances, a temporary (less than a second) loop condition exists
when an MLAG port becomes operational, but before the remote MLAG peer installs
the ISC blocking filter. MLAG linkup isolation addresses this condition by preventing
any flood traffic (broadcast, unknown, unicast, etc.) received on a just operational MLAG
port from being forwarded to ISC ports until the remote MLAG peer installs the ISC
blocking filter.

Switch Engine™ Command Reference Guide for version 32.7.1 901

Example Commands

Example
The following example enables MLAG linkup isolation:
configure mlag ports link-up-isolation on

History
This command was first available in ExtremeXOS 22.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mlag ports reload-delay

configure mlag ports reload-delay reload-delay

Description
This command configures a reload delay on Multi-switch Link Aggregation Group
(MLAG) ports.

Syntax Description
reload-delay Specifies creating a reload delay on MLAG ports.
reload-delay Specifies the MLAG port reload-delay timer in seconds
(range = 1–1,200 seconds). The default is 30 seconds.

Default
The default reload-delay timer interval is 30 seconds.

Usage Guidelines
There are cases where MLAG ports comes up quicker than ISC ports after a switch
reboot causing traffic loss during this time gap. This command allows you to configure
a time delay for MLAG ports providing enough time for ISC ports/neighborship of other
Layer 3 protocols to come up. To have this delay timer take effect, you need to issue the
enable mlag port reload-delay on page 2314 command.

To stagger the bringing up of MLAG ports, use the command configure mlag ports
reload-interval [none | reload_interval_msec]

To view the current selection for reload delay, use the show mlag ports {port_list}
command.

902 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example sets the reload-delay to 60 seconds:
# configure mlag ports reload-delay 60

History
This command was first available in ExtremeXOS 22.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mlag ports reload-interval

configure mlag ports reload-interval [none | reload_interval_msec]

Description
Configures a staggered bringing up of ports.

Syntax Description
reload-interval Specifies configuring the time between bringing up
individual MLAG ports when reload delay is enabled.
none Specifies not waiting between bringing up individual
MLAG ports (default).
reload_interval_msec Specifies the time interval between bringing up MLAG
ports in milliseconds. The range is 0–10,000.

Default
By default, this feature is disabled.

Usage Guidelines
MLAG reload delay timer is used to disable MLAG ports during configuration load
to allow time for the convergence of protocols and for reachability of MLAG peers
(configure mlag ports reload-delay reload-delay. When there is a large number
of MLAG ports (50+), and when all of them are brought up at the same time after the
reload delay timer expires, a high convergence time of 1.5 seconds might occur. This
command configures a time delay between each of the MLAG ports coming up.

To view the current selection for reload interval, use the show mlag ports
{port_list} command.

Switch Engine™ Command Reference Guide for version 32.7.1 903

Example Commands

Example
The following example configures reload delay interval of 50 milliseconds:
# configure mlag ports reload-interval 50

History
This command was first available in ExtremeXOS 22.7.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mld
configure mld query_interval query_response_interval
last_member_query_interval {{vlan} vlan_name} {{vr} vr_name}
{robustness}

Description
Configures the Multicast Listener Discovery (MLD) timers.

Syntax Description
query_interval Specifies the interval (in seconds) between general queries.
query_response_interv Specifies the maximum query response time (in seconds).
al
last_member_query_int Specifies the maximum group-specific query response
erval time (in seconds).
vlan_name Applies the configuration only to the specified VLAN. If no
VLAN is specified, the configuration appliese to all VLANs.
vr_name Specifies the VR to which the configuration should be
applied. If not parameter is specified, the configuration is
applied to the current VR context.
robustness Specifies the degree of robustness for the network.

Default
• query interval—125 seconds
• query response interval—10 seconds
• last member query interval—1 second
• robustness—2

904 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Timers are based on RFC2710. Specify the following:
• query interval—The amount of time, in seconds, the system waits between sending
out general queries. The range is 1 to 429,496,729 seconds.
• query response interval—The maximum response time inserted into the periodic
general queries. The range is 1 to 25 seconds.
• last member query interval—The maximum response time inserted into a group-
specific query sent in response to a leave group message. The range is 1 to 25
seconds.
• robustness—The degree of robustness of the network. The range is 2 to 7.

Example
The following command configures the MLD timers:
configure mld 100 5 1 3

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

configure mld snooping fast-learning

configure mld snooping fast-learning [on | off] [vlan vlan_name]

Description
Configures fast-learning mode.

Syntax Description
vlan_name Specifies a vlan name

Default
off.

Switch Engine™ Command Reference Guide for version 32.7.1 905

Usage Guidelines Commands

Usage Guidelines
When MLD snooping is enabled on a VLAN, learning of group entries will happen only
when the next periodic query is sent by the querier in the network. When fast-learning
is turned on using this command, a query is sent under the following conditions:
• When MLD snooping is enabled.
• When MLD snooping VLAN is operationally up.
• Group join limit changed through configuration.

Query generated for faster learning uses unspecified address as the source address
(both L2 and L3), unless the switch generating the triggered query is the querier for the
network.

Example
configure mld snooping fast-learning on

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the MLD snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure mld snooping filters

configure mld snooping filters [per-port | per-vlan]

Description
Selects the type of MLD snooping filters that are installed.

Syntax Description
per-port Installs the per-port MLD snooping filters.
per-vlan Installs the per-VLAN MLD snooping filters.

Default
per-port.

906 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use the per-vlan option when the number of VLANs configured on the switch is lower
than half of the maximum numbers listed in Table 9 on page 607. This option conserves
usage of the hardware Layer 3 multicast forwarding table.

When the number of configured VLANs is larger than half of the maximum values
listed in Table 9 on page 607, select the per-port option. Each VLAN requires additional
interface hardware ACL resources. The per-port option conserves usage of the interface
hardware ACL resources.

To display the MLD snooping filters configuration, use the show mld snooping
command.

Example
The following command configures the switch to install the per-VLAN MLD snooping
filters:
configure mld snooping filters per-vlan

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the MLD snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure mld snooping flood-list

configure mld snooping flood-list [policy | none]

Description
Configures certain multicast addresses to be slow path flooded within the VLAN.

Syntax Description
policy Specifies a policy file with a list of multicast addresses to be
handled.
none Specifies no policy file is to be used.

Default
None.

Switch Engine™ Command Reference Guide for version 32.7.1 907

Usage Guidelines Commands

Usage Guidelines
With this command, you can configure certain multicast addresses to be slow path
flooded within the VLAN, instead of fast path forwarded according to MLD and/or Layer
3 multicast protocol.

A policy file is a text file with the extension .pol. It can be created or edited with any
text editor. The specified policy file policy file should contain a list of addresses that
determine if certain multicast streams are to be treated specially. Typically, if the switch
receives a stream with a destination address which is in the policy file in 'permit'
mode, that stream is software flooded and no hardware entry is installed.

When adding an IPv6 address into the policy file, a 128-bit host address is
recommended.

This feature is meant to solve the multicast connectivity problem for unknown
destination addresses within system reserved ranges. Specifically this feature was
introduced to solve the problem of recognizing a certain stream as control packets.

To create a policy file for the snooping flood-list, use the following template:
# This is a template for MLD Snooping Flood-list Policy File
# Add your group addresses between "Start" and "End"
# Do not touch rest of file!!!!
entry mldFlood {
if match any {
#------------------ Start of group addresses ------------------
nlri ff05::100:1/128;
nlri ff05::100:15/128;
#------------------- end of group addresses -------------------
} then {
permit;
}
}
entry catch_all {
if {
} then {
deny;
}
}

Note
The switch does not validate any IP address in the policy file used in this
command. Therefore, slow-path flooding should be used only for streams
that are very infrequent, such as control packets. It should not be used
for multicast data packets. This option overrides any default mechanism of
hardware forwarding (with respect to MLD or PIM), so it should be used with
caution.

Slow-path flooding occurs within the L2 VLAN only.

Use the none option to effectively disable slow path flooding.

908 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

You can use the show mld command to see the configuration of slow path flooding.

Note
This command has no effect in the current release, as IPv6 multicast traffic
floods on all platforms.

Example
The following example configures the multicast data stream specified in access1 for
slow-path flooding:
configure mld snooping flood-list access1

The following command specifies that no policy file is to be used, thus effectively
disabling slow-path flooding:
configure mld snooping flood-list none

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

configure mld snooping leave-timeout

configure mld snooping leave-timeout leave_timeout_ms {{vlan} vlan_name}
{{vr} vr_name}

Description
Configures the MLD snooping leave timeout.

Syntax Description
leave_timeout_ms Specifies an MLD leave timeout value in milliseconds upon
receiving an MLD done message.
vlan_name Applies the configuration only to the specified VLAN. If no
VLAN is specified, the configuration applies to all VLANs.
vr_name Specifies the VR to which the configuration should be
applied. If no parameter is specified, the configuration is
applied to the current VR context.

Default
1000 ms.

Switch Engine™ Command Reference Guide for version 32.7.1 909

Usage Guidelines Commands

Usage Guidelines
The range is 0–175000 ms (175 seconds). For timeout values of one second or less, you
must set the leave-timeout to a multiple of 100 ms. For values of more than one second,
you must set the leave-timeout to a multiple of 1000 ms (one second).

The specified time is the maximum leave timeout value. The switch could leave sooner
if an MLD done message is received before the timeout occurs.

Example
The following example configures the MLD snooping leave timeout to 10 seconds:
configure mld snooping leave-timeout 10000

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

configure mld snooping timer

configure mld snooping timer router_timeout host_timeout {{vlan}
vlan_name} {{vr} vr_name}

Description
Configures the MLD snooping timers.

Syntax Description
router_timeout Specifies the time in seconds before removing a router
snooping entry.
host_timeout Specifies the time in seconds before removing a host’s
group snooping entry.
vlan_name Applies the configuration only to the specified VLAN. If no
VLAN is specified, the configuration applies to all VLANs.
vr_name Specifies the VR to which the configuration should be
applied. If no parameter is specified, the configuration is
applied to the current VR contex.

Default
The router timeout default setting is 260 seconds. The host timeout setting is 260
seconds.

910 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Timers should be set to approximately 2.5 times the router query interval in use on the
network. Specify the following:
• router_timeout—The maximum time, in seconds, that a router snooping entry can
stay without receiving a router report. The range is 10 to 214,748,364 seconds (6.8
years). The default setting is 260 seconds.
• host_timeout—The maximum time, in seconds, that a group snooping entry can
stay without receiving a group report. The range is 10 to 214,748,364 seconds (6.8
years). The default setting is 260 seconds.

MLD snooping is a Layer 2 function of the switch. It does not require multicast routing
to be enabled. The feature reduces the flooding of IPv6 multicast traffic. On the VLAN,
MLD snooping optimizes the usage of network bandwidth and prevents multicast
traffic from being flooded to parts of the network that do not need it. The switch does
not reduce any IP multicast traffic in the local multicast domain (FF02::x).

MLD snooping is enabled by default on the switch. MLD snooping expects at least
one device on every VLAN to periodically generate MLD query messages. Without an
MLD querier, the switch eventually stops forwarding IPv6 multicast packets to any port,
because the MLD snooping entries times out, based on the value specified in host
timeout.

Example
The following example configures the MLD snooping timers to 600 seconds for both
timers:
configure mld snooping timer 600 600

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

configure mld snooping vlan ports add dynamic group

configure mld snooping {vlan} vlan_name {ports portlist} add dynamic
group [IPv6_grp_ipaddress]

Description
Configures an MLD dynamic group.

Switch Engine™ Command Reference Guide for version 32.7.1 911

Syntax Description Commands

Syntax Description
vlan_name Specifies a VLAN name.
portlist Specifies a port list.
IPv6_grp_ipaddress Specifies the multicast group IPv6 address.

Default
N/A.

Usage Guidelines
This command adds MLD groups to specific VLANs or to ports belonging to specific
VLANs. After the groups are added, the expiration timer is started; this causes the
groups to expire. The configuration is not saved in the configuration file. The following
message is displayed on execution of this command:
INFO: This command is not saved in the configuration.

Example
The following example configures a dynamic MLD entry so the multicast group ff02::1:1
is forwarded to VLAN marketing on ports 2:1-2:4:
configure mld snooping marketing ports 2:1-2:4 add dynamic group ff02::1:1

History
This command was first available in ExtremeXOS 15.3.2.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure mld snooping vlan ports add static group

configure mld snooping {vlan} vlan_name {ports port_list } add static
group IPv6_grp_ipaddress

Description
Configures VLAN ports to receive the traffic from a multicast group, even if no MLD
joins have been received on the port.

912 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan_name Specifies a VLAN name.
port_list Specifies one or more ports or slots and ports. On a
SummitStack, it can be a list of slots (nodes) and ports. On
a standalone switch, it can be one or more port numbers.
In the form 1, 2, 3-5, 2:5, 2:6-2:8.
IPv6_grp_ipaddress Specifies the multicast group IPv6 address.

Default
N/A.

Usage Guidelines
Use this command to forward a particular multicast group to VLAN ports. In effect, this
command emulates a host on the port that has joined the multicast group. As long as
the port is configured with the static entry, multicast traffic for that multicast group is
forwarded to that port.

The switch sends proxy MLD messages in place of those generated by a real host. The
proxy messages use the VLAN IPv6 address for source address of the messages. If the
VLAN has no IPv6 address assigned, the proxy MLD message uses 0::0 as the source IP
address.

Example
The following example configures a static MLD entry so the multicast group ff02::1:1 is
forwarded to VLAN marketing on ports 2:1-2:4:
configure mld snooping marketing ports 2:1-2:4 add static group ff02::1:1

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

configure mld snooping vlan ports add static router

configure mld snooping {vlan} vlan_name ports port_list add static
router

Switch Engine™ Command Reference Guide for version 32.7.1 913

Description Commands

Description
Configures VLAN ports to forward the traffic from all multicast groups, even if no MLD
joins have been received on the port.

Syntax Description
vlan_name Specifies a VLAN name.
port_list Specifies one or more ports or slots and ports. On a
SummitStack, it can be a list of slots and ports. On a
standalone switch, it can be one or more port numbers.
May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.

Default
N/A.

Usage Guidelines
Use this command to forward all multicast groups to the specified VLAN ports. In effect,
this command emulates a multicast router attached to those ports. As long as the ports
are configured with the static entry, all available multicast traffic is forwarded to those
ports.

Example
The following example configures a static MLD entry so all multicast groups are
forwarded to VLAN marketing on ports 2:1-2:4:
configure mld snooping marketing ports 2:1-2:4 add static router

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

configure mld snooping vlan ports delete static group

configure mld snooping {vlan} vlan_name ports port_list delete static
group [all | v6grpipaddress]

Description
Removes the configuration that causes VLAN ports to receive the traffic from a
multicast group, even if no MLD joins have been received on the port.

914 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan_name Specifies a VLAN name.
port_list Specifies one or more ports or slots and ports. On a
modular switch, it can be a list of slots and ports. On a
standalone switch, it can be one or more port numbers. In
the form 1, 2, 3-5, 2:5, 2:6-2:8.
all Specifies all multicast groups.
v6grpipaddress Specifies the multicast group IPv6 address.

Default
N/A.

Usage Guidelines
Use this command to delete a static group from a particular VLAN port.

To add a static group, use the following command:

configure mld snooping {vlan} vlan_name portsport_list add static
groupv6grpipaddress

Example
The following example removes a static MLD entry so the multicast group ff02::a:b
is not forwarded to VLAN marketing on ports 2:1-2:4, unless an MLD join message is
received on the port:
configure mld snooping marketing ports 2:1-2:4 delete static group ff02::a:b

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

configure mld snooping vlan ports delete static router

configure mld snooping {vlan} vlan_name ports port_list delete static
router

Description
Configures VLAN ports to stop forwarding the traffic from all multicast groups, unless
MLD joins have been received on the port.

Switch Engine™ Command Reference Guide for version 32.7.1 915

Syntax Description Commands

Syntax Description
vlan_name Specifies a VLAN name.
port_list Specifies one or more ports or slots and ports. On a
SummitStack, it can be a list of slots and ports. On a
standalone switch, it can be one or more port numbers.
May be in the form 1, 2, 3-5, 2:5, 2:6-2:8.

Default
None.

Usage Guidelines
Use this command to remove the configuration that forwards all multicast groups to
the specified VLAN ports.

Example
The following example removes a static MLD entry so all multicast groups are not
forwarded to VLAN marketing on ports 2:1-2:4, unless an MLD join is received on the
port:
configure mld snooping marketing ports 2:1-2:4 delete static router

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

configure mld snooping vlan ports filter

configure mld snooping vlan vlan_name ports port_list filter [policy]

Description
Configures a MLD snooping policy file filter on VLAN ports.

916 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan_name Specifies a VLAN name.
port_list Specifies one or more ports or slots and ports. On a
SummitStack, can be a list of slots and ports. On a
standalone switch, can be one or more port numbers. May
be in the form 1, 2, 3-5, 2:5, 2:6-2:8.
policy Specifies the policy file for the filter.

Default
None.

Usage Guidelines
Use this command to filter multicast groups to the specified VLAN ports.

The policy file used by this command is a text file that contains the IPv6 multicast
addresses of the multicast groups that you wish to block.

To remove MLD snooping filtering from a port, use the none keyword version of the
command.

Use the following template to create a snooping filter policy file:

#
# Add your group addresses between "Start" and "end"
# Do not touch the rest of the file!!!!
entry mldFilter {
if match any {
#------------------ Start of group addresses ------------------
nlri FF03::1/128;
nlri FF05::1/112;
#------------------- end of group addresses -------------------
} then {
deny;
}
}
entry catch_all {
if {
} then {
permit;
}

Example
The following example configures the policy file ap_multicast to filter multicast packets
forwarded to VLAN marketing on ports 2:1-2:4:
configure mld snooping marketing ports 2:1-2:4 filter ap_multicast

History
This command was first available in ExtremeXOS 15.2.

Switch Engine™ Command Reference Guide for version 32.7.1 917

Platform Availability Commands

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the MLD snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure mld snooping vlan ports join-limit

configure mld snooping {vlan} vlan_name ports port_list join-limit
[num_joins | no-limit]

Description
Configures VLAN ports to support a maximum number of MLD joins.

Syntax Description
vlan_name Specifies a VLAN name
port_list Specifies one or more ports or slots and ports.
num Specifies the maximum number of joins permitted on the
ports. The range is 1 to 5000.

Default
No limit.

Usage Guidelines
None.

Example
The following example configures port 2:1 in the Default VLAN to support a maximum
of 100 MLD joins:
configure mld snooping "Default" ports 2:1 join-limit 100

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the MLD snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

918 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure mld ssm-map add

configure mld ssm-map add

configure mld ssm-map add v6groupnetmask [v6sourceip | src_domain_name]
{ {vr} vr_name }

Description
Adds an MLD SSM Mapping entry on a VR.

Syntax Description
v6groupnetmask You must provide group address with the mask length.
Instead of configuring separate entries for a continuous
range of IP addresses, this optimizes a range of group IP
addresses to be configured as a single entry.
v6sourceip Specifies the source IP address for which the SSM should
apply.
src_domain_name Provides the option to use DNS to obtain IP addresses
dynamically by specifying the domain name.
VR vr_name Specifies the virtual router name.

Default
N/A.

Usage Guidelines
When an MLDv1 report is received for this group or group range, the list of sources
configured using this command is used as part of source-specific information to PIM.

The following error message displays when more than 50 source addresses are
configured for a specific group:
ERROR: Cannot configure more than 50 sources for group ff30::1/128 on VR-Default

The following error message displays when a source address is already configured:
ERROR: Source 2001:0DB8:1::1 already present for group ff30::1/128 on VR-Default

The following error message displays when a DNS name is already configured:
ERROR: Only one source domain name allowed for group ff30::1/128 on VR-Default

Example
The following example configures a MLD-SSM mapping entry:
configure mld ssm-map add ff06::/64 2001::1

History
This command was first available in ExtremeXOS 15.5.

Switch Engine™ Command Reference Guide for version 32.7.1 919

Platform Availability Commands

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

configure mld ssm-map delete

configure mld ssm-map delete v6groupnetmask [v6sourceip |
src_domain_name | all] {{vr} vr_name}

Description
Deletes an MLD SSM Mapping entry on a VR.

Syntax Description
v6groupnetmask You must provide group address with the mask length.
Instead of configuring separate entries for a continuous
range of IP addresses, this optimizes a range of group IP
addresses to be configured as a single entry.
v6sourceip Specifies the source IP address for which the SSM should
apply.
src_domain_name Provides the option to use DNS to obtain IP addresses
dynamically by specifying the domain name.
all Specifies that all the mapping entries associated with
v6groupnetmask are deleted.
vr vr_name Specifies the virtual router name.

Default
N/A.

Usage Guidelines
When an MLDv1 report is received for this group or group range, the list of sources
configured using this command is used as part of source-specific information to PIM.

The following error message displays when specified entry is not found:
ERROR: SSM Mapping entry (ff30::1/128, 2001:0DB8:1::10) not found on VR-Default

Example
The following example deletes a MLD-SSM mapping entry:
configure mld ssm-map delete ff06::/64 2001::1

920 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

configure mpls add vlan

configure mpls add {vlan} vlan_name

Description
Adds an MPLS interface to the specified VLAN.

Syntax Description
vlan_name Identifies the VLAN where the MPLS interface is added.

Default
VLANs are not configured with an MPLS interface.

Usage Guidelines
An MPLS interface must be configured on a VLAN in order to transmit or receive MPLS
packets on that interface. By default, MPLS, LDP, and RSVP-TE are disabled for the
MPLS interface. The specified VLAN should have an IP address configured and should
have IP forwarding enabled. The MPLS interface on the VLAN does not become active
until these two conditions are met. Also, if the IP address is unconfigured from the
VLAN or IP forwarding is disabled for the VLAN, the MPLS interface goes down. The
MPLS interface state is viewed using the show mpls interface command.

The VLAN must be operational for the MPLS interface to be up. This means that at least
one port in the VLAN must be active or the VLAN must be enabled for loopback mode.

It is recommended that when you configure MPLS on an OSPF interface that can be
used to reach a given destination, you should configure MPLS on all OSPF interfaces
that can be used to reach that destination. (You should enable MPLS on all of the
VLANs connected to the backbone network).

Example
The following example adds MPLS to the VLAN vlan_usa:
configure mpls add vlan vlan_usa

Switch Engine™ Command Reference Guide for version 32.7.1 921

History Commands

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls delete vlan

configure mpls delete [{vlan} vlan_name | vlan all]

Description
Removes an MPLS interface from the specified VLAN.

Syntax Description
vlan_name Identifies the VLAN for which the MPLS interface is deleted.
vlan all Deletes the MPLS interface from all VLANS that have MPLS
configured.

Default
VLANs are not configured with an MPLS interface.

Usage Guidelines
An MPLS interface must be configured on a VLAN in order to transmit or receive
MPLS packets on that interface. If the MPLS interface is deleted, all configuration
information associated with the MPLS interface is lost. Issuing this command brings
down all LDP neighbor sessions and all LSPs that are established through the specified
VLAN interface. When the all VLANs option is selected, the MPLS interface for all MPLS
configured VLANs is deleted.

Example
The following example deletes MPLS from the VLAN vlan_k:
configure mpls delete vlan vlan_k

History
This command was first available in ExtremeXOS 11.6

922 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls exp examination

configure mpls exp examination {value} value {qosprofile} qosprofile

Description
Configures the QoS profile that is used for the EXP value when EXP examination is
enabled.

Syntax Description
value Specifies the value that is used for the EXP value.
qosprofile Specifies the QoS profile that is used for the EXP value.

Default
The QoS profile matches the EXP value + 1.

Usage Guidelines
This command configures the QoS profile that is used for the EXP value when EXP
examination is enabled. By default, the QoS profile matches the EXP value + 1. That is,
EXP value of 0 is mapped to QoS profile qp1, EXP value of 1 is mapped to QoS profile
qp2, etc. This configuration has switch-wide significance. The EXP value must be a valid
number from 0 through 7 and the qosprofile must match one of the switch's QoS
profiles.

Note
EXP examination must be enabled using the “enable mpls exp examination”
command before the configured EXP value to QoS profile mapping is actually
used to process packets.

Example
The following command sets QoS profile q5 to be used for EXP value 7:

configure mpls exp examination value 7 qosprofile 5

History
This command was first available in ExtremeXOS 11.6.

Switch Engine™ Command Reference Guide for version 32.7.1 923

Platform Availability Commands

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls exp replacement

configure mpls exp replacement {qosprofile} qosprofile {value} value

Description
Configures the EXP value that is used for the specified QoS profile when EXP
replacement is enabled.

Syntax Description
qosprofile Specifies the QoS profile that is used for the EXP value.
value Specifies the value that is used for the EXP value.

Default
The EXP value matches the QoS profile -1.

Usage Guidelines
This command configures the EXP value that is used for the QoS profile when EXP
replacement is enabled. By default, the EXP value matches the QoS profile - 1. That is,
QoS profile qp1 is mapped to EXP value of 0, QoS profile qp2 is mapped to EXP value of
1, etc. This configuration has switch-wide significance. The qosprofile must match one
of the switch's QoS profiles and the EXP value must be a valid number from 0 through
7.

Note
EXP replacement must be enabled using the “enable mpls exp replacement”
command before the configured EXP value to QoS profile mapping is actually
used to process packets.

Example
The following command sets EXP value 2 to be used with QoS profile 4:

configure mpls exp replacement qosprofile qp4 value 2

History
This command was first available in ExtremeXOS 11.6.

924 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls labels max-static

configure mpls labels max-static max_static_labels

Description
Configures the number of labels that are reserved for specifying the incoming label for
static LSPs and static pseudowires.

Syntax Description
labels Specifies that labels are reserved to specify the incoming
label for static LSPs and static pseudowires.
max-static Specifies the number of labels that are reserved to specify
the incoming label for static LSPs and static PWs.
max_static-labels Specifies the value for the maximum number of static
labels.

Default
The default static label range size is 100.

Usage Guidelines
Use this command to configure the number of labels that are reserved for specifying
the incoming label for static LSPs and static PWs. The static label range generally starts
at 16 and the default static label range size is 100. This means that the default static
label range is 16 through 115 and can be allocated for either incoming (both transit and
egress) static LSPs, or incoming static PWs. The maximum static label_range_size is
equal to the incoming label table size – 100 labels for signaling. 960 labels are reserved
for L3VPNs. The maximum number of labels available for static configuration is 7116,
since at least 100 of those labels are reserved for dynamic signaling.

Since these values vary per-platform, use the show mpls label usage command to
see details about label usage and platform capability. The minimum static label range
size is 0.

Note
MPLS must be disabled when issuing this command. If MPLS is enabled, an
error message is displayed and the command has no affect. All other labels,
including outgoing labels for static LSPs and PWs and signaled labels used by
RSVP-TE and LDP, are allocated out of the dynamic label space.

Switch Engine™ Command Reference Guide for version 32.7.1 925

Example Commands

Example
The following example illustrates how to configure MPLS max-static labels, and how to
display them:
Summit1.2 # show mpls lab usage

Label Type Size Label Range

-------------------- ------- ----------------------------------------
Supported 1048576 0x00000 - 0xfffff (0 - 1048575)
Reserved 16 0x00000 - 0x0000f (0 - 15)
Static 100 0x00010 - 0x00073 (16 - 115)
L3VPN 960 0x00074 - 0x00433 (116 - 1075)
Dynamic 7116 0x00434 - 0x01fff (1076 - 8191)
Internal Use 0 0x00000 - 0x00000 (0 - 0)
...

Summit1.3 # disable mpls

* Summit1.4 # conf mpls lab max-static 7117
Error: There must be at least 100 dynamic labels remaining for MPLS signalling protocols.
* Summit1.5 # conf mpls lab max-static 7116
* Summit1.6 # show mpls lab usage

Label Type Size Label Range

-------------------- ------- ----------------------------------------
Supported 1048576 0x00000 - 0xfffff (0 - 1048575)
Reserved 16 0x00000 - 0x0000f (0 - 15)
Static 7116 0x00010 - 0x01bdb (16 - 7131)
L3VPN 960 0x01bdc - 0x01f9b (7132 - 8091)
Dynamic 100 0x01f9c - 0x01fff (8092 - 8191)
Internal Use 0 0x00000 - 0x00000 (0 - 0)
...

History
This command was first available in ExtremeXOS 15.4

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls ldp advertise

configure mpls ldp advertise [{direct [all | lsr-id | none]} | {rip [all
| none] | {static [all | none]}

Description
Configures a filter to be used by LDP when originating unsolicited label mapping
advertisements to LDP neighbors.

926 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
direct Specifies that the advertisement filter is applied to the associated
FECs with directly-attached routing interfaces.
rip Specifies that the advertisement filter is applied to FECs associated
with RIP routes exported by OSPF.
static Specifies that the advertisement filter is applied to FECs associated
with static routes.
all Specifies that unsolicited label mapping advertisements are
originated for all routes of the specified type.
lsr-id Specifies that an unsolicited label advertisement is originated for a
direct route that matches the MPLS LSR ID.
none Specifies that no unsolicited label mapping advertisements are
originated for the specified route type.

Default
None—the default setting for RIP and static routing methods.

lsr-id—the default setting for direct routes.

Usage Guidelines
You can configure how the advertisement filter is applied, as follows:
• direct—The advertisement filter is applied to the FECs associated with directly-
attached routing interfaces.
• rip—The advertisement filter is applied to the FECs associated with RIP routes
exported by OSPF.
• static—The advertisement filter is applied to the FECs associated with static routes.

You can configure the advertisement filter, as follows:

• all—Label mappings are originated for all routes of the specified type.
• none—No label mappings are originated for all routes of the specified type. This is
the default setting for RIP and static routes.
• lsr-id—A label mapping is originated for a direct route that matches the MPLS LSR
ID. This is the default setting for direct routes.

Advertising labels for a large number of routes may increase the required number of
labels that must be allocated by LSRs. Take care to ensure that the number of labels
advertised by LERs does not overwhelm the label capacity of the LSRs.

Example
The following command configures LDP to originate labels for all local IP interfaces:

configure mpls ldp advertise direct all

Switch Engine™ Command Reference Guide for version 32.7.1 927

History Commands

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls ldp loop-detection

configure mpls ldp loop-detection [{hop-count hop_count_limit} {path-
vector path_vector_limit}]

Description
Configures the loop-detection parameters used by LDP.

Syntax Description
hop-count Configures the number of LSRs that the label message can
traverse.
hop_count_limit Specifies the hop count limit. The valid configuration range is from
1 to 255.
path-vector Configures the maximum number of LSR IDs that can be
propagated in the label message.
path_vector_lim Specifies the path vector limit. The valid configuration range is
it from 1 to 255.

Default
The default for the hop-count and path-vector limits is 255.

Usage Guidelines
Configuration changes are only applicable to newly created LDP sessions. Disabling
and enabling LDP forces all the LDP sessions to be recreated. LDP loop detection must
first be enabled for these configuration values to be used.

Example
This command sets the LDP hop count loop detection value to 10. The configured path
vector value remains at 255.

configure mpls ldp loop-detection hop-count 10

928 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls ldp timers

configure mpls ldp timers [targeted | link] [{hello-time
hello_hold_seconds} {keep-alive-time keep_alive_hold_seconds}]

Description
Configures LDP peer session timers for the switch.

Syntax Description
targeted Specifies targeted LDP sessions.
link Specifies link LDP sessions.
hello_hold_seconds The amount of time (in seconds) that a hello message
received from a neighboring LSR remains valid. The
rate at which Hello messages are sent is 1/3 the
configured hello-time. If a Hello message is not received
from a particular neighboring LSR within the specified
hello_hold_seconds, then the hello-adjacency is not
maintained with that neighboring LSR. The range is 6 to
65,534 seconds.
keep_alive_hold_secon The time (in seconds) during which an LDP message must
ds be received for the LDP session with a particular peer
LSR to be maintained. If an LDP PDU is not received
within the specified session keep_alive_hold_seconds,
the corresponding LDP session is torn down. The range is 6
to 65,534 seconds.

Default
link hello_hold_seconds – 15 seconds

targeted hello_hold_seconds – 45 seconds

link keep_alive_hold_seconds – 40 seconds

targeted keep_alive_hold_seconds – 60 seconds

Switch Engine™ Command Reference Guide for version 32.7.1 929

Usage Guidelines Commands

Usage Guidelines
The LDP peer hello-adjacency timers are separately configurable for link and targeted
LDP sessions. The hello timer parameter specifies the amount of time (in seconds) that
a Hello message received from a neighboring LSR remains valid. The rate at which Hello
messages are sent is 1/3 the configured hello-time. If a Hello message is not received
from a particular neighboring LSR within the specified hello_hold_seconds, then the
hello-adjacency is not maintained with that neighboring LSR.

The session keep_alive_hold_seconds parameter specifies the time (in seconds)

during which an LDP message must be received for the LDP session to be maintained.
The rate at which Keep Alive messages are sent, provided there are no LDP messages
transmitted, is 1/6 the configured keep-alive-time. If an LDP PDU is not received
within the specified session keep_alive_hold_seconds interval, the corresponding
LDP session is torn down. The minimum and maximum values for hold timers are 6
and 65,534, respectively.

Changes to targeted timers only affect newly created targeted sessions. Disabling
and then enabling VPLS or LDP causes all current targeted sessions to be re-created.
The default values for the various times are as follows: link hello_hold_seconds (15),
link keep_alive_hold_seconds (40), targeted hello_hold_seconds (45), and targeted
keep_alive_hold_seconds (60). Changes to the link keep-alive timers do not take
effect until the LDP session is cycled.

Example
The following command configures link-level LDP hello adjacency hold time to 30
seconds and the keep alive time to 10 seconds:

configure mpls ldp timers link hello-time 30 keep-alive-time 10

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls lsr-id

configure mpls lsr-id ipaddress

Description
Configures the MPLS LSR ID for the switch.

930 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
ipaddress Specifies an IP address to identify the MPLS LSR for the switch. The
MPLS LSR-ID should be configured to the same IP address as the
OSPF Router ID.

Default
No LSR ID is configured by default.

Usage Guidelines
LDP, RSVP-TE, and L2 VPNs all use the LSR ID. It is normally set to the OSPF Router ID.

The LSR ID must be configured before MPLS can be enabled. The LSR ID cannot
be changed while MPLS is enabled. It is highly recommended that an IP address be
configured on a OSPF enabled loopback VLAN that matches the configured LSR ID and
OSPF ID. If an LSR ID loopback IP address is configured, OSPF automatically advertises
the LSR ID as a routable destination for setting up LSPs. The LSR ID remains active if an
interface goes down if the LSR-ID is configured as an IP address on a loopback VLAN, as
recommended. This significantly enhances network stability and operation of an MPLS
network.

Example
The following command configures the LSR ID to 192.168.50.5:

configure mpls lsr-id 192.168.50.5

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls rsvp-te bandwidth committed-rate

configure mpls rsvp-te bandwidth committed-rate committed_bps [Kbps |
Mbps | Gbps] [{vlan} vlan_name | vlan all] {receive | transmit |
both}

Switch Engine™ Command Reference Guide for version 32.7.1 931

Description Commands

Description
Specifies the maximum amount of Committed Information Rate (CIR) bandwidth
which can be used by RSVP-TE LSP reservations.

Syntax Description
committed_bp Specifies a bitrate for the bandwidth to be reserved.
s
Kbps Specifies the designated bitrate in kilobits per second.
Mbps Specifies the designated bitrate in megabits per second.
Gbps Specifies the designated bitrate in gigabits per second.
vlan Specifies that the bandwidth is to be reserved for a specific VLAN.
vlan_name Identifies the VLAN for which the bandwidth is reserved.
vlan all Specifies that the bandwidth is reserved for all VLANS that have MPLS
configured.
receive Specifies that the bandwidth is reserved for ingress traffic only.
transmit Specifies that the bandwidth is reserved for egress traffic only.
both Specifies that the bandwidth is reserved for both ingress and egress
traffic.

Default
The default is zero, which means no RSVP-TE LSP bandwidth reservations are accepted.

If bandwidth is specified without specifying traffic direction, the default is both

directions.

Usage Guidelines
This command specifies the maximum amount of Committed Information Rate (CIR)
bandwidth which can be used by dynamic RSVP-TE LSP bandwidth reservations.
By sub-allocating reserveable bandwidth for RSVP-TE from the VLAN’s available

932 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

bandwidth, the switch can guarantee that as LSPs are established, a minimum amount
of CIR bandwidth is available for other traffic.

Note
Beginning with ExtremeXOS Release 12.2.1, CIR bandwidth for the receive
direction is not tracked by TE IGPs, such as OSPF-TE, and configuring it is
not required. Configuring CIR bandwidth for the receive direction does not
prevent an LSP from going operational due to lack of receive bandwidth;
however, it can be useful for tracking and informational purposes. An Info
level log (MPLS.RSVPTE.IfRxBwdthExcd) is generated if the setup of a TE LSP
requires receive bandwidth greater than that which is currently available for
the receive direction on a particular interface. This generally happens only
when TE LSPs with different previous hops ingress the switch on the same
interface (for example, from a multi-access link) and egress the switch on
different interfaces.

The keyword both configures the reserved bandwidth for both ingress and egress LSP
CIR reservations and overwrites any previous receive or transmit settings.

Example
The following command reserves 25 Mbps of CIR bandwidth for all RSVP-TE CIR
reservations on the specified VLAN:

configure mpls rsvp-te bandwidth committed-rate 25 Mbps vlan vlan_10

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls rsvp-te lsp add path

configure mpls rsvp-te lsp lsp_name add path [path_name | any] {profile
profile_name} {primary {frr_profile_name} | secondary}

Description
Adds a configured path to the specified RSVP-TE LSP.

Switch Engine™ Command Reference Guide for version 32.7.1 933

Syntax Description Commands

Syntax Description
lsp_name Specifies the name of the LSP you are configuring.
path_name Specifies the name of the path to be used by the specified LSP.
any Configures the specified LSP to use any path.
profile_name Specifies a profile to be applied to the specified LSP. If the profile
name is omitted, the profile named default is used.
primary Designates the specified path as the primary path. Only one primary
path can be configured for an RSVP-TE LSP. If this option is omitted
and no primary path has been specified, the specified path is added
as a primary path. If not specified and a primary path has already
been added, the path is added as a secondary path.
secondary Designates the specified path as a secondary path.
frr_profile_n Specifies a fast reroute (FRR) profile to be applied to the detour LSP
ame that backs up the specified LSP.

Default
N/A.

Usage Guidelines
The LSP is not signaled until a path is added to the LSP.

If you want fast reroute protection for the LSP, use the primary option and specify the
fast reroute profile name you want to use. To specify the default fast reroute profile,
enter default-frr.

The switch chooses the local MPLS VLAN interface from which to signal the LSP. To
force an LSP to use a specific local MPLS interface, configure the local interface IP
address as the first ERO in the associated path.

Example
This command adds the path sydney-bypass to the LSP named aus as a secondary
path:

configure mpls rsvp-te lsp aus add path sydney-bypass secondary

History
This command was first available in ExtremeXOS 11.6.

The fast reroute capability was added in ExtremeXOS 12.1.

934 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls rsvp-te lsp change

configure mpls rsvp-te lsp lsp_name change [path_name | any] use profile
[{standard_profile_name} {frr_profile_name}]

Description
Changes the configuration that has been configured with the configure mpls
rsvp-te lsp lsp_name add path [path_name | any] {profileprofile_name}
{primary {frr_profile_name} | secondary} command.

Syntax Description
lsp_name Specifies the name of the LSP you are changing.
path_name Specifies the name of the path to be used by the specified LSP.
any Configures the specified LSP to use any path.
standard_pro Specifies a profile to be applied to the specified LSP. If the profile
file_ name name is omitted, the profile named default is used.
frr_profile_ Specifies a fast reroute (FRR) profile to be applied to the detour LSP
name that backs up the specified LSP.

Default
N/A.

Usage Guidelines
None.

Example
This command changes the LSP named aus to use any available path:

configure mpls rsvp-te lsp aus change any

History
This command was first available in ExtremeXOS 11.6.

The fast reroute capability was added in ExtremeXOS 12.1.

Switch Engine™ Command Reference Guide for version 32.7.1 935

Platform Availability Commands

Platform Availability
This command is available only on the platforms that support MPLS as described iin
the Switch Engine 32.7.1 Feature License Requirements document.

configure mpls rsvp-te lsp delete path

configure mpls rsvp-te lsp lsp_name delete path [path_name | any | all]

Description
Deletes a path from the specified RSVP-TE LSP.

Syntax Description
lsp_name Specifies a name for the RSVP-TE LSP.
path_name Specifies a name for the path to be deleted from the RSVP-TE LSP.
any Configures the specified LSP to use any path.
all Deletes all added paths from the specified RSVP-TE LSP.

Default
N/A.

Usage Guidelines
This command deletes a path from the specified RSVP-TE LSP. All the added paths
can be deleted by specifying the all keyword. If the active path is deleted, then one of
the other configured paths becomes the active path for the LSP. If there are no other
defined paths, then the LSP is marked down and cannot be used to forward IP or VPN
traffic.

Example
The following command deletes the path called through-knightsbridge for the LSP
london:

configure mpls rsvp-te lsp london delete path through-knightsbridge

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

936 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure mpls rsvp-te lsp fast-reroute

configure mpls rsvp-te lsp fast-reroute

configure mpls rsvp-te lsp lsp_name fast-reroute [enable | disable]

Description
Enables or disables fast-reroute protection for the specified LSP.

Syntax Description
lsp_name Specifies the name of the LSP you are configuring.

Default
Disabled.

Usage Guidelines
To signal the fast-reroute protected LSP, use the enable mpls rsvp-te lsp
[lsp_name | all] command. Similarly, to disable the fast-reroute protected LSP, use
the disable mpls rsvp-te lsp [lsp_name | all] command.

Example
This command enables fast-reroute protection on LSP aus:

configure mpls rsvp-te lsp aus fast-reroute enable

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls rsvp-te lsp path use profile

configure mpls rsvp-te lsp lsp_name path [path_name | any] use profile
profile_name

Description
Changes the profile that the configured LSP path uses.

Switch Engine™ Command Reference Guide for version 32.7.1 937

Syntax Description Commands

Syntax Description
lsp_name Specifies the RSVP-TE LSP.
path_name Specifies the configured RSVP-TE LSP path.
profile_name Specifies a profile to be applied to the configured LSP path.

Default
N/A.

Usage Guidelines
This command changes the profile that the configured LSP path uses.

Note
Changing the profile while an LSP is active may cause the LSP to be torn down
and re-signaled.

Example
The following command configures the switch to apply the LSP profile gold-class to the
LSP path sydney-bypass for the LSP aus:

configure mpls rsvp-te lsp aus path sydney-bypass use profile gold-class

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls rsvp-te lsp transport

configure mpls rsvp-te lsp lsp_name transport [ip-traffic [allow | deny]
| vpn-traffic [allow {all | assigned-only} | deny]]

Description
Configures the type of traffic that may be transported across a named LSP.

938 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
lsp_name Specifies the RSVP-TE LSP.
ip-traffic Controls the forwarding of routed IP traffic across the specified LSP.
vpn-traffic Controls the forwarding of VPN traffic over the LSP.
allow Allows transport of the specified traffic across the LSP.
deny Denies transport of the specified traffic across the LSP.
allow Allows all VPLS VPN traffic to be transported across the LSP.
all Allows the transmission of all VPN traffic over the LSP.
assigned- Limits the transport of VPN traffic to VPLS instances that are explicitly
only configured to use the specified LSP name.

Default
The default behavior is to allow RSVP-TE LSPs to transport all types of traffic without
restriction.

Usage Guidelines
This command configures the type of traffic that may be transported across a named
LSP. By default, both IP traffic and VPN traffic are set to allow transport for a newly
created LSP. The ip-traffic keyword is used to allow or deny forwarding of routed IP
traffic across the specified LSP. If allowed, the LSP label information is inserted into the
routing table and the switch forwards traffic over the LSP that matches the IP route
entry to which this LSP is associated. If denied, the LSP label information is removed
from the routing table and the switch does not use the LSP to transport IP traffic. The
vpn-traffic keyword controls the transmission of VPN traffic over the LSP. When denied,
the LSP is not used as a transport for PWs or other VPN related traffic. These transport
configuration options are independent. For example, if vpn-traffic is set to allow and
ip-traffic is set to deny, then no routed IP traffic is transported across the LSP, but the
LSP may still be used to transport VPN traffic.

The optional assigned-only keyword limits the transport of VPN traffic to only those
VPLS instances that are explicitly configured to use the specified LSP name.

Example
The following command prevents the switch from using LSP aus to forward IP traffic:

configure mpls rsvp-te lsp aus transport ip-traffic deny

History
This command was first available in ExtremeXOS 11.6.

Switch Engine™ Command Reference Guide for version 32.7.1 939

Platform Availability Commands

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls rsvp-te metric

configure mpls rsvp-te metric [value | use-igp] {vlan} vlan_name

Description
Configures the TE metric value for the RSVP-TE interface specified by the vlan_name
argument.

Syntax Description
value Specifies a value for the RSVP-TE metric.
vlan Specifies that the RSVP-TE metric is configured for a specific VLAN.
vlan_name Identifies the VLAN for which the RSVP-TE metric is configured.

Default
The associated default IGP metric.

Usage Guidelines
The TE metric can be any unsigned non-zero 32-bit integer. The default value for
the RSVP-TE interface is to use the associated default IGP metric. The TE metric is
exchanged between OSPF routers and is used in the calculation of the CSPF topology
graph.

Example
The following command configures an RSVP-TE metric of 220 on the specified VLAN:

configure mpls rsvp-te metric 220 vlan vlan_10

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

940 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure mpls rsvp-te path add ero

configure mpls rsvp-te path add ero

configure mpls rsvp-te path path_name add ero [ { include }ipNetmask
[strict|loose] | exclude ipNetmask] {order number}

Description
The routed path for an RSVP-TE LSP can be described by a configured sequence of
the LSRs and/or subnets traversed by the path. Each defined LSR or subnet represents
an ERO subobject. Up to 64 subobjects can be added to each path name. LSRs and/or
subnets can be either included or excluded.

Syntax Description
path_name Specifies the path to which the IP address is added.
include Specifies an LSR or subnet to be included in the path
calculation.
ipNetmask Specifies an IP prefix.
strict Specifies that the subobject must be topologically adjacent to
the previous subobject in the ERO list.
loose Specifies that the subobject need not be topologically
adjacent to the previous subobject in the ERO list.
exclude Specifies a subnet to be excluded in the path calculation.
number Specifies the LSR path order.

Default
The order value defaults to 100 if the path has no EROs configured or a value 100 more
than the highest order number configured for the path.

Usage Guidelines
This command adds an IP address to the Explicit Route Object (ERO) for the specified
path name. The RSVP-TE routed path may be described by a configured sequence of
the LSRs and/or subnets that the path traverses. Each defined LSR or subnet represents
an ERO subobject. Up to 64 subobjects can be added to each path name. The ERO
keyword identifies an LSR using an IP prefix, which may represent an LSR's Router ID,
loopback address, or direct router interface. Each IP prefix is included in the ERO as an
IPv4 subobject.

If the ERO is specified as strict, the strict subobject must be topologically adjacent to
the previous subobject as listed in the ERO. If the ERO is specified as loose, the loose
subobject is not required to be topologically adjacent to the previous subobject as

1 “Topologically adjacent” indicates that the router next hop matches either the interface IP address or OSPF
router ID of an immediate peer LSR.

Switch Engine™ Command Reference Guide for version 32.7.1 941

Example Commands

listed in the ERO. If the specified IP prefix matches the OSPF router ID or a configured
loopback IP address, the ERO must be configured as loose.

The LSR path order is optionally specified using the order keyword. The order number
parameter is an integer value from 1 to 65535. IP prefixes with a lower number are
sequenced before IP prefixes with a higher number. Thus, the LSP path follows the
configured path of IP prefixes with a number value from low to high. If the order
keyword is not specified, the number value for the LSR defaults to a value equal to the
current highest number value plus 100. If the list of IP prefixes added to the path does
not reflect an actual path through the network topology, the path message is returned
with an error from a downstream LSR and the LSP is not established.

The order of a configured subobject cannot be changed. The ERO subobject must
be deleted and re-added with a different order. If a subobject is added to or deleted
from the ERO while the associated LSP is established, the path is torn down and is
re-signaled using the new ERO. Duplicate ERO subobjects are not allowed.

Defining an ERO for the path is optional. If no ERO is configured, the path is signaled
along the best available path and the ERO is not included in the path message. When
the last subobject in the ERO of the path message is reached and the egress IP
node of the path has not been reached, the remaining path to the egress node is
signaled along the best available path. If the next subobject in the ERO is loose, the
best available path to the next subobject is chosen. Configuring EROs could lead an
LSP to take an undesirable path through the network, so care should be taken when
specifying EROs.

Example
The following example adds the IP interface address 197.57.30.7/24 as a loose ERO to the
path sydney-bypass:

configure mpls rsvp-te path sydney-bypass add ero 197.57.30.7/24 loose

History
This command was first available in ExtremeXOS 11.6.

The include and exclude options were added in ExtremeXOS 15.7. "Include" was the
previous default behavior.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls rsvp-te path delete ero

configure mpls rsvp-te path path_name delete ero [all | ipNetmask |
order number]

942 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Deletes a subobject from the Explicit Route Object (ERO) for the specified path name.

Syntax Description
path_name Specifies the path from which the ERO is deleted.
all Specifies that the entire ERO should be deleted from the named
path.
ipNetmask Specifies the ERO subobject to be deleted.
number Specifies the order number of the ERO subobject to be deleted.

Default
N/A.

Usage Guidelines
This command deletes a subobject from the Explicit Route Object (ERO) for the
specified path name. The ERO subobject is specified using an IP prefix or order
number. If a subobject is deleted from an ERO while the associated LSP is established,
the path is torn down and is re-signaled using a new ERO. The all keyword may be used
to delete the entire ERO from the path name. When there is no configured ERO, the
path is no longer required to take an explicit routed path. The path is then signaled
along the best available path and no ERO is included in the path message.

Example
The following command deletes all the configured EROs from the path sydney-bypass:

configure mpls rsvp-te path sydney-bypass delete ero all

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls rsvp-te profile (fast-reroute)

configure mpls rsvp-te profile frr_profile_name {bandwidth
bandwidth_rate_bps bandwidth_rate_unit} {detour {hop-limit
hop_limit_value} {bandwidth-protection [enabled | disabled]} {node-

Switch Engine™ Command Reference Guide for version 32.7.1 943

Description Commands

protection [enabled | disabled]}} {hold-priority hold_priority_value}

{setup-priority setup_priority_value}

Description
Configures the specified RSVP-TE FRR profile.

Syntax Description
frr_profile_name Specifies the FRR LSP profile to configure.
bandwidth_rate_ Specifies the bandwidth requirement for the FRR LSP.
bps This should be set to match the options chosen for the protected
LSP. Otherwise, a mismatch between the bandwidth settings for
the detour and protected LSPs can impact service.
bandwidth_rate_ Specifies the units for the bandwidth rate. Valid entries are Kbps,
unit Mbps, and Gbps.
detour Specifies the detour method of fast reroute. This is the only
method supported in this release.
hop_limit_value Specifies the maximum number of hops that the detour path
is allowed to take from the current node or point of local repair
(PLR) to a merge point (MP) node. If set to 0, only link protection
is provided.
bandwidth- When enabled, this option specifies that the signaled bandwidth
protection on the detour path must be guaranteed. If this option is disabled,
the detour path might not support the bandwidth needed for the
protected LSP.
node-protection When enabled, the this option indicates to the PLRs along a
protected path that a detour path that bypasses at least the next
node of the protected LSP is desired. If this option is disabled, the
backup path might or might not bypass the next node, in which
case the user might or might not have next-node protection.
hold-priority Specifies the hold priority of the LSP. Lower numbers indicate
higher priority. The range is from 0 to 7.
Hold priority is used when deciding whether a session can be
preempted by another session. This works exactly the same as
the hold-priority set in the standard profile that is valid for the
protected LSP and for standard LSPs.
setup-priority Specifies the setup priority of the LSP. Lower numbers indicate
higher priority. The range is from 0 to 7.
The setup priority is used when deciding whether the detour LSP
can preempt another session. This works exactly the same as
the setup-priority set in the standard profile that is valid for the
protected LSP and standard LSPs.

Default
Bandwidth: Newly-created profiles are configured as best-effort. Setup-priority: 7
(lowest) Hold-priority: 0 (highest) Hop-limit: 3 Protect-bandwidth: enabled Protect-
node: enabled

944 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
A FRR profile is a set of attributes that are applied to the detour and protected LSPs
when a protected LSP is configured. A default profile (frr-default) is provided which
cannot be deleted, but can be applied to any protected LSP. The maximum number of
configurable profiles is 1000.

Note
Changing any of the profile parameters causes LSPs using the profile to be
torn down and re-signaled. There is no guarantee that the re-signaled LSP will
be successfully established. Future ExtremeXOS implementations may support
the make-before-break LSP concept.

Example
The following command configures the FRR profile frrprofile for 100 Mbps bandwidth:

configure mpls rsvp-te profile frrprofile bandwidth 100 Mbps

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls rsvp-te profile

configure mpls rsvp-te profile profile_name {bandwidth [best-effort |
[{committed-rate committed_bps [Kbps | Mbps | Gbps]} {max-burst-size
burst_size [Kb | Mb]} {peak-rate peak_bps [Kbps | Mbps | Gbps]}]}
{hold-priority hold_priority} {mtu [number | use-local-interface]}
{path-computation [full | partial]} {record [enabled {route-only} |
disabled]} {setup-priority setup_priority}

Description
Configures an RSVP-TE profile with the specified profile name.

Syntax Description
profile_name Specifies the LSP profile.
bandwidth Specifies bandwidth reservation.
best-effort Indicates no bandwidth reservation.

Switch Engine™ Command Reference Guide for version 32.7.1 945

Default Commands

committed_bps Specifies the committed bandwidth to be reserved across the

MPLS network, in bits per second. The range is from 64 Kbps
to 10 Gbps.
peak_bps Specifies the maximum bandwidth signaled in bits per
second. The range is from 64 Kbps to 10 Gbps.
Kbps Specifies the designated bitrate in kilobits per second.
Mbps Specifies the designated bitrate in megabits per second.
Gbps Specifies the designated bitrate in gigabits per second.
burst_size Specifies the maximum number of bytes (specified in bits)
that the LSP is allowed to burst above the specified peak-rate.
The range is from 0 to 1000 Mb.
Kb Kilobits
Mb Megabits
hold_priority Specifies the priority of the LSP. Lower numbers indicate
higher priority. The range is from 0 to 7.
setup_priority Specifies the priority of the LSP. Lower numbers indicate
higher priority. The range is from 0 to 7.
number Specifies the MTU value for the LSP. The range is from 296 to
9216/
use-local- Specifies that the MTU value is inherited from the local egress
interface VLAN interface.
record Configures hop-by-hop path recording.
enabled route-only Causes the Record Route Object (RRO) to be inserted into the
path message. The enabled option enables recording of hops
and labels. The enabled route-only option records only hops.
disabled Specifies that no RRO is inserted into the path message.
path-computation Computation strategy for calculating a path to the LSP
destination:
• full = Requires the ingress node to fully calculate a path to
the LSP destination (default).
• partial = Allows the ingress node to calculate only part of
the path to the LSP destination.

full Allows the entire LSP path to be specified at ingress LSR (no
calculations performed by any transit nodes).
partial Allows you to specify ‘part’ of the path at ingress LSR. (For
OSPF usage, specify LSP path to the ABR, then ABR provides
the calculation into the other areas.)

Default
Bandwidth: Newly-created profiles are configured as best-effort.

Setup-priority: 7 (lowest).

Hold-priority: 0 (highest).

946 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Path recording: disabled.

MTU: use-local-interface.

Path-computation: full.

Usage Guidelines
A profile is a set of attributes that are applied to the LSP when the LSP is configured
using the configure mpls rsvp-te lsp command. A default profile is provided which
cannot be deleted, but may be applied to any TE LSP. The profile_name for the default
profile is default. The default profile parameter values are initially set to their respective
default values. The maximum number of configurable profiles is 1000.

LSPs may signal reserved bandwidth. By default, newly created profiles are configured
to not signal bandwidth requirements and thus are classified as best-effort. If
bandwidth needs to be reserved across the MPLS network, the bandwidth parameters
specify the desired reserved bandwidth for the LSP. The committed-rate specifies the
mean bandwidth and the peak-rate specifies the maximum bandwidth signaled. The
peak-rate must be equal to or greater than the committed-rate. If the peak-rate is not
specified, traffic is not clipped above the committed-rate setting. The rates are specified
in bps and must be qualified by Kbps, Mbps, or Gbps. The minimum and maximum
bandwidth rates are 64 Kbps and 10 Gbps, respectively. The max-burst-size specifies the
maximum number of bytes (specified in bits) that the LSP is allowed to burst above the
specified peak-rate. The minimum burst size is 0 and the maximum burst size is 1000
Mb.

The setup-priority and hold-priority are optional parameters indicating the LSP priority.
During path set up, if the requested bandwidth cannot be reserved through the
LSR, the setup-priority parameter is compared to the hold-priority of existing LSPs to
determine if any of the existing LSPs need to be preempted to allow a higher priority
LSP to be established. Lower numerical values represent higher priorities. The setup-
priority range is 0 to 7 and the default value is 7 (lowest). The hold-priority range is also
0 to 7 and the default value is 0 (highest). If bandwidth is requested for the LSP, the
CSPF calculation uses the available bandwidth associated with the CoS as specified by
the hold-priority.

The bandwidth, hold-priority, and setup-priority values are signaled in the path
message. If the bandwidth setting is changed, all LSPs using this profile are re-signaled.
If the bps setting is decreased, a new path message is sent along the LSP indicating
the new reservation. If the bps setting is increased, the LSP is torn down and resignaled
using the new bandwidth reservations.

The record command is used to enable hop-by-hop path recording. The enabled
keyword causes the Record Route Object (RRO) to be inserted into the path message.
The RRO is returned in the RESV Message and contains a list of IPv4 subobjects that
describe the RSVP-TE path. Path recording by default is disabled. When disabled, no
RRO is inserted into the path message.

The mtu keyword optionally specifies the MTU value for the LSP. By default, this value
is set to use-local-interface. In the default configuration, the MTU value is inherited from

Switch Engine™ Command Reference Guide for version 32.7.1 947

Example Commands

the local egress VLAN interface. The minimum MTU value is 296 and the maximum
value is 9216. Path MTU information is carried in the Integrated Services or Null Service
RSVP objects and is used by RSVP to perform path MTU identification.

Note
Changing any of the profile parameters causes LSPs using the profile to be
torn down and re-signaled. There is no guarantee that the re-signaled LSP will
be successfully established. Future ExtremeXOS implementations may support
the make-before-break LSP concept.

To view a profile configuration, enter the following command:

show mpls rsvp-te profile {profile_name} {detail}

To view LSP recorded route information, enter one of the following commands:
show mpls rsvp-te lsp [ingress {fast-reroute} | ingress_lsp_name
| ingressingress_lsp_name | ingress [destination | origin]ipaddress]
{[all-paths | detail] | summary | down-paths {detail}} show mpls rsvp-
te lsp [egress | transit] {fast-reroute} {{lsp_name} {[destination |
origin]ipaddress} {detail} | summary}

Example
The following command configures the RSVP-TE profile gold-class with a committed
bandwidth of 100 Mbps and the setup and hold priorities are both set to 0 (highest
priority):
configure mpls rsvp-te profile gold-class bandwidth committed-rate 100 mbps hold-priority
0 setup-priority 0

History
This command was first available in ExtremeXOS 11.6.

The path-computation option added in ExtremeXOS 21.1

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls rsvp-te timers lsp rapid-retry

configure mpls rsvp-te timers lsp rapid-retry {decay-rate percent}
{delay-interval milliseconds} {retry-limit [number]}

Description
Configures the timers associated with rapidly retrying failed LSPs.

948 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
percent Specifies a percent increase in the interval allowed before each
subsequent attempt to re-signal an LSP. The valid range is from 0 to
100 percent.
milliseconds Specifies the time (in milliseconds) to wait before attempting to re-
signal the LSP.
retry-limit Specifies the maximum allowed attempts to establish an LSP.
number Specifies a maximum number of allowed attempts to establish an LSP.
The valid number range is from zero to 255.

Default
Delay interval: 500 milliseconds.

Decay rate: 50%.

Retry limit: 10.

Usage Guidelines
This command configures the timers associated with rapidly retrying failed LSPs. If
an LSP fails to establish, the switch attempts to rapidly retry the setup by sending
additional path messages based on the rapid-retry timers. The delay-interval timer
specifies the time (in milliseconds) to wait before sending another path message.
If the LSP fails to establish itself on subsequent attempts, the delay-interval time is
incremented based on the decay-rate setting. The decay operation multiplies the delay-
interval time by the decay rate, and adds the result to the current delay-interval time.

For example, if the decay-rate is set to 50 percent and the current delay-interval time
is 500 milliseconds, a path message is retransmitted in 750 milliseconds. If the LSP
fails to establish on the next attempt, a path message is retransmitted after a further
decayed delay interval of 1125 milliseconds (1.125 seconds). A per-LSP delay-interval time
is maintained for each LSP until the LSP is established. This process of decaying the
retry time continues until the LSP is established or the retry-limit expires. If the retry-
limit is reached, attempts to rapidly retry the LSP are suspended.

When the switch starts the process of re-signaling the LSP based on the standard-retry
timers, the LSP's rapid-retry timers return to the initial configuration settings. If the
standard-retry delay-interval time is reached before all of the rapid-retry attempts have
completed, the standard-retry mechanisms take over.

The default rapid-retry LSP timer parameter values are 500 milliseconds for the delay-
interval, 50 percent for the decay-rate, and a retry-limit of 10. The valid range for delay-
interval is 10 to 1000 milliseconds. The valid decay-rate range is 0 to 100 percent. The
valid retry-limit is 0 to 100. A value of 0 indicates that the LSP is not re-signaled using
the rapid-retry timers.

When summary-refresh or bundle-message is enabled, the rapid-retry timer values are

used for resending any message that is not acknowledged.

Switch Engine™ Command Reference Guide for version 32.7.1 949

Example Commands

Example
The following command sets the maximum number of rapid retries to five:

configure mpls rsvp-te timers lsp rapid-retry retry-limit 5

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls rsvp-te timers lsp standard-retry

configure mpls rsvp-te timers lsp standard-retry {decay-rate percent}
{delay-interval seconds} {retry-limit [number | unlimited]}

Description
Configures the timers associated with the establishment of an LSP.

Syntax Description
percent Specifies a percent increase in the interval
allowed before each subsequent attempt to
re-signal an LSP. The valid range is from 0 to
100 percent.
seconds Specifies the time (in seconds) to wait before
attempting to re-signal the LSP.
retry-limit Specifies the maximum allowed attempts to
establish an LSP.
number Specifies a maximum number of allowed
attempts to establish an LSP. The valid
number range is from zero to 255.
unlimited Allows unlimited attempts to establish an
LSP.

Default
Delay interval: 30 seconds.

Decay rate: 0%.

Retry limit: unlimited.

950 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This command configures the timers associated with the establishment of an LSP. If an
LSP fails to establish, the LSP is re-signaled based on the configuration of these timers.
The delay-interval timer specifies the time (in seconds) to wait before attempting to
re-signal the LSP. If the LSP fails to establish itself on subsequent attempts, the delay-
interval time is incremented based on the decay-rate setting. The decay operation
multiplies the delay-interval time by the decay rate, and adds the result to the current
delay-interval time. For example, if the decay-rate is set to 50 percent and the current
delay-interval time is 30 seconds, the LSP is re-signaled in 45 seconds. If the LSP failed
to establish on the next attempt, the delay interval would be further decayed to 67
seconds.

A per-LSP delay-interval time is maintained for each LSP until the LSP is established.
This operation of decaying the retry time continues until the LSP is established or
the retry-limit expires. If the retry-limit is reached, attempts to establish the LSP are
suspended.

Disabling and enabling the LSP resets the LSP's delay-interval time and retry-limit to
the initial configuration settings and LSP establishment attempts resume. The default
LSP timer parameter values are 30 seconds for delay-interval, with a 0 percent decay-
rate, and retry-limit of unlimited. The valid range for delay-interval is 1 to 60 seconds.
The valid decay-rate range is 0 to 100 percent. The valid retry-limit is 0 to 255 or
unlimited. A value of 0 indicates that the LSP is not re-signaled.

Example
The following command allows unlimited retries for establishing MPLS RSVP-TE LSPs:

configure mpls rsvp-te timers lsp standard-retry retry-limit unlimited

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls rsvp-te timers session

configure mpls rsvp-te timers session[{bundle-message-
time bundle_message_milliseconds} {hello-keep-multiplier
hello_keep_number} {hello-time hello_interval_seconds}{refresh-keep-
multiplier refresh_keep_number} {refresh-time refresh_seconds}
{summary-refresh-time summary_refresh_milliseconds}] [{vlan}
vlan_name | vlan all]

Switch Engine™ Command Reference Guide for version 32.7.1 951

Description Commands

Description
Configures the RSVP-TE protocol parameters for the specified VLAN.

Syntax Description
bundle_message_ Specifies the maximum time a transmit buffer is held to allow
milliseconds multiple RSVP messages to be bundled into a single PDU. The
valid range is from 50 to 3000 milliseconds.
hello_keep_ Specifies the number of hello-time intervals that can elapse
number before an RSVP-TE peer is declared unreachable. The range is
from one to 255.
hello_interval_ Specifies the RSVP Hello packet transmission interval. The valid
seconds range is from 1 to 60 seconds.
refresh_keep_ Specifies a factor to be used in calculating the maximum allowed
number interval without an RSVP refresh message before an RSVP session
is torn down. The range is from one to 255.
refresh_seconds Specifies the interval for sending refresh path messages. The
range is from 1 to 600 seconds.
summary_refresh_ Specifies the interval for sending summary refresh messages. The
milliseconds valid range is from 50 (1/20 second) to 10000 (10 seconds).
vlan Specifies that the configured protocol parameters are for a
specific VLAN.
vlan_name Identifies a particular VLAN for which the protocol parameters are
configured.
vlan all indicates that the protocol configuration parameters apply to all
RSVP-TE enabled VLANs.

Default
Bundle-message-time: 1000 milliseconds (1 second).

Hello-keep-multiplier value: 3.

Hello-time: 3 seconds.

Refresh-keep-multiplier value: 3.

Refresh-time: 30 seconds.

Summary-refresh-time: 3000 milliseconds (3 seconds).

Usage Guidelines
This command configures the RSVP-TE protocol parameters for the specified VLAN. The
VLAN keyword all indicates that the configuration changes apply to all VLANs that have
been added to MPLS.

952 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

The hello-time value specifies the RSVP hello packet transmission interval. The RSVP
hello packet enables the switch to detect when an RSVP-TE peer is no longer
reachable. If an RSVP hello packet is not received from a peer within the configured
interval, the peer is declared down and all RSVP sessions to and from that peer are
torn down. The formula for calculating the maximum allowed interval is: [hello-time *
hello-keep-multiplier]. The default hello-interval time is 3 seconds with a valid range
from 1 to 60 seconds. The default hello-keep-multiplier value is three with a range from
one to 255.

The refresh-time specifies the interval for sending refresh path messages. RSVP
refresh messages provide “soft state” link-level keep-alive information for previously
established paths and enable the switch to detect when an LSP is no longer active.
Path messages are used to refresh the LSP if summary refresh is disabled. If summary
refresh is enabled, summary refresh messages are sent in place of sending individual
path messages for every LSP. The default refresh-time is 30 seconds. The minimum and
maximum refresh-time values are one and 600 (or 10 minutes) respectively.

If summary refresh is enabled, summary refresh messages are sent at intervals

represented by the configured summary-refresh-time. The configurable summary-
refresh-time range is 50 milliseconds (one twentieth of a second) to 10000 milliseconds
(10 seconds). The default setting for summary-refresh-time is 3000 milliseconds (3
seconds). RSVP sessions are torn down if an RSVP refresh message is not received
from a peer within the configured interval. The formula for calculating the maximum
allowed interval is: [(refresh-keep-multiplier + 0.5) * 1.5 * (refresh-time or summary-
refresh-time)]. The default refresh-keep-multiplier value is three. The minimum and
maximum refresh-keep-multiplier values are one and 255 respectively.

The bundle-message-time, specified in milliseconds, indicates the maximum time a

transmit buffer is held to allow multiple RSVP messages to be bundled into a single
PDU. The default bundle-message-time is 1000 milliseconds (one second). The bundle-
message-time value may be set to any value between 50 milliseconds and 3000
milliseconds (or 3 seconds). Message bundling is only attempted when it is enabled.

Note
Summary refresh must be enabled using the “enable mpls rsvp-te summary-
refresh” command for a configured summary-refresh-time to actually be used.

Example
The following command sets the RSVP-TE hello time to 5 seconds on all MPLS
interfaces:

configure mpls rsvp-te timers session hello-time 5 vlan all

History
This command was first available in ExtremeXOS 11.6.

Switch Engine™ Command Reference Guide for version 32.7.1 953

Platform Availability Commands

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls static lsp transport

configure mpls static lsp lsp_name transport [ip-traffic [allow | deny]
| vpn-traffic [allow {all | assigned-only} | deny]]

Description
Configures the type of traffic that can be transported across a static ingress LSP.

Syntax Description
lsp_name Identifies the static LSP to be configured.
ip-traffic Specifies whether IP traffic is to be allowed or denied access to
[allow | deny] the LSP.
vpn-traffic Specifies whether VPN traffic is to be allowed or denied access to
[allow {all | the LSP. The optional assigned-only keyword limits the transport
assigned-only} | of VPN traffic to only those VPLS instances that are explicitly
deny] configured to use the specified LSP.

Default
N/A.

Usage Guidelines
This command has no effect if the named LSP is a transit or egress LSP. By default,
IP traffic and VPN traffic are set to deny for a newly created static LSP. The transport
configuration options are independent. For example, if VPN traffic is set to allow and IP
traffic is set to deny, then no routed IP traffic is transported across the LSP, but the LSP
can still transport VPN traffic. When configured to deny for IP traffic, the specified LSP
cannot be configured as an IP next hop for a default or static route.

Example
The following command configures a static LSP to transport IP traffic and all VPN
traffic:

configure mpls static lsp lsp598 transport ip-traffic allow vpn-traffic allow all

History
This command was first available in ExtremeXOS 12.1.

954 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mpls static lsp

configure mpls static lsp lsp_name [{egress [egress_label |
implicit-null] egress-vlan evlan_name next-hop ipaddress} {ingress
ingress_label {ingress-vlan ivlan_name}}]

Description
Configures the ingress and egress segments of a static LSP.

Syntax Description
lsp_name Identifies the static LSP to be configured.
egress_label Specifies the egress label for the LSP. The supported range is
x7FC00 to x803FF.
The egress label should match the corresponding ingress label
of the next hop. There is no egress label at the egress LSR of a
static LSP.
egress implicit- If PHP is supported, an LSR can be configured to use the
null implicit-null label for LSPs that terminate at the next-hop LER.
evlan_name Specifies the egress VLAN for the LSP.
ipaddress Specifies the IP address for the next-hop router along the static
LSP.
ingress_label Identifies the ingress label for this LSP. The supported range is
x7FC00 to x7FFFF at transit LSRs and 0x80000 to 0x803FF at
destination LSRs.
The ingress label should match the corresponding egress label
of the previous hop. There is no ingress label at the ingress LSR
of a static LSP.
ivlan_name When an ingress label is specified, this argument optionally
specifies the ingress VLAN for the LSP.

Default
N/A.

Usage Guidelines
The ingress and egress segments can be configured any time before enabling the
LSP. At the ingress LER, only the egress segment is configured and at the egress LER,
only the ingress segment is configured. For LSPs that transit an LSR, it is mandatory
to configure both ingress and egress segments. On any given LSR, the ingress label,
if present, must match the egress label on the upstream LSR and the egress label

Switch Engine™ Command Reference Guide for version 32.7.1 955

Example Commands

must match the ingress label of the downstream LSR. Once configured, any change to
the ingress or egress segments requires administratively disabling the LSP first. If the
next-hop IP address is not within the subnet as defined by the interface VLAN name,
the configuration is rejected.

Example
The following command configures a static LSP on an ingress LSR:

configure mpls static lsp lsp1 egress 0x7fc01 egress-vlan v50 next-hop 50.0.0.2

The following command configures a static LSP on a transit LSR:

configure mpls static lsp lsp1 egress 0x80001 egress-vlan v100 next-hop 100.0.0.2 ingress
0X7FC01 ingress-vlan v50

The following command configures a static LSP on an egress LSR:

configure mpls static lsp lsp1 ingress 0x80001 ingress-vlan v100

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure mrp ports timers

configure mrp ports [ port_list | all ] timers [{extended-refresh
[extended_refresh | off]} {join join_msec } {leave leave_msec }
{leave-all leave_all_msec } {periodic [periodic_msec | off]}]

Description
This command sets the join, leave, leave all, periodic, and extended-refresh timer values
for a list of ports. The unit value is in milliseconds. The join timer, leave all timer, and
periodic timer are started for each MRP application per port. The leave timer is started
for each state machine that is in LV (leave) state. The default values for join, leave,
leave-all, are 200, 600, and 10000, respectively. The default values for join, leave, leave-
all, periodic and extended-refresh timers are 200, 600, 10000, 1000, and 0 milliseconds,
respectively.

956 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
mrp Multiple Registration Protocol.
ports Ports.
port_list Port list separated by a comma or -" type="portlist_t".
all All ports.
timers Multiple Registration Protocol timers.
extended-refresh Timer value to use in place of regular leave timer, only in
cases when leave-all is received or sent.
extended_refresh_msec Extended refresh timer value in milliseconds (range is 600
ms to 300000 ms, default is 10000 ms).
join The time interval to delay sending MRP advertisements.
join_msec Join timer value in milliseconds (range is 0 ms to 500 ms,
default is 200 ms).
leave The time interval to wait in the leaving state before
transitioning to the empty state.
leave_msec Leave timer value in milliseconds (range is 600 ms to 3000
ms, default is 600 ms).
leave-all The time interval used to control the frequency of "leave
all" messages.
leave_all_msec Leave All timer value in milliseconds (range is 5000 ms to
20000 ms, default is 10000 ms).
periodic The time interval between two periodic events.
periodic_msec Periodic timer value in milliseconds (range is 1000ms to
300000 ms, default is 1000 ms); type="uint32_t".
off Turn off timer.
refresh Timer value to use in place of regular timer, only in cases
when leave-all is received or sent.
auto-refresh Automatically calculate timer values based on number of
talkers and listeners.
refresh_msec Refresh timer value in milliseconds (range is 600ms to
300000ms, default is 0ms (off)).

Default
The default values for join, leave, leave-all, are 200, 600, and 10000, respectively. The
default values for join, leave, leave-all, periodic and extended-refresh timers are 200,
600, 10000, 1000, and 0 milliseconds, respectively.

Usage Guidelines
This command is used to set the join, leave, and leave-all timer values for a list of ports.
The unit value is in milliseconds. The join timer and leave all timer are started for each

Switch Engine™ Command Reference Guide for version 32.7.1 957

History Commands

MRP application per port. The leave timer is started for each state machine that is in LV
(leave) state. The default values for these timers are 200, 600, and 10000, respectively.
configure mrp ports 4 timers join 300
configure mrp ports all timers leave-all 15000
configure mrp ports all timers join 300 leave-all 15000

History
This command was first available in ExtremeXOS 15.3.

The extended-refresh and period timer options were added in 15.3.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure msdp as-display-format

configure msdp as-display-format [asdot | asplain]

Description
Configures the AS number format displayed in show commands.

Syntax Description
asdot Specifies the ASDOT format.
asplain Specifies the ASPLAIN format.

Default
N/A.

Usage Guidelines
The ASPLAIN and ASDOT formats are described in RFC 5396, Textual Representation of
Autonomous System (AS) Numbers.

Example
The following command selects the ASDOT 4-byte AS number format:
configure msdp as-display-format asdot

History
This command was first available in ExtremeXOS 12.4.

958 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure msdp max-rejected-cache

configure msdp max-rejected-cache max-cache {vr vrname}

Description
Configures the maximum limit on rejected SA cache entries that an MSDP router will
store in its database.

Syntax Description
max-cache Specifies the maximum number of rejected SA cache entries that
the MSDP router will store in its database. To remove the limit, enter
0 (zero) for the max-cache value.
vrname Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current
CLI context.

Default
By default, the maximum cache entries stored is zero. That is, rejected SA cache entries
are not stored. Any SA cache entries that are stored and not refreshed for six minutes
are removed.

Usage Guidelines
SA cache are rejected because of:
• Peer-RPF failure
• Policy denied

When a previously rejected SA cache entry is accepted because of an RP reachability

change or policy rule change, the rejected SA cache entry is moved to the accepted SA
cache list.

By default, rejected SA cache entries are discarded. You can configure a limit for
rejected cache entries to store them, which will help debug/diagnose some issues;
however, it consumes extra memory.

Switch Engine™ Command Reference Guide for version 32.7.1 959

Example Commands

Example
The following command sets the maximum rejected cache limit to 100 for an MSDP
router:
configure msdp max-rejected-cache 100

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature,see the Switch Engine 32.7.1
Feature License Requirements document.

configure msdp originator-id

configure msdp originator-id ip-address {vr vrname}

Description
Configures the originator ID for an MSDP router. The originator ID is the RP address you
want to use (instead of the default) in locally originated SA messages.

Syntax Description
ip-address Specifies the RP address to use in locally originated SA messages.
To unconfigure an originator ID (that is, to use the default RP
address), enter the IP address 0.0.0.0.
vrname Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current
CLI context.

Default
By default, the RP address is used as the originator ID in locally originated SA
messages.

Usage Guidelines
Use this command to override the default RP address used in SA messages. Because
only RPs and MSDP border routers originate SAs, there are times when it is necessary
to change the ID used for this purpose. The originator ID address must be one of the
interface addresses on the MSDP router.

You can configure the MSDP originator ID only when MSDP is disabled globally.

960 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

To remove an originator ID, enter the IP address 0.0.0.0.

Example
The following example configures the originator ID for an MSDP router:
configure msdp originator-id 10.203.134.1

The following example unconfigures the originator ID for an MSDP router:

configure msdp originator-id 0.0.0.0

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure msdp peer default-peer

configure msdp peer [remoteaddr | all] default-peer {default-peer-policy
filter-name} {vr vrname}

Description
This command configures a default or static RPF peer from which all MSDP SA
messages are accepted. To remove the default peer, enter the configure msdp peer
no-default-peer command.

Syntax Description
filter-name Specifies the name of the policy filter associated with the default
peer. The peer will be the default peer for all SA entries that are
permitted by the policy filter. If an SA message is allowed by the
policy filter, it will be accepted. Otherwise, the SA message has to
go through the regular RPF-check. The static peer RPF check is the
last step in peer RPF algorithm. So, if an SA message is denied by
the default peer policy, ultimately the SA message will be rejected
by MSDP.
peer all Specifies all MSDP peers.
remoteaddr Specifies the IP address of the MSDP peer.
vrname Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current
CLI context.

Switch Engine™ Command Reference Guide for version 32.7.1 961

Default Commands

Default
By default, no static RPF peer is configured.

The default-peer-policy keyword specifies the name of the policy filter associated
with the default peer. You can configure multiple default peers with different policies. If
no policy is specified, then the current peer is the default RPF peer for all SA messages.

Usage Guidelines
Configuring a default peer simplifies peer-RPF checking of SA messages. If the peer-
RPF check fails, the default peer rule is applied to see if the SA messages should be
accepted or rejected.

If a default peer policy is specified, the peer is the default peer only for the (Source,
Group), or (S, G), that satisfies the policy. If the policy is not specified, then the default
peer is used for all (S, G, RP).

You can configure multiple default peers on an MSDP router; however, all default peers
must either have a default policy or not. A mix of default peers, with a policy and
without a policy, is not allowed.

When configuring multiple default peer rules, follow these guidelines:

• When you enter multiple default-peer commands with the default-peer-policy
keyword, you can use all the default peers at the same time for different RP prefixes.
• When you enter multiple default-peer commands without the default-peer-policy
keyword, you can use a single active peer to accept all SA messages. If that peer
goes down, then the next configured default peer accepts all SA messages. This
configuration is typically used at a stub site.

You can use the following policy attributes in a default peer policy. All other attributes
are ignored.
• Match:
◦ multicast-group
◦ multicast-source
◦ pim-rp
• Set:
◦ permit.
◦ deny.

Example
The following example configures an MSDP peer with the IP address 192.168.45.43 as
the default peer policy for "sales":
configure msdp peer 192.168.45.43 default-peer default-peer-policy sales

962 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure msdp peer description

configure msdp peer remoteaddr description {peer-description} {vr
vrname}

Description
Configures a name or description for an MSDP peer. This text is for display purposes
only.

Syntax Description
remoteaddr Specifies the IP address of the MSDP peer.
peer-description Specifies the name or description of the MSDP peer. The
maximum is 63 characters.
vrname Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current
CLI context.

Default
By default, no name or description is specified.

Usage Guidelines
Use this command to configure a name or description to make an MSDP peer easier to
identify. The description is visible in the output of the show msdp peer command.

To remove the description, use this command without a description string.

Example
The following example configures the name "internal_peer" to an MSDP peer:
configure msdp peer 192.168.45.43 description internal_peer

The following example removes the description from an MSDP peer:

configure msdp peer 192.168.45.43 description

Switch Engine™ Command Reference Guide for version 32.7.1 963

History Commands

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure msdp peer mesh-group

configure msdp peer [remoteaddr | all] mesh-group [mesh-group-name |
none] {vr vrname}

Description
This command configures an MSDP peer to become a member of a mesh-group. To
remove a peer from a mesh-group, enter the none CLI keyword for the mesh-group.

Syntax Description
mesh-group-name Specifies the name of the MSDP mesh-group.
none Removes a peer from a mesh-group.
peer all Specifies all MSDP peers.
remoteaddr Specifies the IP address of the MSDP peer.
vrname Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current
CLI context.

Default
N/A.

Usage Guidelines
A mesh-group is a group of MSDP peers with fully meshed MSDP connectivity. Any SA
messages received from a peer in a mesh-group are not forwarded to other peers in
the same mesh-group.

Mesh-groups achieve two goals:

• Reduce SA message flooding.
• Simplify peer-RPF flooding.

964 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example configures an MSDP peer with the IP address 192.168.45.43 to
become a member of a mesh-group called "intra":
configure msdp peer 192.168.45.43 mesh-group intra

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure msdp peer no-default-peer

configure msdp peer [remoteaddr | all] no-default-peer {vr vrname}

Description
This command removes a default peer.

Syntax Description
peer all Specifies all MSDP peers.
remoteaddr Specifies the IP address of the MSDP peer.
no-default-peer Removes a default peer.
vrname Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current
CLI context.

Default
N/A.

Usage Guidelines
None.

Example
The following command removes all MSDP peers:
configure msdp peer all no-default-peer

Switch Engine™ Command Reference Guide for version 32.7.1 965

History Commands

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure msdp peer password

configure msdp peer [remoteaddr | all] password {none | {encrypted}
encrypted_tcp_password | tcp_password } {vr vrname}

Description
This command configures a TCP RSA Data Security, Inc. MD5 Message-Digest
Algorithm password for an MSDP peer.This command enables TCP RSA Data Security,
Inc. MD5 Message-Digest Algorithm authentication for a MSDP peer. When a password
is configured, MSDP receives only authenticated MSDP messages from its peers. All
MSDP messages that fail TCP RSA Data Security, Inc. MD5 Message-Digest Algorithm
authentication are dropped.

Syntax Description
peer all Specifies all MSDP peers.
remoteaddr Specifies the IP address of the MSDP peer.
none Removes the previously configured password.
encrypted Encrypts the password for RSA Data Security, Inc. MD5 Message-
Digest Algorithm authentication. To improve security, the
password displays in encrypted format and cannot be seen as
simple text. Additionally, the password is saved in encrypted
format.
tcpPassword Specifies the password to use for RSA Data Security, Inc. MD5
Message-Digest Algorithm authentication at the TCP level. The
password must be an ASCII string with a maximum of 31
characters.
vrname Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current
CLI context.

Defaults
By default, TCP RSA Data Security, Inc. MD5 Message-Digest Algorithm authentication
is disabled for the MSDP peer.

966 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
We recommend that you enable TCP RSA Data Security, Inc. MD5 Message-Digest
Algorithm authentication for all MSDP peers to protect MSDP sessions from attacks.
You can execute this command only when the MSDP peer is disabled or when MSDP is
globally disabled on that VR.

Example
The following example configures a password for the MSDP peer with the IP address
192.168.45.43, which automatically enables TCP MD5 authentication:
configure msdp peer 192.168.45.43 password test123

The following command removes the password:

configure msdp peer 192.168.45.43 password none

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure msdp peer sa-filter

configure msdp peer [remoteaddr | all] sa-filter [in | out] [filter-name
| none] {vr vr_name}

Description
This command configures an incoming or outgoing policy filter for SA messages.

Syntax Description
peer all Specifies all MSDP peers.
remoteaddr Specifies the IP address of the MSDP peer.
in Associates the SA filter with inbound SA messages.
out Associates the SA filter with outbound SA messages.

Switch Engine™ Command Reference Guide for version 32.7.1 967

Default Commands

filter-name Specifies the name of the policy associated with an SA filter.

To remove an SA filter, enter the none CLI keyword instead of
filter-name.
vr_name Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the
current CLI context.

Default
By default, no SA filter is configured for an MSDP peer. That is, incoming and outgoing
SA messages are not filtered.

Usage Guidelines
This command configures an SA filter such that only a specified set of SA messages are
accepted or sent to a peer. Note that an SA filter does not adversely impact the flow of
SA request and response messages.

To remove an SA filter, enter the none CLI keyword instead of filter-name.

You can use the following policy attributes in an SA filter policy. All other attributes are
ignored.
• Match:
◦ multicast-group
◦ multicast-source
◦ pim-rp
• Set:
◦ permit
◦ deny

Example
The following example configures an incoming SA messages filter on an MSDP peer
with the IP address 192.168.45.43:
configure msdp peer 192.168.45.43 sa-filter in allow_229

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

968 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure msdp peer sa-limit

configure msdp peer sa-limit

configure msdp peer [remoteaddr | all] sa-limit max-sa {vr vr_name}

Description
This command allows you to limit the number of SA entries from an MSDP peer that
the router will allow in the SA cache. To allow an unlimited number of SA entries, use 0
(zero) as the value for max-sa.

Syntax Description
peer all Specifies all MSDP peers.
remoteaddr Specifies the IP address of the MSDP peer.
max-sa Specifies the maximum number of SA entries from an MSDP
peer allowed in the SA cache. To specify an unlimited number of
SA entries, use 0 (zero) as the value for max-sa.
vr_name Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current
CLI context.

Default
By default, no SA entry limit is set. The router can receive an unlimited number of SA
entries from an MSDP peer.

Usage Guidelines
You can use this command to prevent a distributed denial of service (DOS) attack. We
recommend that you configure an MSDP SA limit on all MSDP peer sessions. Note that
a rejected SA cache entry is not included in the number of SA cache entries received
from a peer.

Example
The following example configures the SA entry limit of 500 for the MSDP peer with the
IP address 192.168.45.43:
configure msdp peer 192.168.45.43 sa-limit 500

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade

Switch Engine™ Command Reference Guide for version 32.7.1 969

configure msdp peer source-interface Commands

your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure msdp peer source-interface

configure msdp peer [remoteaddr | all] source-interface [ipaddress |
any] {vr vrname}

Description
This command configures the source interface for the MSDP peer TCP connection.

Syntax Description
peer all Specifies all MSDP peers.
remoteaddr Specifies the IP address of the MSDP peer.
ipaddress Specifies the IP address of the MSDP router interface to use
on one end of a TCP connection. The ipaddress must be
one of the MSDP router interface addresses; otherwise, the
command fails and an error message displays.
any Specifies to use any interface as one end of the TCP
connection. The source interface is selected based on the IP
route entry used to reach the MSDP peer. The egress interface
that reaches the MSDP peer is used as the source interface
for the TCP connection. Basically, this command removes the
previously configured source interface of the MSDP peer.
vrname Specifies the name of the virtual router to which this
command applies. If a name is not specified, it is extracted
from the current CLI context.

Defaults
By default, the source interface is selected based on the IP route entry used to reach
the MSDP peer. The egress interface that reaches the MSDP peer is used as the source
interface for the TCP connection.

Usage Guidelines
You must first disable MSDP or the MSDP peer before using this command. We
recommend that you configure a source interface for MSDP peers that are not directly
connected. We also recommend using the loopback address as the MSDP peer
connection endpoint.

Example
The following example configures a source interface for an MSDP peer with the IP
address 192.168.45.43:
configure msdp peer 192.168.45.43 source-interface 60.0.0.5

970 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure msdp peer timer

configure msdp peer [remoteaddr | all] timer keep-alive keep-alive-sec
hold-time hold-time-sec {vr vrname}

Description
The command configures the keep-alive and hold timer intervals of the MSDP peers.

Syntax Description
peer all Specifies all MSDP peers.
remoteaddr Specifies the IP address of the MSDP peer.
keep-alive-sec Specifies the keep-alive timer interval in seconds. The range is1–60
seconds.
hold-time-sec Specifies the hold timer interval in seconds. The range is 3–75
seconds.
vrname Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current
CLI context.

Default
By default, the:
• Keep-alive timer interval is 60 seconds.
• Hold timer interval is 75 seconds.
• SA timer interval is 60 seconds.

Usage Guidelines
You can use this command only when either MSDP or the MSDP peer is disabled. The
hold timer interval must be greater than the keep-alive timer interval.

Switch Engine™ Command Reference Guide for version 32.7.1 971

Example Commands

Example
The following example configures the keep-alive and hold timer intervals for the MSDP
peer 55.0.0.83:
configure msdp peer 55.0.0.83 timer keep-alive 30 hold-time 60

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure msdp peer ttl-threshold

configure msdp peer [remoteaddr | all] ttl-threshold ttl {vr vrname}

Description
Configures the limit to which multicast data packets are sent in SA messages to an
MSDP peer. If the time-to-live (TTL) in the IP header of an encapsulated data packet
exceeds the TTL threshold configured, encapsulated data is not forwarded to MSDP
peers.

Syntax Description
remoteaddr Specifies the IP address of the MSDP peer on which to configure a
TTL threshold.
all Specifies all MSDP peers.
ttl Specifies the TTL value. The range is 0–255. To restore the default
value, enter a TTL value of 0 (zero).
vrname Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current
CLI context.

Default
The default value is zero, meaning all multicast data packets are forwarded to the peer
regardless of the TTL value in the IP header of the encapsulated data packet.

Usage Guidelines
This command allows you to configure a TTL value to limit multicast data traffic.

972 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example configures a TTL threshold of 5:
configure msdp peer 192.168.45.43 ttl-threshold 5

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure msdp sa-cache-server

configure msdp sa-cache-server remoteaddr {vr vr_name}

Description
Configures the MSDP router to send SA request messages to the MSDP peer when a
new member becomes active in a group.

Syntax Description
remoteaddr Specifies the IP address of the MSDP peer from which the local
router requests SA messages when a new member becomes active
in a group, and MSDP has no cache entry for the group in the local
database.
vr_name Specifies the name of the virtual router on which the MSDP cache
server is configured. If a virtual router name is not specified, it is
extracted from the current CLI context.

Default
By default, the router does not send SA request messages to its MSDP peers when a
new member joins a group and wants to receive multicast traffic. The new member
simply waits to receive SA messages, which eventually arrive.

Usage Guidelines
You can use this command to force a new member of a group to learn the current
active multicast sources in a connected PIM-SM domain that are sending to a group.
The router will send SA request messages to the specified MSDP peer when a new

Switch Engine™ Command Reference Guide for version 32.7.1 973

Example Commands

member joins a group and MSDP doesn’t have a cache entry for that group in the local
database. The peer replies with the information in an SA cache response message.

Note
An MSDP peer must exist before it can be configured as an SA cache
server. The configure msdp sa-cache-server command accepts the value for
remoteaddr only if it is an existing peer’s IP address.

Example
The following example configures an MSDP cache server:
configure msdp sa-cache-server 172.19.34.5

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure msrp latency-max-frame-size

configure msrp [ latency-max-frame-size frame_size | [ igonore-latency-
changes | talker-vlan-pruning ] [ on | off ] ]

Description
This command configures the system-wide MSRP variables.

Syntax Description
msrp Multiple Stream Registration Protocol.
latency-max-frame- Maximum size of interfering frame (used in latency
size calculations).
frame_size The maximum frame size in bytes (range 64 to 2000,
default is 1522).
ignore-latency- Ignore accumulated latency changes when evaluating first
changes value change.
talker-vlan-pruning Talker propagation is filtered on ports where VLAN does
not exist.
on Turn on.
off Turn off.

974 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
1522.

Usage Guidelines
Use this command to configure the system-wide MSRP variables.

Example
# configure msrp latency-max-frame-size 100

History
This command was first available in ExtremeXOS 15.3. The ignore-latency-changes,
talker-vlan-pruning, and on | off options were added in 15.3.2.

Platform Availability
This command is available on platforms that support the AVB feature pack license and
have it installed. For complete information about software licensing, including how to
obtain and upgrade your license, and which platforms support the AVB feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure msrp ports sr-pvid

configure msrp ports [port_list | all] sr-pvid vlan_tag

Description
Specifies the default VLAN ID on the port for MSRP data stream. The sr-pvid serves as a
recommendation to connected AVB devices; AVB devices may still use other VLAN IDs
if they are configured to do so.

Syntax Description
msrp Multiple Stream Registration Protocol
port_list List of ports in the switch.
all All the ports in the switch.
sr-pvid Default VLAN Identifier for stream-related traffic.
vlan_tag VLAN ID ranging from 1 to 4094 (default is 2).

Default
2.

Switch Engine™ Command Reference Guide for version 32.7.1 975

Usage Guidelines Commands

Usage Guidelines
Use this command to specify the default VLAN ID on the port for MSRP data streams.
The sr-pvid serves as a recommendation to connected AVB devices; AVB devices may
still use other VLAN IDs if they are configured to do so.

Example
# configure msrp ports 1,2,3 sr-pvid 2

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the AVB feature pack license and
have it installed. For complete information about software licensing, including how to
obtain and upgrade your license, and which platforms support the AVB feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure msrp ports traffic-class delta-bandwidth

configure msrp ports [port_list | all] traffic-class [A | B] delta-
bandwidth percentage

Description
Configures delta-bandwidth value per traffic class per MSRP port.

Syntax Description
msrp Multiple Stream Registration Protocol.
port_list List of ports in the switch.
traffic-class Traffic class.
A Traffic class A.
B Traffic class B.
delta-bandwidth Delta-bandwidth percentage (range 0 to 100, default 75 for
class A, 0 for class B).

Default
Class A: 75, Class B: 0.

976 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
The delta bandwidth configuration limits the amount of bandwidth that can be used
by the given stream reservation class. Each class is allowed to use a maximum of its
delta bandwidth plus the delta bandwidth configured for each of the higher classes.
For example, if the delta bandwidth for classes A and B are configured to 10 and 10
respectively, class A streams can use up to 10 percent of the link bandwidth, and class
B streams can us up to 20 percent of the link bandwidth. The sum of the class A and B
delta bandwidth values must be less than 100 percent.

Example
# configure msrp ports all traffic-class A delta-bandwidth 50
# configure msrp ports 1-5 traffic-class B delta-bandwidth 0

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the AVB feature pack license and
have it installed. For complete information about software licensing, including how to
obtain and upgrade your license, and which platforms support the AVB feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure msrp sharing

configure msrp sharing [all | port_list] bandwidth [cumulative | single-
port] percentage

Description
This command configures the LAG bandwidth mode as either cumulative or master-
port only.

Syntax Description
all All the ports in the switch.
port_list Port list separated by a comma or -
cumulative Use bandwidth of a single port, plus a percentage of
bandwidth of every other LAG member port in the group.
single-port Use bandwidth of a single port only for the entire LAG.
percentage Percentage of bandwidth of each LAG port to be added to
master port bandwidth.

Switch Engine™ Command Reference Guide for version 32.7.1 977

Default Commands

Default
Single-port.

Usage Guidelines
If cumulative mode is selected, the percentage is also configured.

Example
This CLI command displays bandwidth information of an MSRP port.
# show msrp ports bandwidth
Port Port Class Delta Maximum Reserved Available
Speed Effective
------ ------- ----- --------- --------- --------- ---------
5ab 0 M A 75.00% 0.00% 0.00% 0.00%
B 0.00% 0.00% 0.00% 0.00%
*21ab 1000 M A 75.00% 75.00% 0.00% 75.00%
B 0.00% 75.00% 0.00% 75.00%
Flags: (*) Active, (!) Administratively disabled,
(a) SR Class A allowed, (b) SR Class B allowed.

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on platforms that support the AVB feature pack license and
have it installed. For complete information about software licensing, including how to
obtain and upgrade your license, and which platforms support the AVB feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure msrp timers first-value-change-recovery

configure msrp timers first-value-change-recovery
[first_value_change_msec | off]

Description
This command configures MSRP first value change recovery timer, or disables the
timer. If configured, the system waits until the configured timer value before allowing
recovery of streams from first value change failure. If disabled, the system does not
recover from first value change failure.

Syntax Description
msrp Multiple Stream Registration Protocol.
timers Multiple Stream Registration Protocol timers.

978 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

first-value-change- The time interval to wait to allow recovery of stream from

recovery first value change failure.
first_value_change_msec First Value Change Recovery time in milliseconds (range
is 10000 ms to 5400000 ms, default is 30000 ms);
type="uint32_t"; range="[10000, 5400000]".
off Turn off first value change recovery timer, and do not
recover from first value change failure.

Default
30000 ms.

Usage Guidelines
Use this command to allow streams to recover from first value change failure.

Example
# configure msrp timers first-value-change recovery 20000
# configure msrp timers first-value-change recovery off

History
This command was first available in ExtremeXOS 15.3.2.

Platform Availability
This command is available on platforms that support the AVB feature pack license and
have it installed. For complete information about software licensing, including how to
obtain and upgrade your license, and which platforms support the AVB feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure mstp format

configure mstp format format_identifier

Description
Configures the number used to identify the MSTP BPDUs sent in the MSTP region.

Syntax Description
format_identifier Specifies a number that MSTP uses to identify all BPDUs
sent in the MSTP region. The default is 0. The range is 0 to
255.

Switch Engine™ Command Reference Guide for version 32.7.1 979

Default Commands

Default
The default value used to identify the MSTP BPDU is 0.

Usage Guidelines
For a switch to be part of an MSTP region, you must configure each switch in the region
with the same MSTP configuration attributes, also known as MSTP region identifiers.
These identifiers consist of the following:
• Region Name—The name of the MSTP region.
• Format Selector—The number used to identify the format of MSTP BPDUs. The
default is 0.
• Revision Level—This identifier is reserved for future use; however, the switch uses
and displays a default of 3.

You can configure only one MSTP region on the switch at any given time.

The switches contained in a region transmit and receive BPDUs that contain
information relevant to only that MSTP region. By having devices look at the region
identifiers, MSTP discovers the logical boundary of a region.

If you have an active MSTP region, Extreme Networks recommends that you disable all
active STPDs in the region before modifying the value used to identify MSTP BPDUs on
all participating switches.

Example
The following command configures the number 2 to identify the MSTP BPDUs sent
within an MSTP region:

configure mstp format 2

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mstp region

configure mstp region regionName

Description
Configures the name of an MSTP region on the switch.

980 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
regionName Specifies a user-defined name for the MSTP region. May be
up to 32 characters.

Default
By default, the switch uses the MAC address of the switch to generate an MSTP region.

Before you configure the MSTP region, it also has the following additional defaults:
• MSTP format Identifier—0.
• MSTP Revision Level—3.

Usage Guidelines
The maximum length for a name is 32 characters. Names can contain alphanumeric
characters and underscores ( _ ) but cannot be any reserved keywords, for example,
mstp. Names must start with an alphabetical character, for example, a, Z.

By default, the switch uses the unique MAC address of the switch to generate an MSTP
region. Since each MAC address is unique, every switch is in its own region by default.

For multiple switches to be part of an MSTP region, you must configure each switch in
the region with the same MSTP configuration attributes, also known as MSTP region
identifiers. These identifiers consist of the following:
• Region Name—The name of the MSTP region.
• Format Selector—The number used to identify the format of MSTP BPDUs. The
default is 0.
• Revision Level—This identifier is reserved for future use; however, the switch uses
and displays a default of 3.

You can configure only one MSTP region on the switch at any given time.

The switches inside a region exchange BPDUs that contain information for MSTIs.
The switches connected outside of the region exchange CIST information. By having
devices look at the region identifiers, MSTP discovers the logical boundary of a region.

If you have an active MSTP region, we recommend that you disable all active STPDs in
the region before renaming the region on all of the participating switches.

Viewing MSTP Information

To view the MSTP configuration on the switch, use the show stpd command. Output
from this command contains global MSTP settings, including the name of the MSTP
region, the number or tag that identifies all of the BPDUs sent in the MSTP region, and
the reserved MSTP revision level. If configured, the output also displays the name of the
Common and Internal Spanning Tree (CIST), and the number of Multiple Spanning Tree
Instances (MSTIs).

Switch Engine™ Command Reference Guide for version 32.7.1 981

Example Commands

Example
The following example creates an MSTP region named purple:
configure mstp region purple

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mstp revision

configure mstp revision revision

Description
Configures the revision number of the MSTP region.

Syntax Description
revision This parameter is reserved for future use.

Default
The default value of the revision level is 3.

Usage Guidelines
Although this command is displayed in the CLI, it is reserved for future use. Please do
not use this command.

If you accidentally configure this command, remember that each switch in the region
must have the same MSTP configuration attributes, also known as MSTP region
identifiers. These identifiers consist of the following:
• Region Name—The name of the MSTP region.
• Format Selector—The number used to identify the format of MSTP BPDUs. The
default is 0.
• Revision Level—An unsigned integer encoded within a fixed field of 2 octets that
identifies the revision of the current MST configuration. MSTP revision level can
be set from 0 to 65536, with the default being 3. The revision number is not
incremented automatically each time that the MST configuration is committed.

982 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command returns the MSTP revision number to 3, the default revision
number:

configure mstp revision 3

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mvr add receiver

configure mvr vlan vlan-name add receiver port port-list

Description
Configures a port to receive MVR multicast streams.

Syntax Description
vlan-name Specifies a VLAN name.
port-list A list of ports or slots and ports.

Default
N/A.

Usage Guidelines
This command is used to add a group of virtual ports for multicast forwarding through
MVR. By default, some ports on non-MVR VLANs (router ports, primary and secondary
EAPS ports), are excluded from the MVR cache egress list. This command is used to
override these rules, so that if valid IGMP memberships are received, or a router is
detected, streams are forwarded out on the ports.

Example
The following example adds the ports 1:1 and 1:2 of VLAN v1 to MVR for forwarding:
configure mvr vlan v1 add receiver port 1:1-1:2

Switch Engine™ Command Reference Guide for version 32.7.1 983

History Commands

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MVR feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure mvr add vlan

configure mvr add vlan vlan-name

Description
Configures a VLAN as an MVR VLAN.

Syntax Description
vlan-name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
Configures MVR on the specified VLAN. When a multicast stream in the specified MVR
address range is received on the VLAN, it is leaked to all other VLAN ports where the
corresponding IGMP join message is received. By default, the entire multicast address
range 224.0.0.0/4, except for the multicast control range 224.0.0.0/24 is used for MVR. To
change the MVR address range, use the following command:
configure mvr vlan vlan-name mvr-address {policy-name | none}

Example
The following example configures VLAN v1 as an MVR VLAN:
configure mvr add vlan v1

History
This command was first available in ExtremeXOS 11.4.

984 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MVR feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure mvr delete receiver

configure mvr vlan vlan-name delete receiver port port-list

Description
Configures a port not to receive MVR multicast streams.

Syntax Description
vlan-name Specifies a VLAN name.
port-list A list of ports or slots and ports.

Default
N/A.

Usage Guidelines
This command is used to delete a group of virtual ports for multicast forwarding
through MVR. After using this command, the ports revert to the default forwarding
rules.

Example
The following example deletes the ports 1:1 and 1:2 of VLAN v1 to MVR for forwarding:
configure mvr vlan v1 delete receiver port 1:1-1:2

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MVR feature, see the Switch Engine 32.7.1
Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 985

configure mvr delete vlan Commands

configure mvr delete vlan

configure mvr delete vlan vlan-name

Description
Deletes a VLAN from MVR.

Syntax Description
vlan-name Specifies a VLAN name.

Default
N/A.

Usage Guidelines
Removes MVR from the specified VLAN.

Example
The following example configures VLAN v1 as a non-MVR VLAN:
configure mvr delete vlan v1

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MVR feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure mvr mvr-address

configure mvr vlan vlan-name mvr-address {policy-name | none}

Description
Configures the MVR address range on a VLAN.

986 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan-name Specifies a VLAN name.
policy-name Specifies a policy file.

Default
The default address range is 224.0.0.0/4 (all multicast addresses), but excluding
224.0.0.0/24 (the multicast control range).

Usage Guidelines
If no policy file is specified (the none option), the entire multicast address range
224.0.0.0/4, except for the multicast control range 224.0.0.0/24 is used for MVR.

MVR must first be configured on the VLAN before using this command.

If the policy is later refreshed, groups denied and newly allowed groups in the policy are
flushed from fast path forwarding. This allows synching existing channels with the new
policy, without disturbing existing channels.

The following is a sample policy file mvrpol.pol. This policy configures 236.1.1.0/24 as
the MVR address range. Any address outside this range has the standard switching
behavior on an MVR VLAN.
Entry extreme1 {
if match any {
nlri 236.1.1.0/24 ;
}
then {
permit ;
}
}

Example
The following example configures the MVR address range specified in the policy file
mvrpol.pol for the VLAN v1:
configure mvr vlan v1 mvr-address mvrpol

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MVR feature, see the Switch Engine 32.7.1
Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 987

configure mvr static group Commands

configure mvr static group

configure mvr vlan vlan-name static group {policy-name | none}

Description
Configures the MVR static group address range on a VLAN.

Syntax Description
vlan-name Specifies a VLAN name.
policy-name Specifies a policy file.

Default
By default, all the MVR group addresses work in static mode.

Usage Guidelines
If no policy file is specified (the none option), the entire multicast address range
224.0.0.0/4, except for the multicast control range 224.0.0.0/24, is used for static groups
in MVR.

MVR must first be configured on the VLAN before using this command.

The following is a sample policy file mvrpol.pol. This policy configures 236.1.1.0/24 as the
MVR static group address range. Any MVR addresses outside this range are dynamically
registered through IGMP. An MVR VLAN will proxy join only for addresses that are not
in the static group. If you want all the multicast groups to by dynamic, use a policy file
with this command that denies all multicast addresses.
Entry extreme1 {
if match any {
nlri 236.1.1.0/24 ;
}
then {
permit ;
}
}

Example
The following example configures the MVR static group address range specified in the
policy file mvrpol.pol for the VLAN v1:
configure mvr vlan v1 static group mvrpol

History
This command was first available in ExtremeXOS 11.4.

988 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MVR feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure mvrp stpd

configure mvrp stpd stpd_name

Description
Configures the STP domain to use for dynamically created VLANs.

Syntax Description
mvrp Multiple VLAN Registration Protocol.
stpd The STP domain used for MVRP.
stpd_name The STP domain the VLAN is to be associated. All ports
of the domain will be advertised, when this VLAN gets
registered.

Default
s0.

Usage Guidelines
Use this command to configure the STP domain used for MVRP.

Example
The following example configures the default STP domain for MVRP to "stpd2":
configure mvrp stpd stpd2

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 989

configure mvrp tag ports registration Commands

configure mvrp tag ports registration

configure mvrp tag vlan_tag ports [port_list |all] registration
[forbidden |normal ]

Description
This command is used for per port setting for the VLAN registration. If the global
registration is forbidden, ports cannot be added to any VLAN dynamically irrespective
of the per-port setting. So for ports to be registered, the global and the per-port setting
both should be “normal”, which is the default value.

Syntax Description
mvrp Multiple VLAN Registration Protocol.
tag The 802.1Q VLAN ID.
vlan_tag VLAN ID ranging from 1 to 4094; type=uint16_t";
range="[1,4094]".
ports Ports.
port_list Port list separated by a comma or -"; type="portlist_t";
all All ports.
registration Whether port can be added dynamically to the VLAN.
forbidden Port cannot be added dynamically to the VLAN.
normal Port can be added dynamically to the VLAN.

Default
Normal.

Usage Guidelines
Use this command to control dynamic addition of ports to VLANs.

Example
configure mvrp tag 2 ports 2,3,4 registration forbidden

configure mvrp tag 2 ports all registration normal

History
This command was first available in ExtremeXOS 15.3.

The registration option, and forbidden and normal keywords were added in 15.3.2.

990 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure mvrp tag ports transmit

configure mvrp tag vlan_tag ports [port_list | all] transmit [on | off ]

Description
Controls whether the given VLAN ID may be advertised in MVRP messages transmitted
on the given set of ports.

Syntax Description
mvrp Multiple VLAN Registration Protocol.
tag The 802.1Q VLAN ID.
transmit When enabled, MVRP message are sent on the ports.
on Transmission of MVRP messages are enabled on the port(s)
for the given tag.
off Transmission of the MVRP messages are disabled on the
port(s) for the given tag.

Default
Transmit on.

Usage Guidelines
Use this command to control whether the given VLAN ID may be advertised in MVRP
messages transmitted on the given set of ports.

Example
The following command configures transmit off for VLAN ID 100 on all MVRP ports:
configure mvrp tag 100 ports all transmit off

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 991

configure mvrp vlan auto-creation Commands

configure mvrp vlan auto-creation

configure mvrp vlan auto-creation [on | off]

Description
Enables or disables the dynamic VLAN creation feature of MVRP.

Syntax Description
mvrp Multiple VLAN Registration Protocol.
auto-creation When enabled, results in VLANs added dynamically on the
switch through MVRP.
on Enable auto-creation.
off Disable auto-creation.

Default
Enabled.

Usage Guidelines
Use this command to enable or disable the dynamic VLAN creation of MVRP. By
default, auto-creation is enabled. If disabled, the switch may participate in the MVRP
protocol, and advertised static VLANs, but will not dynamically create VLANs.

Example
The following command enables MVRP VLAN auto creation:
configure mvrp vlan auto-creation on

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure mvrp vlan registration

configure mvrp vlan registration forbidden | normal

992 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
This command is a global system setting. If global registration is forbidden, ports
cannot be added to any VLAN dynamically.

Syntax Description
mvrp Multiple VLAN Registration Protocol.
vlan VLAN.
registration Whether all ports can be added to new dynamic VLANs.
This can be overridden by static port addition to VLAN.
forbidden Ports cannot be added dynamically to the VLAN. This can
be overridden by static port addition.
normal Ports can be added dynamically to the VLAN (default).

Default
Normal.

Usage Guidelines
Use this command to set global registration. If global registration is forbidden, ports
cannot be added to any VLAN dynamically.

Example
The following command allows ports to be added dynamically to the VLAN:
configure mvrp vlan registration normal

History
This command was first available in ExtremeXOS 15.3.

The registration keyword was first available in ExtremeXOS 15.3.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure neighbor-discovery cache add

configure neighbor-discovery cache {vr vr_name} add [ipv6address |
scoped_link_local] mac

Description
Adds a static entry to the neighbor cache.

Switch Engine™ Command Reference Guide for version 32.7.1 993

Syntax Description Commands

Syntax Description
vr_name Specifies a VR or VRF.
ipv6address Specifies an IPv6 address.
scoped_link_local Specifies a scoped, link-local address.
mac Specifies a MAC address.

Default
If you do not specify a VR or VRF, the current VR context is used.

Usage Guidelines
This command adds static entries to the neighbor cache.

Example
The following example adds a static entry to the neighbor cache:
configure neighbor-discovery cache add fe80::2315%default 00:11:22:33:44:55

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure neighbor-discovery cache delete

configure neighbor-discovery cache {vr vr_name} delete [ipv6address |
scoped_link_local]

Description
Deletes a static entry from the neighbor cache.

Syntax Description
vr_name Specifies a VR or VRF.
ipv6address Specifies an IPv6 address.
scoped_link_local Specifies a scoped, link-local address.

994 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
If you do not specify a VR or VRF, the current VR context is used.

Usage Guidelines
This command deletes static entries from the neighbor cache.

Example
The following example deletes a static entry from the neighbor cache:
configure neighbor-discovery cache delete fe80::2315%default

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure neighbor-discovery cache locktime

configure neighbor-discovery cache {vr vr_name}{locktime locktime}

Description
Sets the time before a new entry can replace an old entry in the Neighbor Discovery
Protocol (NDP) cache of neighbor IPv6 addresses\MAC addresses.

Syntax Description
vr Specifies setting a VR or VRF.
vr_name Specifies the name of the VR or VRF.
locktime Specifies setting a time before a new entry can replace an
old entry.
locktime Sets the locktime value in milliseconds with a range of 0–
30,000. Default is 1,000 milliseconds.

Default
The default locktime is 1,000 milliseconds.

Switch Engine™ Command Reference Guide for version 32.7.1 995

Example Commands

Example
The following example sets the locktime to 5,000 milliseconds:
configure neighbor-discovery cache locktime 5000

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure neighbor-discovery cache max_entries

configure neighbor-discovery cache max_entries max_entries

Description
Configures the maximum allowed IPv6 neighbor entries.

Syntax Description
max_entries Specifies the maximum allowed IPv6 neighbor entries. The
range is 1 to 49,152.

Default
8,192.

Usage Guidelines
For ExtremeXOS 30.1, the maximum configurable limit for neighbor discovery
maximum entries is changed to 49,152 for all platforms. A message appears if the
configured value exceeds the theoretical hardware maximum limit depending on the
platform.

Example
The following example sets the maximum allowed IPv6 neighbor entries to 512:
configure neighbor-discovery cache max_entries 512

History
This command was first available in ExtremeXOS 12.4.

996 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Per virtual router capability was deprecated and the maximum configurable limit set to
49,152 in ExtremeXOS 30.1.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure neighbor-discovery cache max_pending_entries

configure neighbor-discovery cache max_pending_entries
max_pending_entries

Description
Configures the maximum number of pending IPv6 neighbor entries.

Syntax Description
max_pending_entries Specifies the maximum number of pending IPv6 neighbor
entries. The range is 1 to 4096.

Default
1,024.

Usage Guidelines
None.

Example
The following example sets the maximum number of pending IPv6 neighbor entries to
2,056:
configure neighbor-discovery cache max_pending_entries 2056

History
This command was first available in ExtremeXOS 12.4.

Per virtual router capability was deprecated in ExtremeXOS 30.1.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 997

configure neighbor-discovery cache reachable-time Commands

configure neighbor-discovery cache reachable-time

configure neighbor-discovery cache {reachable-time [auto |
{reachable_time [seconds | milliseconds]}]}

Description
Sets the value for Neighbor Discovery Protocol (NDP) reachable time

Syntax Description
reachable-time Specifies setting the NDP reachable time.
reachable_time Sets the value for the NDP reachable time (range is 1–
1,474,515,000 millisecond or 1–1,474,515 second).
auto Specifies having the NDP reachable time set automatically
to 3/4 of the configured NDP timeout (default).
milliseconds When setting the reachable time value, specifies
milliseconds as the time unit (range is 1–1,474,515,000).
seconds When setting the reachable time value, specifies seconds
(range is 1–1,474,515) as the time unit (default).

Default
The default setting is for the reachable time to be set automatically to 3/4 of the
configured NDP timeout. If you set the time manually, the default unit of measure
for the value is seconds.

Example
The following example sets the reachable time to 500,000 seconds:
configure neighbor-discovery cache reachable-time 500000 seconds

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure neighbor-discovery cache retransmit-time

configure neighbor-discovery cache {retransmit-time retransmit_time}

998 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Sets the value for Neighbor Discovery Protocol (NDP) retransmit time

Syntax Description
retransmit-time Specifies setting the retransmit time.
retransmit_time Sets the retransmit time value (range is 1–4,294,967
seconds or 1– 4,294,967,295 milliseconds). The default is 1
second.
milliseconds When setting the retransmit time value, specifies
milliseconds as the time unit (range is 1–4,294,967,295).
seconds When setting the retransmit time value, specifies seconds
(range is 1–4,294,967) as the time unit (default).

Default
The default setting for the retransmit time is 1 second. The default unit of measure is
seconds.

Example
The following example sets the retransmit time to 500,000 seconds:
configure neighbor-discovery cache retransmit-time 500000 seconds

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure neighbor-discovery cache timeout

configure neighbor-discovery cache {vr vr_name} timeout timeout

Description
Configures a timeout value for entries in the neighbor cache.

Syntax Description
vr_name Specifies a VR or VRF.
timeout Specifies a timeout value for neighbor cache entries. The
range is 1 to 32767 minutes.

Switch Engine™ Command Reference Guide for version 32.7.1 999

Default Commands

Default
20 minutes.

Usage Guidelines
None.

Example
The following example configures the neighbor cache timeout for 30 minutes:
configure neighbor-discovery cache timeout 30

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document. />

configure netlogin add mac-list

configure netlogin add mac-list [mac {mask} | default] {encrypted
{encrypted_password | password} {ports port_list}

Description
Adds an entry to the MAC address list for MAC-based network login.

Syntax Description
mac Specifies the MAC address to add.
mask Specifies the number of bits to use for the mask.
default Specifies the default entry.
encrypted Used to display encrypted form of password in
configuration files. Do not use.
password Specifies the password to send for authentication.
ports Specifies the port or port list to use for authentication.

Default
If no password is specified, the MAC address will be used.

1000 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use this command to add an entry to the MAC address list used for MAC-based
network login.

If no match is found in the table of MAC entries, and a default entry exists, the default
will be used to authenticate the client. All entries in the list are automatically sorted in
longest prefix order.

configure netlogin add mac-list default configuration is added by default when

enable netlogin mac is configured.

Associating a MAC Address to a Port

You can configure the switch to accept and authenticate a client with a specific MAC
address. Only MAC addresses that have a match for the specific ports are sent for
authentication. For example, if you associate a MAC address with one or more ports,
only authentication requests for that MAC addresses received on the port(s) are sent
to the RADIUS (Remote Authentication Dial In User Service) server. The port(s) block all
other authentication requests that do not have a matching entry. This is also known as
secure MAC.

To associate a MAC address with one or more ports, specify the ports option
when using the configure netlogin add mac-list [mac {mask} | default]
{encrypted} {password} {portsport_list} command.

You must enable MAC-based network login on the switch and the specified ports
before using this command. If MAC-based network login is not enabled on the
specified port(s), the switch displays a warning message similar to the following:
WARNING: Not all specified ports have MAC-Based NetLogin enabled.

If this occurs, make sure to enable MAC-based network login.

Example
The following command adds the MAC address 10:20:30:40:50:60 with the password foo
to the list:
configure netlogin add mac-list 10:20:30:40:50:60 password foo

The following command associates MAC address 10:20:30:40:50:70 with ports 2:2 and
2:3. This means authentication requests from MAC address 10:20:30:40:50:70 are only
accepted on ports 2:2 and 2:3:
configure netlogin add mac-list mac 10:20:30:40:50:70 ports 2:2-2:3

History
This command was first available in ExtremeXOS 11.1.

The ports option was added in ExtremeXOS 11.3.

Switch Engine™ Command Reference Guide for version 32.7.1 1001

Platform Availability Commands

Default configuration when enable netlogin mac is entered was added in

ExtremeXOS 31.3.

Platform Availability
This command is available on all Universal switches supported in this document..

configure netlogin add proxy-port

configure netlogin add proxy-port tcp_port {http | https}

Description
Configure the ports that will be hijacked and redirected for HTTP or HTTPS traffic.

Syntax Description
tcp_port Specifies the port to be hijacked.

Default
HTTP traffic.

Usage Guidelines
This command allows you to configure the ports that will be hijacked and redirected for
HTTP or HTTPS traffic. For each hijacked proxy port, you must specify whether the port
is to be used for HTTP or HTTPS traffic.

No more than 5 such ports are supported in addition to ports 80 and ports 443.
Attempts to add more than 5 ports generate an error.

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin agingtime

configure netlogin agingtime minutes

Description
Lets you configure network login aging.

1002 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
minutes Specifies the aging time in minutes.

Default
The default value is 5.

Usage Guidelines
Use this command to configure the aging time for network login. The aging time is
the time after which learned clients that failed authentication or did not attempt to
authenticate are removed from the system. This prevents the switch from keeping all
clients ever seen on a network-login-enabled port.

The range can be from 0 to 3000, where 0 indicates no age out.

Example
The following command specifies an aging time of 15 minutes:

configure netlogin agingtime 15

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin allowed-refresh-failures

configure netlogin allowed-refresh-failures num_failures

Description
Sets the number refresh failures.

Syntax Description
num_failures Specifies the number of refresh failures. The range is from
0 to 5.

Default
The default is 0.

Switch Engine™ Command Reference Guide for version 32.7.1 1003

Usage Guidelines Commands

Usage Guidelines
This command allows you to set the number of refresh failures allowed. You can set the
number of failures to be from between 0 to 5. The default value is 0.

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin authentication database-order

configure netlogin [mac | web-based] authentication database-order
[[radius] | [local] | [radius local] | [local radius]]

Description
Configures the order of database authentication protocols to use.

Syntax Description
mac Specifies MAC-based authentication.
web-based Specifies Web-based authentication.
radius Specifies an authentication order from only the RADIUS
database.
local Specifies an authentication order from only the local
database.
radius local Specifies an authentication order of RADIUS database first,
followed by local.
local radius Specifies an authentication order of local database first,
followed by RADIUS.

Default
By default, the authentication order is RADIUS, local-user database.

Usage Guidelines
As of ExtremeXOS 16.1, the functionality of this command is more consistent with
management authentications. If RADIUS responds with a reject, then that reject is
honored. The only time the local database is checked is when the RADIUS server does
not respond.

1004 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command sets the database authentication order to local-user database,
RADIUS:

configure netlogin mac authentication database-order local radius

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin authentication failure vlan

configure netlogin authentication failure vlan vlan_name {ports
port_list}

Description
Configures authentication failure VLAN on network login enabled ports.

Syntax Description
vlan_name Specifies the name of the authentication failure VLAN.
port_list Specifies one or more ports or slots and ports. If the ports
keyword is not used, the command applies to all ports.

Default
By default, authentication failure VLAN is configured on all network login enabled ports
if no port is specifically configured.

Usage Guidelines
Use this command to configure authentication failure VLAN on network login enabled
ports. When a supplicant fails authentication, it is moved to the authentication failure
VLAN and is given limited access until it passes the authentication either through
RADIUS or local. Depending on the authentication database order for that particular
network login method (MAC, web or dot1x), the other database is used to authenticate
the client. If the final result is an authentication failure and if the authentication failure
VLAN is configured and enabled on that port, the client is moved to that location.

Switch Engine™ Command Reference Guide for version 32.7.1 1005

History Commands

There four different authentication orders which can be configured per authentication
method currently. They are:
• RADIUS.
• local.
• RADIUS, local.
• local, RADIUS.

In each case, you must consider the end result in deciding whether to authenticate
the client in authentication failure VLAN or authentication service unavailable VLAN (if
configured).

For example, when netlogin mac authentication database order is local, radius,
if the authentication of a MAC client fails through a local database, RADIUS is
used for authentication. If RADIUS also fails authentication, the client is moved to
authentication failure VLAN. The same is true for all authentication database orders
(radius,local; local,radius; radius; local).

If authentication through local fails, but passes through RADIUS, the client is moved to
the appropriate destination VLAN.

If the local authentication fails and the RADIUS server is not available, the client is not
moved to authentication failure VLAN.

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin authentication protocol-order

configure netlogin authentication protocol-order [[dot1x [web-based |
mac | cep]] | [mac [dot1x | web-based | cep]] | [web-based [dot1x |
mac | cep]] | [cep [dotlx | web-based | mac]]]

Description
Globally configures the order of the Network Login (NetLogin) port’s authentication
protocols.

Syntax Description
dot1x Configures the 802.1x authentication protocol preference.
mac Configures the MAC-based authentication protocol
preference.

1006 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

web-based Configures the web-based authentication protocol

preference.
cep Configure Convergence End Point (CEP) authentication
protocol preference. CEP only appears as an option if policy
is enabled.

Default
By default, the protocol precedence order for a NetLogin-enabled port is:
• Dot1x
• Web-based
• MAC
• CEP

Usage Guidelines
Web-based authentication occurs only when the port belongs to the NetLogin VLAN.

When you change the protocol precedence, the action for the current highest
precedence protocol takes effect immediately if the client is authenticated by this
protocol.

When you disable the highest precedence protocol on a port, the action for the next
precedence protocol takes effect immediately if client is authenticated by this protocol.

CEP only appears as an option in the command if policy is enabled.

Example
The following example sets the protocol precedence order to Dot1x, Web-based, and
MAC.
configure netlogin authentication protocol-order dot1x web-based mac cep

History
This command was first available in ExtremeXOS 15.7.1.

CEP option was added in ExtremeXOS 32.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin authentication service-unavailable vlan

configure netlogin authentication service-unavailable [{add} | {delete}
| {{vlan vlan_name} {ports port_list {tagged | untagged}}}]

Switch Engine™ Command Reference Guide for version 32.7.1 1007

Description Commands

Description
Configures authentication service-unavailable VLAN on NetLogin-enabled ports.

Syntax Description
vlan_name Specifies the name of the service-unavailable VLAN.
port_list Specifies one or more ports or slots and ports. If the ports
keyword is not used, the command applies to all ports.
add Add service-unavailable VLAN to ports (default).
tagged Configure port as tagged to the service-unavailable VLAN.
untagged Configure port as untagged to the service-unavailable
VLAN (default).
delete Delete existing service-unavailable VLAN from ports.

Default
If a port is not specified, all NetLogin-enabled ports are applied.

If not specified, the command adds service-unavailable VLAN to ports by default.

If not specified, the ports are configured as untagged to the service-unavailable VLAN
by default.

Usage Guidelines
This command configures authentication service-unavailable VLAN(s) on the specified
NetLogin-enabled ports. Authentication service-unavailable VLAN is configured on all
the NetLogin-enabled ports, if no port is specifically selected. When an authentication
service is not available to authenticate the NetLogin clients, they are moved to the
authentication service-unavailable VLAN(s) and are given limited access until the
authentication service is available through RADIUS.

Starting with ExtremeXOS 30.2, you can specify up to 10 service-unavailable VLANs per
port.

As of ExtremeXOS 16.1, the functionality of this command is more consistent with

management authentications. If RADIUS responds with a reject, then that reject is
honored.

There are four different authentication orders that can be configured per
authentication method currently. They are:
• RADIUS
• Local
• RADIUS, local
• Local, RADIUS

1008 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

The service unavailable VLAN is used only when authentication order is "RADIUS". The
authentication failure VLAN is used for all other modes (local; RADIUS, local; local,
RADIUS).

For example, when the Netlogin MAC authentication database order is local, RADIUS,
if the authentication of a MAC client fails through a local database, RADIUS is used
for authentication. If RADIUS also fails authentication, the client is moved to the
authentication failure VLAN.

Authentication service is considered to be unavailable for RADIUS in the following

cases:
• RADIUS server is not running.
• RADIUS server is not configured on the switch.
• RADIUS server is configured but not enabled on the switch.

Note
If web is enabled on a port where Dot1x or MAC is also enabled,
the authentication failure/service-unavailable VLAN configuration is not
applicable to those clients where Dot1x or MAC clients that fail
authentication or where authentication service is not available.

Example
The following example adds the service-unavailable VLAN "v1" on tagged ports 1 and 2:
# configure netlogin authentication service-unavailable add vlan v1 ports 1,2 tagged

History
This command was first available in ExtremeXOS 12.1.

The ability to configure multiple service-unavailable VLANs was added in ExtremeXOS

30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin banner

configure netlogin banner banner

Description
Configures the network login page banner.

Switch Engine™ Command Reference Guide for version 32.7.1 1009

Syntax Description Commands

Syntax Description
banner Specifies the HTML code for the banner.

Default
The default banner is the Extreme Networks logo.

Usage Guidelines
The banner is a quoted, HTML string, that will be displayed on the network login page.
The string is limited to 1024 characters.

This command applies only to the web-based authentication mode of network login.

Example
The following command configures the network login page banner:

configure netlogin banner "<html><head>Please Login</head></html>"

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin base-url

configure netlogin base-url url

Description
Configures the base URL for network login.

Syntax Description
url Specifies the base URL for network login.

Note: The netlogin base-url is restricted to 79 characters.

Default
The base URL default value is “network-access.com.”

1010 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
When you login using a web browser, you are redirected to the specified base URL,
which is the DNS name for the switch.

You must configure a DNS name of the type “www.xx…xx.xxx” or “xx…xx.xxx”.

This command applies only to the web-based authentication mode of network login.

Example
The following command configures the network login base URL as access.net:

configure netlogin base-url access.net

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin delete mac-list

configure netlogin delete mac-list [mac {mask} | default]

Description
Deletes an entry from the MAC address list for MAC-based network login.

Syntax Description
mac Specifies the MAC address to delete.
mask Specifies the number of bits to use for the mask.
default Specifies the default entry.

Default
N/A.

Usage Guidelines
Use this command to delete an entry from the MAC address list used for MAC-based
network login.

Use this command to remove the default MAC-list configuration after running enable
netlogin mac.

Switch Engine™ Command Reference Guide for version 32.7.1 1011

Example Commands

Example
The following command deletes the MAC address 10:20:30:40:50:60 from the list:

configure netlogin delete mac-list 10:20:30:40:50:60

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin delete proxy-port

configure netlogin delete proxy-port tcp_port

Description
Configure the ports that are to be hijacked and redirected for HTTP or HTTPS traffic.

Syntax Description
tcp_port Specifies the port to be hijacked.

Default
N/A.

Usage Guidelines
This command allows you to unconfigure the ports that will be hijacked and redirected
for HTTP or HTTPS traffic.

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin dot1x eapol-transmit-version

configure netlogin dot1x eapol-transmit-version eapol-version

1012 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures the default EAPOL version sent in transmitted packets for network login.

Syntax Description
eapol-version Specifies the EAPOL version. Choices are "v1" or "v2".

Default
The default is "v1".

Usage Guidelines
Although the ExtremeXOS software supports EAPOL version 2, some clients do not
yet accept the version 2 EAPOL packets. The packet format for the two versions is the
same.

Example
The following command changes the EAPOL version to 2:

configure netlogin dot1x eapol-transmit-version v2

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin dot1x guest-vlan

configure netlogin dot1x guest-vlan vlan_name {ports port_list}

Description
Configures a guest VLAN for 802.1X authentication network login.

Syntax Description
vlan_name Specifies the name of the guest VLAN.
port_list Specifies one or more ports or slots and ports. If the ports
keyword is not used, the command applies to all ports.

Switch Engine™ Command Reference Guide for version 32.7.1 1013

Default Commands

Default
N/A.

Usage Guidelines
This command configures the guest VLAN for 802.1X on the current virtual router (VR).

Note
Beginning with ExtremeXOS 11.6, you can configure guest VLANs on a per port
basis, which allows you to configure more than one guest VLAN per VR. In
ExtremeXOS 11.5 and earlier, you can only configure guest VLANs on a per VLAN
basis, which allows you to configure only one guest VLAN per VR.

If you do not specify any ports, the guest VLAN is configured for all ports.

Each port can have a different guest VLAN.

A guest VLAN provides limited or restricted network access if a supplicant connected to

a port does not respond to the 802.1X authentication requests from the switch. A port
always moves untagged into the guest VLAN.

Keep in mind the following when configuring guest VLANs:

• You must create a VLAN and configure it as a guest VLAN before enabling the guest
VLAN feature.
• Configure guest VLANs only on network login ports with 802.1X enabled.
• Movement to guest VLANs is not supported on network login ports with MAC-based
or web-based authentication.
• 802.1X must be the only authentication method enabled on the port for movement
to guest VLAN.
• No supplicant on the port has 802.1X capability.
• You configure only one guest VLAN per virtual router interface.

Note
The supplicant does not move to a guest VLAN if it fails authentication after
an 802.1X exchange; the supplicant moves to the guest VLAN only if it does
not respond to an 802.1X authentication request.

Modifying the Supplicant Timer

By default, the switch attempts to authenticate the supplicant every 30 seconds for
a maximum of three tries. If the supplicant does not respond to the authentication
requests, the client moves to the guest VLAN. The number of authentication attempts
is not a user-configured parameter.

To modify the supplicant response timer, use the following command and specify the
supp-resp-timeout parameter:

1014 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Enabling Guest VLANs

configure netlogin dot1x timers [{server-timeout server_timeout}

{quiet-periodquiet_period} {reauth-period reauth_period {reauth-
maxmax_num_reauths}} {supp-resp-timeoutsupp_resp_timeout}]

If a supplicant on a port in the guest VLAN becomes 802.1X-capable, the switch starts
processing the 802.1X responses from the supplicant. If the supplicant is successfully
authenticated, the port moves from the guest VLAN to the destination VLAN specified
by the RADIUS server.

Enabling Guest VLANs

To enable the guest VLAN, use the following command:
enable netlogin dot1x guest-vlan ports [all |ports]

Example
The following command creates a guest VLAN for 802.1X named guest for all ports:

configure netlogin dot1x guest-vlan guest

The following command creates a guest VLAN named guest for ports 2 and 3:

configure netlogin dot1x guest-vlan guest ports 2,3

History
This command was first available in ExtremeXOS 11.2.

The ports option was added in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin dot1x tag-eapol

configure netlogin dot1x tag-eapol [on | off]

Description
Configures receiving tagged EAPOL packets on dot1x-enabled ports.

Syntax Description
on Turns EAPOL-tagged frames feature on.
off Turns EAPOL-tagged frames feature off . Default is off.

Switch Engine™ Command Reference Guide for version 32.7.1 1015

Default Commands

Default
Default is off.

Usage Guidelines
When this feature is on and switch receives tagged EAPOL packet on dot1x-enabled
ports, tagged EAPOL response is sent out on those ports. On untagged ports, the
EAPOL frames are sent untagged. When this feature is off, switch sends unatgged
EAPOL packets on all the tagged/untagged ports. This command allows you to
authenticate dot1x users on tagged and unatagged ports.

This command is applicable only for policy-enabled mode.

Example
The following example enables the switch to send tagged EAPOL packets:
configure netlogin dot1x tag-eapol on

History
This command was first available in ExtremeXOS 22.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin dot1x timers

configure netlogin dot1x timers [{server-timeout server_timeout}
{quiet-period quiet_period} {reauth-period reauth_period {reauth-max
max_num_reauths}} {reauthentication [on | off} {supp-resp-timeout
supp_resp_timeout}]

Description
Configures the 802.1X timers for network login.

Syntax Description
server-timeout Specifies the timeout period for a response from the
RADIUS server. The range is 1 to 120 seconds.
quiet-period Specifies the time for which the switch will not attempt to
communicate with the supplicant after authentication has
failed. The range is 0 to 65535 seconds.
reauth-period Specifies time after which the switch will attempt to re-
authenticate an authenticated supplicant. The range is 0 to
86,400 seconds.

1016 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

reauth-max Specifies the maximum reauthentication counter value.

The range is 1 to 10.
supp-resp-timeout Specifies the time for which the switch will wait for a
response from the supplicant. The range is 1 to 120 seconds.
reauthentication Enables or disables dot1x reauthentication
on Enables reauthentication.
off Disables reauthentication.

Default
The defaults are as follows:
• server-timeout—30 seconds.
• quiet-period—60 seconds.
• reauth-period—3600 seconds.
• reauth-max—3.
• supp-resp-timeout—30 seconds.

Usage Guidelines
To disable re-authentication, specify 0 for the reauth-period parameter. (If reauth-
period is set to 0, reauth-max value doesn't apply.)

If you attempt to configure a timer value that is out of range (not supported), the switch
displays an error message. The following is a list of sample error messages:
• server-timeout—ERROR: RADIUS server response timeout out of range
(1..120 sec)
• quiet-period—%% Invalid number detected at '^' marker. %% Input number
must be in the range [0, 65535].
• reauth-period—%% Invalid input detected at '^' marker. %% Input number must be
in the range [0, 86400].
• reauth-max—ERROR: Re-authentication counter value out of range (1..10)
• supp-resp-timeout—ERROR: Input number must be in the range [1, 10].
• greater than RADIUS timeout—Dot1x server timeout should be configured
with a value greater than the RADIUS server timeout.

To display the 802.1X timer settings, use the show netlogin command with and
without the dot1x option.

If reauthentication is enabled by this command, the session-timeout value sent from

RADIUS has priority. If no value is sent from RADIUS, then the locally configured
reauth_period defines the reauthentication period.

If the locally configured value is "0" with reauthentication off, and if any session timeout
value sent from RADIUS is ignored, the locally configured "0" takes precedence.

Switch Engine™ Command Reference Guide for version 32.7.1 1017

Example Commands

Example
The following command changes the 802.1X server-timeout to 10 seconds:
configure netlogin dot1x timers server-timeout 10

History
This command was first available in ExtremeXOS 11.1.

The reauth-max keyword was added in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin dynamic-vlan

configure netlogin dynamic-vlan [disable | enable]

Description
Configures the switch to automatically and dynamically create a VLAN after receiving
authentication requests from one or more supplicants (clients).

Syntax Description
disable Specifies that the switch does not automatically create dynamic
VLANs. This is the default behavior.
enable Specifies that the switch automatically create dynamic VLANs.

Default
The default is disabled.

Usage Guidelines
Use this command to configure the switch to dynamically create a VLAN. If configured
for dynamic VLAN creation, the switch automatically creates a supplicant VLAN that
contains both the supplicant’s physical port and one or more uplink ports.

1018 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Supported Vendor Specific Attributes

A dynamically created VLAN is only a Layer 2 bridging mechanism; this VLAN does not
work with routing protocols to forward traffic. After the switch unauthenticates all of
the supplicants from the dynamically created VLAN, the switch deletes that VLAN.

Note
Dynamically created VLANs do not support the session refresh feature of web-
based network login because dynamically created VLANs do not have an IP
address. Also, dynamic VLANs are not supported on ports when STP and
network login are both configured on the ports.

By dynamically creating and deleting VLANs, you minimize the number of active
VLANs configured on your edge switches. In addition, the RADIUS server forwards VSA
information to dynamically create the VLAN thereby simplifying switch management. A
key difference between dynamically created VLANs and other VLANs is that the switch
does not save dynamically created VLANs. Even if you use the save command, the
switch does not save a dynamically created VLAN.

Supported Vendor Specific Attributes

To prevent conflicts with existing VLANs on the switch, the RADIUS server uses Vendor
Specific Attributes (VSAs) to forward VLAN information, including VLAN ID, to the
switch. The following list specifies the supported VSAs for configuring dynamic network
login VLANs:
• Extreme: Netlogin-VLAN-ID (VSA 209).
• IETF: Tunnel-Private-Group-ID (VSA 81).
• Extreme: Netlogin-Extended-VLAN (VSA 211).

Note
If the ASCII string only contains numbers, it is interpreted as the VLAN ID.
Dynamic VLANs only support numerical VLAN IDs; VLAN names are not
supported.

The switch automatically generates the VLAN name in the following format:
SYS_NLD_TAG where TAG specifies the VLAN ID. For example, a dynamic network login
VLAN with an ID of 10 has the name SYS_NLD_0010.

Specifying the Uplink Ports

To specify one or more ports as tagged uplink ports that are added to the dynamically
created VLAN, use the following command: configure netlogin dynamic-vlan
uplink-ports

The uplink ports send traffic to and from the supplicants from the core of the network.

By default the setting is none. For more information about this command, see the
usage guidelines for configure netlogin dynamic-vlan uplink-ports.

Switch Engine™ Command Reference Guide for version 32.7.1 1019

Viewing Status Information Commands

Viewing Status Information

To display summary information about all of the VLANs on the switch, including any
dynamic VLANs currently operating on the switch, use the following command: show
vlan

If the switch dynamically creates a VLAN, the VLAN name begins with SYS_NLD_ and
the output contains a d flag for the dynamically created VLAN.

To display the status of dynamic VLAN configuration on the switch, use the following
command: show netlogin

The switch displays the current state of dynamic VLAN creation (enabled or disabled)
and the uplink port(s) associated with the dynamic VLAN.

Example
The following example automatically adds ports 1:1-1:2 to the dynamically created VLAN
as uplink ports:
configure netlogin dynamic-vlan uplink-ports 1:1-1:2

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin dynamic-vlan uplink-ports

configure netlogin dynamic-vlan uplink-ports [port_list | none]

Description
Specifies which port(s) are added as tagged, uplink ports to the dynamically created
VLANs for network login.

Syntax Description
port_list Specifies one or more ports to add to the dynamically
created VLAN for network login.
none Specifies that no ports are added. This is the default
setting.

Default
The default setting is none.

1020 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use this command to specify which port(s) are used as uplink ports and added to the
dynamically created VLAN for network login. The uplink ports send traffic to and from
the supplicants from the core of the network.

Uplink ports should not be configured for network login (network login is disabled
on uplink ports). If you specify an uplink port with network login enabled, the
configuration fails and the switch displays an error message similar to the following:
ERROR: The following ports have NetLogin enabled: 1, 2

If this occurs, select a port with network login disabled.

Enabling Dynamic Network Login VLANs

To configure the switch to dynamically create a VLAN upon receiving an authentication
response, use the following command:
configure netlogin dynamic-vlan [disable | enable]

By default, the setting is disabled. For more detailed information about this command,
see the usage guidelines configure netlogin dynamic-vlan uplink-ports.

Viewing Status Information

To display summary information about all of the VLANs on the switch, including any
dynamic VLANs currently operating on the switch, use the following command:
show vlan

If the switch dynamically creates a VLAN, the VLAN name begins with SYS_NLD_ and
the output contains a d flag for the dynamically created VLAN.

To display the status of dynamic VLAN configuration on the switch, use the following
command:
show netlogin

The switch displays the current state of dynamic VLAN creation (enabled or disabled)
and the uplink port(s) associated with the dynamic VLAN.

Example
The following command configures the switch to add ports 1:1-1:2 to the dynamically
created network login VLAN:

configure netlogin dynamic-vlan uplink-ports 1:1-1:2

History
This command was first available in ExtremeXOS 11.6.

Switch Engine™ Command Reference Guide for version 32.7.1 1021

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin idle-timeout

configure netlogin idle-timeout {convergence-endpoint | dot1x | mac |
web-based} timeout

Description
This command clears multiple authentication properties for one or more ports.

Syntax Description
dot1x IEEE 802.1X Port-based network access control.
mac MAC authentication.
web-based Web-based authentication.
convergence-endpoint Convergence-endpoint authentication.
timeout Number of seconds before idle timeout (range 0-172800).

Default
Timeout = 300 seconds.

Usage Guidelines
This command appears in show configuration {module-name} {detail} for "policy"
rather than "netlogin."

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin local-user security-profile

configure netlogin local-user user-name security-profile
security_profile

Description
Changes a previously associated security profile.

1022 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
user-name Specifies the name of an existing local network login
account.
security_profile Specifies a security profile string during account creation.

Default
N/A.

Usage Guidelines
Use this command to change any previously associated security profiles on the switch.

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin local-user

configure netlogin local-user user-name {vlan-vsa [[{tagged | untagged}
[vlan_name | vlan_tag]] | none]}

Description
Configures an existing local network login account.

Syntax Description
user-name Specifies the name of an existing local network login
account.
tagged Specifies that the client be added as tagged.
untagged Specifies that the client be added as untagged.
vlan_name Specifies the name of the destination VLAN.
vlan_tag Specifies the VLAN ID, tag, of the destination VLAN.
none Specifies that the VSA 211 wildcard (*) is applied, only if you
do not specify tagged or untagged.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 1023

Usage Guidelines Commands

Usage Guidelines
Use this command to modify the attributes of an existing local network login account.
You can update the following attributes associated with a local network login account:
• Password of the local network login account.
• Destination VLAN attributes including: adding clients tagged or untagged, the
name of the VLAN, and the VLAN ID.

Note
Passwords are case-sensitive and must have a minimum of 1 character and
a maximum of 32 characters.

You must create a local network login account before using this command. To create a
local network login user name and password, use the following command:
create netlogin local-user user-name {encrypted} {password} {vlan-
vsa [[{tagged | untagged} [vlan_name] | vlan_tag]]} {security-
profilesecurity_profile}

If the switch displays a message similar to the following:

* Switch # configure netlogin local-user purplenet

^
%% Invalid input detected at '^' marker.

You might be attempting to modify a local network login account that is not present
or the switch, or you might have incorrectly entered the account name. To confirm the
names of the local network login accounts on your switch, use the following command:
show netlogin local-users

Additional Requirements
This command applies only to the web-based and MAC-based modes of network login.
802.1X network login does not support local database authentication.

You must have administrator privileges to use this command. If you do not have
administrator privileges, the switch displays a message similar to the following:
This user does not have permissions for this command.

Passwords are case-sensitive. Passwords must have a minimum of 0 characters and

a maximum of 32 characters. If you attempt to create a password with more than 32
characters, the switch displays the following message after you re-enter the password:
Password cannot exceed 32 characters

Example
This section contains the following examples:
• Updating the password.
• Modifying destination VLAN attributes.

1024 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Updating the Password

Updating the Password

The following command updates the password of an existing local network login
account:
configure netlogin local-user megtest

After you enter the local network login user name, press [Enter]. The switch prompts
you to enter a password; however, the switch does not display the password. At the
prompt enter the new password:
password:

After you enter the new password, press [Enter]. The switch then prompts you to re-
enter the password:
Reenter password:

Updating VLAN Attributes

You can add a destination VLAN, change the destination VLAN, or remove the
destination from an existing local network login account. This example changes the
destination VLAN for the specified local network login account:

configure netlogin local-user megtest vlan-vsa green

History
This command was first available in ExtremeXOS 11.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin mac timers reauth-period

configure netlogin mac ports [port_list | all] timers [{reauth-period
[reauth_period]} {reauthentication [on|off]} {delay [delay_period]}]

Description
Configures the reauthentication period for network login MAC-based authentication.

Syntax Description
reauth_period Specifies time after which the switch will attempt to re-
authenticate an authenticated supplicant. The range is 0,
30 to 86,400 seconds.
reauthentication Configure mac reauthentication.
on MAC reauthentication is enabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1025

Default Commands

off MAC reauthentication is disabled.

delay Configure MAC authentication delay period.
delay_period MAC authentication delay period. 0-120 seconds range.

Default
The default is 0 (disabled).

Usage Guidelines
This command allows you to configure the reauth-period for network login MAC-based
authentication. The session-timeout configuration on the RADIUS server overrides the
reauth-period if it has been configured.

In MAC mode, if reauthentication is turned off, globally and per-port, using this
command, a session timeout sent by RADIUS takes precedence and local timers are
ignored.

Example
The following command configures a MAC authentication delay period of 100 seconds
on port 39:
configure netlogin mac ports 39 timers delay 100

History
This command was first available in ExtremeXOS 12.1.

The delay keyword and variable were added in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin mac username case

configure netlogin mac username case (lower | upper}

Description
Sets option to send the Network Login (NetLogin) MAC Authentication MAC address in
either uppercase or lowercase for user name or password.

1026 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
netlogin Configures NetLogin specific settings.
mac Configures NetLogin settings specific to MAC.
username Configures MAC user name credential attributes.
case Configures MAC user name case.
lower Use lowercase (for example: aa:bb:cc:dd:ee:ff).
upper Use uppercase (for example: AA:BB:CC:DD:EE:FF). Default.

Default
By default, the uppercase is used.

Usage Guidelines
When the user name case is configured as lowercase, if the client with MAC address
aa:bb:cc:dd:ee:ff sends a frame, Netlogin MAC sends “aabbccddeeff” (default “None”
delimiter) as username and default password for authentication.

Example
The following example sets the NetLogin MAC to be sent in lowercase:
# configure netlogin mac username case lower

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin mac username format

configure netlogin mac username format [hyphenated | colon-separated |
none]

Description
Configures the NetLogin MAC username format used when sending out for
authentication to a RADIUS server.

Switch Engine™ Command Reference Guide for version 32.7.1 1027

Syntax Description Commands

Syntax Description
mac Configure Network Login settings specific to MAC.
username Configure username credential attributes.
format Configure username format.
hyphenated Hyphen separator (XX-XX-XX-XX-XX-XX).
colon-separated Colon separator (XX:XX:XX:XX:XX:XX).
none No separator (XXXXXXXXXXXX) (This is the default).

Default
No separator is the default.

Example
The following example sets the MAC username format with colon separator:
configure netlogin mac username format colon-separated

History
This command was first available in ExtremeXOS 12.1.

The colon-separated option was added in ExtremeXOS 22.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin move-fail-action

configure netlogin move-fail-action [authenticate | deny]

Description
Configures the action network login takes if a VLAN move fails. This can occur if two
clients attempt to move to an untagged VLAN on the same port.

Syntax Description
authenticate Specifies that the client is authenticated.
deny Specifies that the client is not authenticated. This is the
default setting.

Default
The default setting is deny.

1028 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use this command to specify how network login behaves if a VLAN move fails. Network
login can either authenticate the client on the current VLAN or deny the client.

The following describes the parameters of this command if two clients want to move to
a different untagged VLAN on the same port:
• authenticate—Network login authenticates the first client that requests a move and
moves that client to the requested VLAN. Network login authenticates the second
client but does not move that client to the requested VLAN. The second client moves
to the first client’s authenticated VLAN.
• deny—Network login authenticates the first client that requests a move and moves
that client. Network login does not authenticate the second client.

To view the current move-fail-action setting on the switch, use the show netlogin
command.

Example
The following command configures network login to authenticate the client on the
current VLAN:

configure netlogin move-fail-action authenticate

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin port allow egress-traffic

configure netlogin ports [port_list | all] allow egress-traffic [none |
unicast | broadcast | all_cast]

Description
Configures the egress traffic in an unauthenticated state.

Syntax Description
all Specifies all network login ports.
port_list Specifies one or more network login ports.
none Specifies that no traffic is sent out if if no authenticated
clients exist on the VLAN.

Switch Engine™ Command Reference Guide for version 32.7.1 1029

Default Commands

unicast Specifies that the unicast flooding traffic for the VLANs on
the network login enabled port be sent.
broadcast Specifies that the broadcast traffic for the VLANs on the
network login enabled port be sent.
all_cast Specifies that the broadcast and unicast flooding traffic for
the VLANs on the network login enabled port be sent.

Default
The default is none.

Usage Guidelines
This command allows you to configure the egress traffic in an unauthenticated state on
a per-port basis.

Enabling ONEPolicy removes the action of this command. This command is supported
only in non-policy mode

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin ports

configure netlogin ports [all | port_list] [allowed-users allowed_users
| authentication mode [optional | required] | trap [all-traps | no-
traps | [{success} {failed} {terminated} {max-reached}]]]

Description
Use this command to set the NetLogin trap setting for ports.

Syntax Description
all Configure all ports in the system.
port_list List of ports to configure.
allowed-users Number of users allowed per port. Only applicable if the
ONEPolicy feature is enabled.
allowed_users Number of users allowed per port.
authentication mode Port authentication mode. Only applicable if the
ONEPolicy feature is enabled.

1030 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

optional Authentication optional. Only applicable if ONEPolicy is

enabled.
required Authentication required. Only applicable if ONEPolicy is
enabled.
all-traps Enable sending all trap types. Only applicable if the
ONEPolicy feature is enabled.
no-traps Disable sending all trap types. Only applicable if the
ONEPolicy feature is enabled.
success Enable sending success trap.
fails Enable sending failed trap.
terminated Enable sending terminated trap.
max-reached Enable sending max number users reached trap. This is
applicable in ONEPolicy mode only.

Default
By default, all traps are sent in both ONEPolicy mode and non-ONEPolicy mode.

Usage Guidelines
The following command options are only applicable if ONEPolicy is enabled. They have
no effect without ONEPolicy being enabled:
• authentication mode [optional | required]
• allowed-users allowed_users
• all-traps | no-traps | [{success} {failed} {terminated} {max-reached}]

This command appears in show configuration {module-name} {detail} for "policy"

and "netlogin."

The no-traps configuration is retained after save and reboot.

Trap configurations after applying no-traps are appended until no-traps is configured
again (for example: no-traps configuration followed by success, and thenterminated
traps, sends success and terminated traps:
# configure netlogin ports 1 trap no-traps
# show configuration "policy"
**no traps commands appear due to no-traps being configured
# configure netlogin ports 1 trap success
# show configuration "policy"
# Module policy configuration.
# configure netlogin ports 1 trap success
**success traps command appears
# configure netlogin ports 1 trap terminated
# show configuration "policy"
# Module policy configuration.
# configure netlogin ports 1 trap success
# configure netlogin ports 1 trap terminated
**success and terminated traps commands appear

Switch Engine™ Command Reference Guide for version 32.7.1 1031

Example Commands

Example
This example shows how to enable all NetLogin port trap setting:
configure netlogin trap port 1:1 all

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin ports mode

configure netlogin ports [all | port_list] mode [mac-based-vlans | port-
based-vlans]

Description
Configures the network login port’s mode of operation.

Syntax Description
all Specifies all netlogin ports.
port_list Specifies one or more network login ports.
mac-based-vlans Allows more than one untagged VLAN.
port-based-vlans Allows only one untagged VLAN. This is the default
behavior.

Default
The default setting is port-based-vlans.

Usage Guidelines
Use this command to configure network login MAC-based VLANs on a network login
port.

If you modify the mode of operation to mac-based-vlans and later disable all network
login protocols on that port, the mode of operation automatically returns to port-
based-vlans.

When you change the network login port’s mode of operation, the switch deletes all
currently known supplicants from the port and restores all VLANs associated with that
port to their original state. In addition, by selecting mac-based-vlans, you are unable

1032 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Important Rules and Restrictions

to manually add or delete untagged VLANs from this port. Network login now controls
these VLANs.

With network login MAC-based operation, every authenticated client has an additional
FDB flag that indicates a translation MAC address. If the supplicant’s requested VLAN
does not exist on the port, the switch adds the requested VLAN.

Configuration of port-based-vlans is lost if ONEPolicy is enabled.

Important Rules and Restrictions

This section summarizes the rules and restrictions for configuring network login MAC-
based VLANs:
• If you attempt to configure the port’s mode of operation before enabling network
login, the switch displays an error message similar to the following:
ERROR: The following ports do not have NetLogin enabled; 1

To enable network login on the switch, use the following command to enable
network login and to specify an authentication method (for example, 802.1X—
identified as dot1.x in the CLI):

enable netlogin dot1x

To enable network login on the ports, use the following command to enable network
login and to specify an authentication method (for example, 802.1X—identified as
dot1.x in the CLI):

enable netlogin ports 1:1 dot1x

• On ExtremeXOS versions prior to 12.0 on switches other than the ExtremeSwitching
series switches, 10 Gigabit Ethernet ports such as those on the uplink ports on the
switches do not support network login MAC-based VLANs.

If you attempt to configure network login MAC-based VLANs on 10 Gigabit Ethernet

ports, the switch displays an error message similar to the following:
ERROR: The following ports do not support the MAC-Based VLAN mode; 1, 2, 10

• You can have a maximum of 1,024 MAC addresses per ExtremeSwitching switch.

Displaying FDB Information

To view network login-related FDB entries, use the following command:
show fdb netlogin [all | mac-based-vlans]

The following is sample output from the show fdb netlogin mac-based-vlans
command:

Mac Vlan Age Use Flags Port List

------------------------------------------------------------------------
00:04:96:10:51:80 VLONE(0021) 0086 0000 n m v 1:11
00:04:96:10:51:81 VLTWO(0051) 0100 0000 n m v 1:11
00:04:96:10:51:91 VLTWO(0051) 0100 0000 n m v 1:11

Switch Engine™ Command Reference Guide for version 32.7.1 1033

Displaying Port and VLAN Information Commands

Flags : d - Dynamic, s - Static, p - Permanent, n - NetLogin, m - MAC, i - IP,

x - IPX, l - lockdown MAC, M - Mirror, B - Egress Blackhole,
b - Ingress Blackhole, v - NetLogin MAC-Based VLAN.

The flags associated with network login include:

• v—Indicates the FDB entry was added because the port is part of a MAC-based
virtual port/VLAN combination.
• n—Indicates the FDB entry was added by network login.

Displaying Port and VLAN Information

To view information about the VLANs that are temporarily added in MAC-based mode
for network login, use the following command:
show ports port_list information detail

The following is sample output from this command:

Port: 1
Virtual-router: VR-Default
Type: UTP
Random Early drop: Disabled
Admin state: Enabled with auto-speed sensing auto-duplex
Link State: Active, 100Mbps, full-duplex
Link Counter: Up 1 time(s)
VLAN cfg:
Name: Default, Internal Tag = 1(MAC-Based), MAC-limit = No-limit
...<truncated output>
Egress 802.1p Replacement: Disabled
NetLogin: Enabled
NetLogin authentication mode: Mac based
NetLogin port mode: MAC based VLANs
Smart redundancy: Enabled
Software redundant port: Disabled
auto-polarity: Enabled

The added output displays information about the mode of operation for the network
login port.
• VLAN cfg—The term MAC-based appears next to the tag number.
• NetLogin port mode—This output was added to display the port mode of operation.
Mac based appears as the network login port mode of operation.

To view information about the ports that are temporarily added in MAC-based mode for
network login, due to discovered MAC addresses, use the following command:
show vlan detail

The following is sample output from this command:

VLAN Interface with name Default created by user
Tagging: 802.1Q Tag 1
Priority: 802.1P Priority 0
Virtual router: VR-Default
STPD: s0(Disabled,Auto-bind)
Protocol: Match all unfiltered protocols
Loopback: Disable
NetLogin: Disabled
Rate Shape: Disabled

1034 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

QosProfile: None configured

Ports: 26. (Number of active ports=2)
Untag: *1um, *2, 3, 4, 5, 6, 7,
8, 9, 10, 11, 12, 13, 14,
15, 16, 17, 18, 19, 20, 21,
22, 23, 24, 25, 26
Flags: (*) Active, (!) Disabled, (g) Load Sharing port
(b) Port blocked on the vlan, (a) Authenticated NetLogin Port
(u) Unauthenticated NetLogin port, (m) Mac-Based port

The flags associated with network login include:

• a—Indicates an authenticated network login port.
• u—Indicates an unauthenticated network login port.
• m—Indicates that the network login port operates in MAC-based mode.

Example
The following command configures the network login ports mode of operation:
configure netlogin ports 1:1-1:10 mode mac-based-vlans

History
This command was first available in ExtremeXOS 11.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin ports no-restart

configure netlogin ports [all | port_list] no-restart

Description
Disables the network login port restart feature.

Syntax Description
all Specifies all network login ports.
port_list Specifies one or more network login ports.

Default
The default setting is no-restart; the network login port restart feature is disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1035

Usage Guidelines Commands

Usage Guidelines
Use this command to disable the network login port restart feature on a network login
port.

Configure network login port restart on ports with directly attached supplicants. If you
use a hub to connect multiple supplicants, only the last unauthenticated supplicant
causes the port to restart.

Enabling ONEPolicy removes the action of this command. This command is supported
only in non-policy mode

Displaying the Port Restart Configuration

To display the network login settings on the port, including the configuration for port
restart, use the following command:
show netlogin port port_list

Output from this command includes the enable/disable state for network login port
restart.

Example
The following command disables network login port restart on port 1:1:

configure netlogin ports 1:1 no-restart

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin ports restart

configure netlogin ports [all | port_list] restart

Description
Enables the network login port restart feature.

Syntax Description
all Specifies all network login ports.
port_list Specifies one or more network login ports.

1036 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
The default setting is no-restart; the network login port restart feature is disabled.

Usage Guidelines
Use this command to enable the network login port restart feature on a network login
port. This allows network login to restart specific network login-enabled ports when the
last authenticated supplicant releases, regardless of the configured protocols on the
port.

Configure network login port restart on ports with directly attached supplicants. If you
use a hub to connect multiple supplicants, only the last unauthenticated supplicant
causes the port to restart.

Enabling ONEPolicy removes the action of this command. This command is supported
only in non-policy mode

Displaying the Port Restart Configuration

To display the network login settings on the port, including the configuration for port
restart, use the following command:
show netlogin port port_list

Output from this command includes the enable/disable state for network login port
restart.

Example
The following command enables network login port restart on port 1:1:

configure netlogin ports 1:1 restart

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin redirect-page

configure netlogin redirect-page url

Description
Configures the redirect URL for Network Login.

Switch Engine™ Command Reference Guide for version 32.7.1 1037

Syntax Description Commands

Syntax Description
url Specifies the redirect URL for Network Login.

Default
The redirect URL default value is “http://www.extremenetworks.com”; the default port
value is 80.

Usage Guidelines
In ISP mode, you can configure network login to be redirected to a base page after
successful login using this command. If a RADIUS server is used for authentication,
then base page redirection configured on the RADIUS server takes priority over this
configuration.

You must configure a complete URL starting with http:// or https://

You can also configure a specific port location at a specific target URL location. For
example, you can configure a target port 8080 at extremenetworks.com with the
following command:
configure netlogin redirect-page "www.extremenetworks.com:8080"

This command applies only to the web-based authentication mode of Network Login.

Example
The following command configures the redirect URL as http://
www.extremenetworks.com/support:
configure netlogin redirect-page http://www.extremenetworks.com/support

History
This command was first available in ExtremeXOS 11.1.

Support for HTTPS was introduced in ExtremeXOS 11.2.

Target port support was introduced in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin session-refresh

configure netlogin session-refresh {refresh_seconds}

1038 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures network login session refresh.

Syntax Description
refresh_seconds Specifies the session refresh time for network login in
seconds.

Default
Enabled, with a value of 180 seconds for session refresh.

Usage Guidelines
Network login sessions can refresh themselves after a configured timeout. After the
user has been logged in successfully, a logout window opens which can be used to
close the connection by clicking on the Logout link. Any abnormal closing of this
window is detected on the switch and the user is logged out after a time interval as
configured for session refresh. The session refresh is enabled and set to 360 seconds by
default. The value can range from 1 to 3600 seconds. When you configure the network
login session refresh for the logout window, ensure that the FDB aging timer is greater
than the network login session refresh timer.

This command applies only to the web-based authentication mode of network login.

Example
The following command enables network login session refresh and sets the refresh
time to 100 seconds:

configure netlogin session-refresh 100

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin session-timeout

configure netlogin session-timeout {dot1x | mac | web-based |
convergence-endpoint} timeout

Switch Engine™ Command Reference Guide for version 32.7.1 1039

Description Commands

Description
Use this command to set the maximum number of seconds an authenticated session
may last before termination of the session.

Syntax Description
dot1x IEEE 802.1X Port-based network access control.
mac MAC authentication.
web-based Web-based authentication.
convergence-endpoint Convergence-endpoint authentication.
timeout Number of seconds before session timeout (range
0-172800).

Default
0 seconds.

Usage Guidelines
A value of zero may be superseded by a session timeout value provided by the
authenticating server. For example, if a session is authenticated by a RADIUS server,
that server may encode a session-timeout attribute in its authentication response.

The specifications from this command appear in show configuration {module-name}

{detail} for "policy" and "netlogin."

If you want to scale to 65,000 authenticated users, use a session timeout value of at
least 300 minutes.

Example
The following example shows how to set the session-timeout value for an active
session, for mac authentication to 500 seconds:
configure netlogin session-timeout mac 500

History
This command was first available in ExtremeXOS 16.1.

The convergence-endpoint option was added in ExtremeXOS 22.5.

Platform Availability
This command is available on all Universal switches supported in this document.

1040 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure netlogin trap

configure netlogin trap

configure netlogin trap max-users [enable | disable]

Description
Use this command to set the NetLogin system traps.

Syntax Description
enable Enable sending traps when max users reached in system
disable Disable sending traps when max users reached in system

Default
Disabled.

Usage Guidelines
The specifications from this command appear in show configuration {module-name}
{detail} for "policy" and "netlogin."

Example
This example shows how to enable the NetLogin maximum users trap setting:
configure netlogin trap max-users enabled

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure netlogin vlan

configure netlogin vlan vlan_name

Description
Configures the VLAN for Network Login.

Syntax Description
vlan Specifies the VLAN for Network Login.

Switch Engine™ Command Reference Guide for version 32.7.1 1041

Default Commands

Default
N/A.

Usage Guidelines
This command will configure the VLAN used for unauthenticated clients. One VLAN
needs to be configured per VR. To change the VLAN, network login needs to be
disabled. Network login can only be enabled when a VLAN is assigned (and no ports are
configured for it).

By default no VLAN is assigned for network login.

Example
The following command configures the VLAN login as the network login VLAN:

configure netlogin vlan login

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure network-clock gptp bmca

configure network-clock gptp bmca [ on | off ]

Description
This command configures the Best Master Clock Algorithm (BMCA) as part of gPTP.

Syntax Description
network-clock Network Clock
gptp IEEE 802.1AS Generalized Precision Time Protocol
bmca Best Master Clock Algorithm
on Use BMCA to dynamically port roles.
off Disable BMCA and statically set port roles.

Default
On.

1042 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use this command to configure the BMCA as part of gPTP.

Example
The following example displays output from the show command with BMCA.
# show network-clock gptp
gPTP status : Enabled
BMCA : [On | Off]
Static slave port : 5 (used when BMCA Off)
--or--
Static slave port : None (used when BMCA Off)
gPTP enabled ports : *1m *21d *22d *47d
Flags: (*) Active, (!) Administratively disabled,
(d) Disabled gPTP port role, (m) Master gPTP port role,
(p) Passive gPTP port role, (s) Slave gPTP port role

History
This command was first available in ExtremeXOS 15.7.

Platform Availability
This command is supported on ExtremeSwitching 5320, 5420, 5520, and 5720 series
switches.

configure network-clock gptp default-set

configure network-clock gptp default-set [{priority1 priority1_value}
{priority2 priority2_value}]

Description
This command configures the switch's default-set parameters, specifically its
grandmaster clock priority values that are used to elect the grandmaster clock in the
network.

Syntax Description
priority1_value The switch's grandmaster clock priority1 value. This is the
most significant parameter used to select the grandmaster
clock in the network. Lower values indicate higher
priority, and 255 prevents the switch from becoming the
grandmaster clock.
priority2_value The switch’s grandmaster clock priority2 value. This is one
of the least significant parameters used to select the
grandmaster clock in the network. Lower values indicate
higher priority.

Switch Engine™ Command Reference Guide for version 32.7.1 1043

Default Commands

Default
• Priority1_value = 246 (from 802.1AS 8.6.2.1)
• Priority2_value = 248 (from 802.1AS 8.6.2.5)

Usage Guidelines
Use this command to configure the switch's default-set parameters, specifically its
grandmaster clock priority values that are used to elect the grandmaster clock in the
network. The Best Master Clock Algorithm uses six parameters from each time-aware
system in the network to select the grandmaster clock in the network. Priority1 is the
highest precedence value; it allows users to preemptively configure which systems they
prefer to be the grandmaster clock. Priority2 is a lower precedence value; it allows users
to configure tiebreaker priorities.

The default priority1 values defined by IEEE 802.1AS-2011 clause 8.6.2.1 give preference to
network infrastructure systems such as Extreme switches.

Example
configure network-clock gptp default-set priority1 248
configure network-clock gptp default-set priority2 100
configure network-clock gptp default-set priority1 248 priority2 100

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is supported on ExtremeSwitching 5320, 5420, 5520, and 5720 series
switches.

configure network-clock gptp ports announce

configure network-clock gptp ports [port_list {only} | all] announce
[initial-interval log_2_interval | receipt-timeout timeout_count]

Description
Configures gPTP Announce parameters on the specified ports. Announce messages are
used to elect the grandmaster clock and determine the time-synchronous spanning
tree.

1044 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
port_list Specifies one or more of the switch's physical ports.
only Apply change only to specified port, even if port is master
of a load sharing group.
all Specifies all of the switch's physical ports.
log_2_interval The interval between Announce messages used by the
switch on the port when the port is initialized or when
the switch receives a message interval request TLV with
announceInterval value 126. This value is in log 2 seconds.
The valid range of values is -3 (2-3 = 0.125 seconds) to 17 (217
= 131072 seconds).
timeout_count On a gPTP slave port, the number of announce intervals
to wait without receiving an Announce message before
assuming the master is no longer sending Announce
messages.

Default
• log_2_interval = 0 (1 second; 802.1AS-2011 10.6.2.2)
• timeout_count = 3 (802.1AS-2011 10.6.3.2)

Usage Guidelines
Use this command to configure gPTP Announce parameters on the specified ports.
Announce messages are used to elect the grandmaster clock and determine the
time-synchronous spanning tree. Announce selects the grandmaster in the network
and establishes the tree from the grandmaster to all other time-aware systems in the
network.

initial-interval corresponds to 802.1AS parameter initialLogAnnounceInterval.

receipt-timeout corresponds to 802.1AS parameter announceReceiptTimeout.

Example
# configure network-clock gptp ports 1-2 announce initial-interval 127
# configure network-clock gptp ports all announce receipt-timeout 5

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the AVB feature pack license and
have it installed. For complete information about software licensing, including how to
obtain and upgrade your license, and which platforms support the AVB feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 1045

configure network-clock gptp ports peer-delay Commands

configure network-clock gptp ports peer-delay

configure network-clock gptp ports [port_list {only} | all] peer-
delay [{allowed-lost-responses lost_responses_value} {initial-req-
interval log_2_interval} {[asymmetr asymmetry_time [nanoseconds |
microseconds | milliseconds | seconds] | neighbor-thresh [auto |
neighbor_thresh_time [nanoseconds | microseconds | milliseconds |
seconds]]}{correction-field fractional-ns-only on_off}]

Description
Configures gPTP peer delay parameters on the specified ports.

Syntax Description
port_list Specifies one or more of the switch’s physical ports.
only Apply change only to specified port, even if port is master
of a load sharing group.
all Specifies all of the switch’s physical ports.
lost_responses_value The number of consecutive Peer Delay
RequestPdelay_Req messages that the switch must send
on a port without receiving a valid response before it
considers the port not to be exchanging Peer Delay
messages with its neighbor.
log_2_interval The interval between Peer Delay RequestPdelay_Req
messages sent by the switch on the port when the port
is initialized or when the switch receives on the port a
message interval request TLV with linkDelayInterval value
of 126. This value is in log2 seconds. The valid range of
values is -3 (2-3 = 0.125 seconds) to 17 (217 = 131072 seconds).
asymmetry_time The time that the propagation delay from this switch
to the neighbor is less than the estimated one-way
propagation delay between the switch and its neighbor
(which is also the time that the propagation delay
from the neighbor to this switch is greater than the
estimate). This value is negative if the propagation
delay to the neighbor is greater than the estimate.
It can be in nanoseconds, microseconds, milliseconds,
or seconds. The maximum value is 4,294,967,295
nanoseconds (approximately 4.3 seconds). Let tIR be
the propagation delay from this switch (initiator) to the
neighbor (responder), tRI be the propagation delay from
the neighbor to this switch, and meanPathDelay be the
estimated one-way propagation delay. Then:
• meanPathDelay = (tIR + tRI) / 2
• tIR = meanPathDelay – asymmetry_time
• tRI = meanPathDelay + asymmetry_time

1046 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

neighbor_thresh_time The maximum measured mean of the propagation delay

between this switch and the neighbor above which the
switch considers the port unable to run gPTP. This value
can be in nanoseconds, microseconds, milliseconds, or
seconds.
auto Use a media specific default value for the
neighbor_thresh_time:
• Copper: 800 nanoseconds. This category includes short
range copper cables such as SFP+ Direct Attach and
QSRP+ Passive Copper.
• Multi-mode fiber: 11 microseconds. This category
includes the QSFP+ Active Optical cables. 11
microseconds allows 10 microseconds for 100BASE-FX
2 km plus 10% tolerance.)
• Single-mode fiber: 550 microseconds. This allows 500
microseconds for our “LX100” transceiver plus 10%
tolerance.

Note: These values may change. A draft of the 802.1AS

corrigendum (P802.1AS-Cor-1/D1.1) specifies 800 ns for
100BASE-TX and 1000BASE-T.

correction-field Specifies configuring the correction field of peer delay

messages.
fractional-ns-only Specifies considering only the fractional nano-second
portion for peer delay calculations.
on_off Consider only fractional nano-second portion, on or off.
Default is off.

Default
• Lost_responses_value = 3 (802.1AS 11.5.3)
• Log_2_interval = 0 (1 second; not specified in 802.1AS)
• Asymmetry_time = 0 (802.1AS 10.2.4.8)
• Neighbor_thresh_time = Copper media: 800 nanoseconds, fiber media: 4,294,967,295
nanoseconds
• Considering only the fractional nano-second portion of correction field of peer delay
messages if off.

Usage Guidelines
Peer Delay messages determine whether a neighboring system is gPTP capable and
measure the propagation delay on the link between the switch and a neighboring
gPTP capable system.
• allowed-lost-responses corresponds to 802.1AS parameter
allowedLostResponses.
• initial-req-interval corresponds to 802.1AS parameter
initialLogPdelayReqInterval.

Switch Engine™ Command Reference Guide for version 32.7.1 1047

Example Commands

• asymmetry corresponds to 802.1AS parameter delayAsymmetry.

• neighbor-thresh corresponds to 802.1AS parameter neighborPropDelayThresh.

Example
configure network-clock gptp ports 1-3 peer-delay allowed-lost-responses 5
configure network-clock gptp ports 1-2 peer-delay initial-log-interval -3
configure network-clock gptp ports 1-2 peer-delay neighbor-thresh 3 nanoseconds

History
This command was first available in ExtremeXOS 15.3.

Options to control whether or not you consider only the fractional nano-second portion
of correction field of peer delay messages was added in ExtremeXOS 31.1.

Platform Availability
This command is available on platforms that support the AVB feature pack license and
have it installed. For complete information about software licensing, including how to
obtain and upgrade your license, and which platforms support the AVB feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure network-clock gptp ports sync

configure network-clock gptp ports [port_list {only} | all] sync
[initial-interval log_2_interval receipt-timeout timeout_count]

Description
Configures gPTP synchronization parameters on the specified ports.

Syntax Description
port_list Specifies one or more of the switch's physical ports.
only Apply change only to specified port, even if port is master
of a load sharing group.
all Specifies all of the switch's physical ports.
log_2_interval The interval between Sync messages used by the switch
for the port when the port is initialized or when the
switch receives a message interval request TLV with
timeSyncInterval value of 126. This value is in log2 seconds.
The valid range of values is -3 (2-3 = 0.125 seconds) to 17 (217
= 131072 seconds).
timeout_count On a gPTP slave port, the number of sync intervals to wait
without receiving a Sync message before assuming the
adjacent master port is no longer sending Sync messages.

1048 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
• log_2_interval = -3 (0.125 second; 802.1AS 11.5.2.3)
• timeout_count = 3 (802.1AS 10.6.3.1)

Usage Guidelines
Synchronization distributes the time from the grandmaster to all other time-aware
systems in the networks.

initial-interval corresponds to 802.1AS parameter initialLogSyncInterval.

receipt-timeout corresponds to 802.1AS parameter syncReceiptTimeout.

Example
configure network-clock gptp ports 1-2 sync initial-interval -1
configure network-clock gptp ports all sync receipt-timeout 5

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the AVB feature pack license and
have it installed. For complete information about software licensing, including how to
obtain and upgrade your license, and which platforms support the AVB feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure network-clock gptp slave-port

configure network-clock gptp slave-port [ port_no | none ]

Description
This command allows to you configure the port that will be the slave-port when BMCA
is off. All other enabled network gPTP ports will be master ports.

Syntax Description
network-clock Network Clock
gptp Variable description, available options, and notes.
slave-port Configure slave port when Best Master Clock Algorithm is
off.
port_no Port Number of slave port
none This switch is the Grand Master Clock (GMC).

Switch Engine™ Command Reference Guide for version 32.7.1 1049

Default Commands

Default
N/A.

Usage Guidelines
Use this command to you configure the port that will be the slave-port when BMCA is
off. All other enabled network gPTP ports will be master ports.

Example
The following example shows the output of the show network-clock gptp command
with BMCA.

gPTP status : Enabled

BMCA : [On | Off]
Static slave port : 5 (used when BMCA Off)
--or--
Static slave port : None (used when BMCA Off)
gPTP enabled ports : *1m *21d *22d *47d
Flags: (*) Active, (!) Administratively disabled,
(d) Disabled gPTP port role, (m) Master gPTP port role,
(p) Passive gPTP port role, (s) Slave gPTP port role

History
This command was first available in ExtremeXOS 15.7.

Platform Availability
This command is available on platforms that support the AVB feature pack license and
have it installed. For complete information about software licensing, including how to
obtain and upgrade your license, and which platforms support the AVB feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure network-clock ptp end-to-end transparent

configure network-clock ptp end-to-end-transparent [add | delete] ports
port_list {one-step}

Description
Adds or deletes the physical port(s) to or from the end-to-end-transparent clock.

Syntax Description
add Add ports.
delete Delete ports.
ports Physical ports.

1050 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

port_list List of ports to be added or deleted.

one-step One step operation.

Default
N/A.

Usage Guidelines
Use this command to add or delete the physical port(s) to, or from, the end-to-end-
transparent clock. The fiber only 1G ports, 10G ports, and stack ports cannot be added to
the End-to-End transparent clock.

Example
The following example configures end-to-end transparent clock on the front panel
ports:
# configure network-clock ptp end-to-end-transparent add ports 1-4 one-step

The following example deletes the front panel ports from the end-to-end transparent
clock:
# configure network-clock ptp end-to-end-transparent delete ports 2-4

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on the ExtremeSwitching 5520 and 5720 platforms.

Note
PTP commands can be used only with the Network Timing feature pack.

configure nodealias ports

configure nodealias ports [port_list |all] maxentries entries

Description
This command modifies the per-port maximum number of alias entries in the Node
Alias database. Node Alias discovers information about the end systems on a per-port
basis. Information from packets from end systems, such as VLANID, source MAC
address, source IP address, protocol, etc. are captured in a database that can be
queried.

Switch Engine™ Command Reference Guide for version 32.7.1 1051

Syntax Description Commands

Syntax Description
nodealias Node Alias feature that maps source IP address, MAC
address, host name, and protocol on a per port basis.
ports Designates that specified ports should have the specified
maximum number of alias entries applied.
port_list Lists the ports to apply the specified maximum number
of alias entries to. Designated as a port list separated by
comma (,) or dash (-).
all Specifies that all ports have the specified maximum
number of alias entries.
maxentries Designates a maximum number of alias entries per port.
entries The value for the maximum number of aliases entries. The
default is 8,192 divided evenly by the number of ports in
the switch.

Default
If no value is specified for the maximum number of alias entries, the default is 8,192
divided evenly by the number of ports in the switch.

Usage Guidelines
The per-port limit can be set up to 8,192 for all switch ports. For example, if the switch
has 32 ports, you can configure the maximum limit as 32 × 8,192. However, the switch
can only hold a maximum of 8,192 alias entries per slot.

As a result of snooping one frame, the Node Alias feature may create additional entries
to facilitate the searching based on finer details, such as protocol type. For example,
when a BGP frame is received, two entries are created: one entry with protocol type IP,
and another entry with protocol type BGP.

If you change the maximum alias entries to a value that is less than the number entries
in the database, the more recent entries are retained.

Example
The following example specifies a maximum of 100 alias entries on all ports:
configure nodealias ports all maxentries 100

History
This command was first available in ExtremeXOS 22.2.

Platform Availability
This command is available on all Universal switches supported in this document.

1052 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure ntp key trusted/not-trusted

configure ntp key trusted/not-trusted

configure ntp key keyid [trusted | not-trusted]

Description
Specifies whether an NTP key is trusted or not trusted.

Syntax Description
keyid Specifies the key ID as a value from 1 to 65534.
trusted Specifies that the key is in trusted status. To use a specific
key for an NTP session, set the key to trusted status.
not-trusted Specifies that the key is in not trusted status.

Default
An NTP key is not trusted by default.

Usage Guidelines
After an NTP key is created, the generated key is not-trusted by default. To use a specific
key for an NTP session, the key must be trusted. The trusted option changes the key to
trusted status. The not-trusted option changes the key to untrusted status.

Example
The following command changes NTP key 1 to trusted status:

configure ntp key 1 trusted

History
This command was first available in ExtremeXOS 12.7.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ntp local-clock none

configure ntp local-clock none

Description
Removes the internal local clock from the clock source list.

Switch Engine™ Command Reference Guide for version 32.7.1 1053

Syntax Description Commands

Syntax Description
N/A.

Default
N/A.

Usage Guidelines
N/A.

Example
The following command removes the internal local clock from the clock source list:

configure ntp local-clock none

History
This command was first available in ExtremeXOS 12.7.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ntp local-clock stratum

configure ntp local-clock stratum stratum_number

Description
Configures the internal local clock with a stratum number. The stratum number defines
the distance from the reference clock. The lower the number, the closer the switch is to
the reference clock.

Syntax Description
stratum_number Specifies the distance from the reference clock from 2
through 16, with 2 being closest and 16 being the farthest
away.

Default
The local clock is disabled by default.

1054 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
The internal local clock is configured as a clock source with a given stratum number.
Because the local clock is not as reliable as an external clock source with GPS or CDMA,
the stratum number should be higher than the stratum number of the external clock
source to allow the system to acquire the most reliable clock information from the
clock source lists.

Example
The following command configures the local clock with a stratum number of 3:

configure ntp local-clock stratum 3

History
This command was first available in ExtremeXOS 12.7.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ntp restrict-list

configure ntp restrict-list [add | delete] network {mask} [permit |
deny] {{vr} vr_name}

Description
Restricts a host or block of client IP addresses from getting NTP service. When NTP
is enabled over a VLAN, an NTP server is configured, or a broadcast NTP server is in a
VLAN, the VLAN's IP block or NTP server's IP address is automatically added into the
system with a permit action.

Syntax Description
add Restricts a client from getting NTP service.
delete Removes a client from the restrict list.
network Specifies a host or block of IP addresses.
mask Specifies the subnet mask of the network.
permit Specifies that a particular block of client IP addresses is
permitted to get NTP service.
deny Specifies that a particular block of client IP addresses is
denied NTP service.

Switch Engine™ Command Reference Guide for version 32.7.1 1055

Default Commands

vr Specifies VRs for NTP service.

vr_name Specifies the VR name for allowing/denying NTP service. If
no VR name is specified, the current command context is
used.

Default
All addresses are denied by default.

If no VR name is specified, the current command context is used.

Usage Guidelines
N/A.

Example
The following command restricts a block of client IP addresses from getting NTP
service:

configure ntp restrict-list add 132.25.82.3 deny

History
This command was first available in ExtremeXOS 12.7.

The vr keyword was added in ExtremeXOS 22.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ntp server/peer add

configure ntp [server | peer] add [ip_address | ipv6_address |
host_name] {key keyid} {option [burst | initial-burst]} {{vr}
vr_name}

Description
Configures an NTP server or peer.

Syntax Description
ip_address Specifies the IP address of the NTP server or peer.
ipv6_address Specifies the IPv6 address of the NTP server or peer.
host_name Specifies the host name of the NTP server or peer.

1056 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

keyid Specifies the key ID as a value from 1 to 65534.

burst Follows the same burst mechanism when an NTP server is
reachable.
initial-burst Allows the system to send six burst packets when an NTP
server becomes unreachable (discovered but unreachable).
vr Specifies VR.
vr_name Specifies the VR name. If no VR name is specified, the
current command context is used.

Default
If no VR name is specified, the current command context is used.

Usage Guidelines
The initial-burst option is useful when a fast time synchronization is required at the
initial stage.

Example
The following command adds an NTP server named “Missouri” with key 5 and an initial
burst:
configure ntp server add Missouri key 5 initial-burst

Example
The following command adds an NTP server named 1000::1:
configure ntp server add 1000::1 vr VR-Default

History
This command was first available in ExtremeXOS 12.7.

The vr keyword was added in ExtremeXOS 22.2.

The ipv6_address option was added in ExtremeXOS 32.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ntp server/peer delete

configure ntp [server | peer] delete [ip_address | ipv6_address |
host_name]

Switch Engine™ Command Reference Guide for version 32.7.1 1057

Description Commands

Description
Removes an NTP server or peer from external clock source lists.

Syntax Description
ip-address Specifies the IP address of the NTP server or peer.
ipv6_address Specifies the IPv6 address of the NTP server or peer.
host_name Specifies the host name of the NTP server or peer.

Default
N/A.

Usage Guidelines
N/A.

Example
The following command removes an NTP peer Missouri from external clock source lists
configure npt peer delete Missouri

Example
The following command deletes an NTP server named 1000::1:
configure ntp server delete 1000::1 vr VR-Default

History
This command was first available in ExtremeXOS 12.7.

The ipv6_address option was added in ExtremeXOS 32.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ospf bfd

configure ospf vlan vlan-name bfd on | off

Description
Configures BFD for OSPFv2.

1058 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
bfd Bidirectional forwarding detection.
on Turn on BFD for OSPF interface.
off Turn off BFD for OSPF interface.

Default
Off.

Usage Guidelines
Use this command to turn BFD protection on or off on a specific OSPF interface.
The following example configures BFD protection on for VLAN 1:

Example
configure ospf vlan1 bfd on

History
This command was first available in ExtremeXOS 15.3.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ospf add virtual-link

configure ospf add virtual-link router-identifier area-identifier

Description
Adds a virtual link connected to another ABR.

Syntax Description
router-identifier Specifies the router ID of the other end of the link.
area-identifier Specifies an OSPF area.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 1059

Usage Guidelines Commands

Usage Guidelines
A virtual link provides a logical path between the ABR of the disconnected area and
the ABR of the normal area that connects to the backbone. A virtual link must be
established between two ABRs that have a common area, with one ABR connected to
the backbone. Specify the following:
• router-identifier—Far-end router interface number.
• area-identifier—Transit area used for connecting the two end-points. The transit area
cannot have the area identifier 0.0.0.0. and cannot be a stub area or an NSSA.

Example
The following command configures a virtual link between the two interfaces:

configure ospf add virtual-link 10.1.2.1 10.1.0.0

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf add vlan area

configure ospf add vlan [vlan-name | all] area area-identifier {passive}

Description
Enables OSPF on one or all VLANs (router interfaces).

Syntax Description
vlan-name Specifies a VLAN name.
all Specifies all VLANs.
area-identifier Specifies the area to which the VLAN is assigned.
passive Specifies to stop sending and receiving hello packets on
this interface.

Default
Disabled.

1060 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Not applicable.

Example
The following command enables OSPF on a VLAN named accounting:

configure ospf add vlan accounting area 0.0.0.1

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf add vlan area link-type

configure ospf add vlan vlan-name area area-identifier link-type [auto |
broadcast | point-to-point] {passive}

Description
Configures the OSPF link type.

Syntax Description
vlan-name Specifies a VLAN name.
area-identifier Specifies the area to which the VLAN is assigned.
auto Specifies to automatically determine the OSPF link type
based on the interface type.
broadcast Specifies a broadcast link, such as Ethernet. Routers must
elect a DR and a BDR during synchronization.
point-to-point Specifies a point-to-point link type, such as PPP.
passive Specifies to stop sending and receiving packets on this
interface.

Default
Auto.

Switch Engine™ Command Reference Guide for version 32.7.1 1061

Usage Guidelines Commands

Usage Guidelines
The passive parameter indicates that the router only synchronizes and listens, and does
not originate or send any new information on the interface.

Example
The following command configures the OSPF link type as automatic on a VLAN named
accounting:

configure ospf add vlan accounting area 0.0.0.1 link-type auto

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf area add range

configure ospf area area-identifier add range [ip-address ip-mask |
ipNetmask] [advertise | noadvertise] [type-3 | type-7]

Description
Configures a range of IP addresses in an OSPF area to be aggregated.

Syntax Description
area-identifier Specifies an OSPF area.
ip-address Specifies an IP address
ip-mask Specifies a subnet mask.
ipNetmask Specifies IP address / Netmask.
advertise Specifies to advertise the aggregated range of IP
addresses.
noadvertise Specifies not to advertise the aggregated range of IP
addresses.
type-3 Specifies type 3 LSA, summary LSA.
type-7 Specifies type 7 LSA, NSSA external LSA.

Default
N/A.

1062 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
If advertised, the aggregated IP range is exported as a single LSA by the ABR.

Example
The following command is used to summarize a certain range of IP addresses within an
area and export them out as a single address:

configure ospf area 1.2.3.4 add range 10.1.2.0/24 advertise type-3

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf area delete range

configure ospf area area-identifier delete range [ip-address ip-mask |
ipNetmask]

Description
Deletes a range of aggregated IP addresses in an OSPF area.

Syntax Description
area-identifier Specifies an OSPF area.
ip-address Specifies an IP address.
ip-mask Specifies a subnet mask.
ipNetmask Specifies IP address / Netmask.

Default
N/A.

Usage Guidelines
Not applicable.

Switch Engine™ Command Reference Guide for version 32.7.1 1063

Example Commands

Example
The following command deletes an aggregated IP address range:

configure ospf area 1.2.3.4 delete range 10.1.2.0/24

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf area external-filter

configure ospf area area-identifier external-filter [policy-map |none]

Description
Configures an external filter policy.

Syntax Description
area-identifier Specifies the OSPF target area.
policy-map Specifies a policy.
none Specifies not to apply an external filter (removes the
existing policy, if any).

Default
N/A.

Usage Guidelines
For switches configured to support multiple OSPF areas (an ABR function), a policy
can be applied to an OSPF area that filters a set of OSPF external routes from being
advertised into that area.

Using the none mode specifies that no external filter is applied.

Example
The following command configures an external filter policy, nosales:

configure ospf area 1.2.3.4 external-filter nosales

1064 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf area interarea-filter

configure ospf area area-identifier interarea-filter [policy-map | none]

Description
Configures a global inter-area filter policy.

Syntax Description
area-identifier Specifies the OSPF target area.
policy-map Specifies a policy.
none Specifies not to apply an interarea filter.

Default
N/A.

Usage Guidelines
For switches configured to support multiple OSPF areas (an ABR function), a policy
can be applied to an OSPF area that filters a set of OSPF inter-area routes from being
sourced from any other areas.

Example
The following command configures an inter-area filter policy, nosales:

configure ospf area 0.0.0.6 interarea-filter nosales

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 1065

configure ospf area normal Commands

configure ospf area normal

configure ospf area area-identifier normal

Description
Configures an OSFP area as a normal area.

Syntax Description
area-identifier Specifies an OSPF area.

Default
Normal.

Usage Guidelines
A normal area is an area that is not any of the following:
• Stub area.
• NSSA.

Virtual links can be configured through normal areas. External routes can be
distributed into normal areas.

Example
The following command configures an OSPF area as a normal area:

configure ospf area 10.1.0.0 normal

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf area nssa stub-default-cost

configure ospf area area-identifier nssa [summary | nosummary] stub-
default-cost cost {translate}

1066 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures an OSPF area as an NSSA.

Syntax Description
area-identifier Specifies an OSPF area.
summary Specifies that type-3 can be propagated into the area.
nosummary Specifies that type-3 cannot be propagated into the area.
cost Specifies a cost metric.
translate Specifies whether type-7 LSAs are translated into type-5
LSAs.

Default
N/A.

Usage Guidelines
NSSAs are similar to the existing OSPF stub area configuration option, but have the
following two additional capabilities:
• External routes originating from an ASBR connected to the NSSA can be advertised
within the NSSA.
• External routes originating from the NSSA can be propagated to other areas,
including the backbone area, if translated to type 5 LSAs.

When configuring an OSPF area as an NSSA, the translate option should only be used
on NSSA border routers, where translation is to be enforced. If translate is not used on
any NSSA border router in a NSSA, one of the ABRs for that NSSA is elected to perform
translation (as indicated in the NSSA specification). The option should not be used on
NSSA internal routers. Doing so inhibits correct operation of the election algorithm.

Example
The following command configures an OSPF area as an NSSA:

configure ospf area 10.1.1.0 nssa summary stub-default-cost 10 translate

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 1067

configure ospf area stub stub-default-cost Commands

configure ospf area stub stub-default-cost

configure ospf area area-identifier stub [summary | nosummary] stub-
default-cost cost

Description
Configures an OSPF area as a stub area.

Syntax Description
area-identifier Specifies an OSPF area.
summary Specifies that type-3 can be propagated into the area.
nosummary Specifies that type-3 cannot be propagated into the area.
cost Specifies a cost metric.

Default
N/A.

Usage Guidelines
A stub area is connected to only one other area. The area that connects to a stub
area can be the backbone area. External route information is not distributed into stub
areas. Stub areas are used to reduce memory and computation requirements on OSPF
routers.

Example
The following command configures an OSPF area as a stub area:

configure ospf area 0.0.0.6 stub nosummary stub-default-cost 10

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf area timer

configure ospf area area-identifier timer retransmit-interval transit-
delay hello-interval dead-interval {wait-timer-interval}

1068 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures the timers for all interfaces in the same OSPF area.

Syntax Description
area- Specifies an OSPF area.
identifier
retransmit- Specifies the length of time that the router waits before
interval retransmitting an LSA that is not acknowledged. The range is 1–3,600
seconds.
transit- Specifies the length of time it takes to transmit an LSA packet over
delay the interface. The range is 1–3,600 seconds.
hello- Specifies the interval at which routers send hello packets. The range is
interval 1–65,535 seconds.
dead- Specifies the interval after which a neighboring router is declared
interval down due to the fact that hello packets are no longer received from
the neighbor. The range is 1–2,147,483,647 seconds.
wait-timer- Specifies the interval between the interface coming up and the
interval election of the DR and BDR. Usually equal to the dead timer interval.

Default
• retransmit interval—Default: 5
• transit delay—Default: 1
• hello interval—Default: 10
• dead interval—Default: 40
• wait timer interval—Default: dead interval

Usage Guidelines
Configuring OSPF timers on a per-area basis is a shorthand for applying the timers
and authentication to each VLAN in the area at the time of configuration. If you add
more VLANs to the area, you must configure the timers and authentication for the new
VLANs explicitly.

Specify the following:

• retransmit interval—If you set an interval that is too short, unnecessary
retransmissions will result.
• transit delay—The transit delay must be 1 second or greater.
• hello interval—Smaller times allow routers to discover each other more quickly,
but also increase network traffic.
• dead interval—This interval should be a multiple of the hello interval.
• wait timer interval—This interval is required by the OSPF standard to be equal
to the router dead interval. Under some circumstances, setting the wait interval to

Switch Engine™ Command Reference Guide for version 32.7.1 1069

Example Commands

smaller values can help OSPF routers on a broadcast network to synchronize more
quickly at the expense of possibly electing an incorrect DR or BDR. This value should
not be set to less than the hello interval. The default value is equal to the router dead
interval.

Example
The following command sets the timers in area 0.0.0.2:
# configure ospf area 0.0.0.2 timer 10 1 20 200

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf ase-limit

configure ospf ase-limit number {timeout seconds}

Description
Configures the AS-external LSA limit and overflow duration associated with OSPF
database overflow handling.

Syntax Description
number Specifies the number of external routes that can be held in
a link-state database.
seconds Specifies a duration for which the system has to remain in
the overflow state.

Default
The default for timeout is 0, which indicates that once the router goes into overflow
state, it stays there until OSPF is disabled and then re-enabled.

Usage Guidelines
Not applicable.

1070 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command configures the AS-external LSA limit and overflow duration:

configure ospf ase-limit 50000 timeout 1800

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf ase-summary add

configure ospf ase-summary add [ipaddress ip-mask | ipNetmask] cost cost
{tag number}

Description
Aggregates AS-external routes in a specified address range.

Syntax Description
ipaddress Specifies an IP address.
ip-mask Specifies a subnet mask.
ipNetmask Specifies IP address / Netmask.
cost Specifies a metric that will be given to the summarized
route.
tag Specifies an OSPF external route tag.

Default
N/A.

Usage Guidelines
This command is only valid on an ASBR.

Example
The following command summarizes AS-external routes:

configure ospf ase-summary add 175.1.0.0/16 cost 10

Switch Engine™ Command Reference Guide for version 32.7.1 1071

History Commands

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf ase-summary delete

configure ospf ase-summary delete [ip-address ip-mask | ipNetmask]

Description
Deletes an aggregated OSPF external route.

Syntax Description
ip-address Specifies an IP address.
ip-mask Specifies a subnet mask.
ipNetmask Specifies IP address / Netmask.

Default
N/A.

Usage Guidelines
This command is only valid on an ASBR.

Example
The following command deletes the aggregated AS-external route:

configure ospf ase-summary delete 175.1.0.0/16

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

1072 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure ospf authentication

configure ospf authentication

configure ospf [vlan [vlan-name | all ] | area area-identifier |
virtual-link router-identifier area-identifier] authentication [ none
| encrypted simple-password encrypted-simple-password | simple-
password { simple-password} | encrypted md5 md5-key-id encrypted-md5-
key | md5 md5-key-id { md5-key}]

Description
Specifies the authentication password (up to eight characters) or RSA Data Security,
Inc. MD5 Message-Digest Algorithm key for one or all interfaces in a specific area or a
virtual link.

Syntax Description
vlan-name Specifies a VLAN name.
all Specifies all VLANs
router- Specifies the router ID of the remote router.
identifier
area-identifier Specifies an OSPF area.
encrypted Indicates that the password (or key) is already encrypted (do not
use this option).
simple-password Specifies an authentication password (up to 8 ASCII characters).
md5_key_id Specifies a RSA Data Security, Inc. MD5 Message-Digest Algorithm
key, from 0-255.
md5_key Specifies a numeric value from 0-65,536. Can also be
alphanumeric, up to 26 characters.
none Disables authentication.

Default
N/A.

Usage Guidelines
The md5_key is a numeric value with the range 0 to 65,536 or alphanumeric. When
the OSPF area is specified, authentication information is applied to all OSPF interfaces
within the area.

The encrypted option is used by the switch when generating a configuration file and
when parsing a switch-generated configuration file. Do not select the encrypted option
in the CLI.

Switch Engine™ Command Reference Guide for version 32.7.1 1073

Example Commands

Example
The following command configures RSA Data Security, Inc. MD5 Message-Digest
Algorithm authentication on the VLAN subnet_26:

configure ospf vlan subnet_26 authentication md5 32 test

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf cost

configure ospf [area area-identifier | vlan [vlan-name | all]] cost
[automatic | cost]

Description
Configures the cost metric of one or all interface(s) or an area.

Syntax Description
area-identifier Specifies an OSPF area.
vlan-name Specifies a VLAN name.
all Specifies all VLANs.
automatic Determine the advertised cost from the OSPF metric table.
cost Specifies the cost metric.

Default
The default cost is automatic.

Usage Guidelines
The range is 1 through 65535.

Example
The following command configures the cost metric of the VLAN accounting:

configure ospf vlan accounting cost 10

1074 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf delete virtual-link

configure ospf delete virtual-link router-identifier area-identifier

Description
Removes a virtual link.

Syntax Description
router-identifier Specifies the router ID of the other end of the link.
area-identifier Specifies an OSPF area.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes a virtual link:

configure ospf delete virtual-link 10.1.2.1 10.1.0.0

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 1075

configure ospf delete vlan Commands

configure ospf delete vlan

configure ospf delete vlan [vlan-name | all]

Description
Disables OSPF on one or all VLANs (router interfaces).

Syntax Description
vlan-name Specifies a VLAN name.
all Specifies all VLANs.

Default
N/A.

Usage Guidelines
Not applicable.

Example
The following command disables OSPF on VLAN accounting:

configure ospf delete vlan accounting

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf import-policy

configure ospf import-policy [policy-map | none]

Description
Configures the import policy for OSPF.

1076 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
policy-map Specifies the policy.

Default
No policy.

Usage Guidelines
An import policy is used to modify route attributes while adding OSPF routes to the IP
route table. This command provides the flexibility of using import policy to determine
the routes to be added to or removed from the routing table. In order to prevent a
route being added to the routing table, the policy file must contain a matching rule
with action “deny”. If there is no matching rule for a particular route, or the keyword
“deny” is missing in the rule, the default action is “permit”, which means that route will
be installed into the routing table.

Use the none option to remove an import policy.

If a policy rule set the cost to be greater than 65535, OSPF limits the metric of any
matching routes to be 65535.

Example
The following example applies the policy campuseast to OSPF routes:

configure ospf import-policy campuseast

History
This command was first available in ExtremeXOS 10.1.

Beginning in ExtremeXOS 15.7, this command allows Import Policy to be used by

OSPFv2 to install routes selectively into the switch routing table.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf instanceid

configure ospf instanceid instance-identifier

Description
Configures the Instance Identifier for OSPF instances.

Switch Engine™ Command Reference Guide for version 32.7.1 1077

Syntax Description Commands

Syntax Description
instance-identifier Specifies the Instance Identifier. Default is 0. Range is
0-255.

Default
Zero.

Usage Guidelines
RFC 6549 specifies an 8-bit field in the OSPF header by splitting the previous 16-bit
Authentication Type field into Instance ID and AuType. If Instance ID is configured, then
all OSPF packets sent from the VR will have the Instance ID field set in the packet
headers. If Instance IDs in the received packets do not match the configuration of the
VR, then the packets will be discarded.

Example
The following example configures an Instance Identifier of 100:

configure ospf instanceid 100

History
This command was first available in ExtremeXOS 32.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ospf lsa-batch-interval

configure ospf lsa-batch-interval seconds

Description
Configures the OSPF LSA batching interval.

Syntax Description
seconds Specifies a time in seconds.

Default
The default setting is 30 seconds.

1078 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
The range is between 0 (disabled) and 600 seconds, using multiples of 5 seconds.
The LSAs added to the LSDB during the interval are batched together for refresh or
timeout.

Example
The following command configures the OSPF LSA batch interval to a value of 100
seconds:

configure ospf lsa-batch-interval 100

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf metric-table

configure ospf metric-table 10M cost_10m 100M cost_100m 1G cost_1g {2.5G
cost_2_5g} {5G cost_5g} {10G cost_10g} {25Gcost_25g} {40G cost_40g}
{50G cost_50g}{100G cost_100g}

Description
Configures the automatic interface costs for 10 Mbps, 100 Mbps, and 1 Gbps interfaces,
and optionally, the 2.5 Gbps, 5 Gbps, 10 Gbps, 25 Gbps, 40 Gbps, 50 Gbps, and 100 Gbps
interfaces.

Syntax Description
cost Specifies the interface cost for the indicated interfaces.

Default
• 10 Mbps—The default cost is 10.
• 100 Mbps—The default cost is 5.
• 1 Gbps—The default cost is 4.
• 2.5 Gbps—The default cost is 3.
• 5 Gbps—The default cost is 3.
• 10 Gbps—The default cost is 2.
• 25 Gbps—The default cost is 2.

Switch Engine™ Command Reference Guide for version 32.7.1 1079

Usage Guidelines Commands

• 40 Gbps—The default cost is 2.

• 50 Gbps—The default cost is 2.
• 100 Gbps—The default cost is 1.

Usage Guidelines
Not applicable.

Example
The following command configures the automatic interface costs for 10 Mbps, 100
Mbps, and 1 Gbps interfaces:

configure ospf metric-table 10m 20 100m 10 1g 2

History
This command was first available in ExtremeXOS 10.1.

The 40 Gbps parameter was added in ExtremeXOS 12.6.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf priority

configure ospf [area area-identifier | vlan [vlan-name | all]] priority
priority

Description
Configures the priority used in the designated router and backup designated router
election algorithm for one or all OSPF interface(s) or for all the interfaces within the
area.

Syntax Description
area-identifier Specifies an OSPF area.
vlan-name Specifies a VLAN name.
all Specifies all VLANs.
priority Specifies a priority range. The range is 0 through 255.

1080 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
The default setting is 1.

Usage Guidelines
The range is 0 through 255, and the default setting is 1. Setting the value to 0 ensures
that the router is never selected as the designated router or backup designated router.

Example
The following command sets all the interfaces in area 1.2.3.4 to not be selected as the
designated router:

configure ospf area 1.2.3.4 priority 0

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf restart grace-period

configure ospf restart grace-period seconds

Description
Configures the grace period sent out in Grace-LSAs and used by a restarting router.

Syntax Description
seconds Grace period, in seconds. The default value is 120 seconds.
Range is 1 to 1800 seconds.

Default
The default is 120 seconds.

Usage Guidelines
This command configures the grace period sent out to helper neighbor routers and
used by the restarting router. The value of the grace period must be greater that the
dead interval, and less than the LSA refresh time.

Switch Engine™ Command Reference Guide for version 32.7.1 1081

Example Commands

Example
The following command configures a router to send LSAs with a 240 second grace
period during graceful OSPF restarts:

configure ospf restart grace-period 240

History
This command was first available in ExtremeXOS 11.3.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf restart

configure ospf restart [none | planned | unplanned | both]

Description
Configures the router as a graceful OSPF restart router.

Syntax Description
none Do not act as a graceful OSPF restart router.
planned Only act as a graceful OSPF restart router for planned
restarts.
unplanned Only act as a graceful OSPF restart router for unplanned
restarts.
both Act as a graceful OSPF restart router for both planned and
unplanned restarts.

Default
The default is none.

Usage Guidelines
This command configures the router as a graceful OSPF router. When configured for
planned restarts, it will advertise Grace-LSAs before restarting (for example, during an
upgrade of the OSPF module). When configured for unplanned restarts, it will advertise
Grace-LSAs after restarting but before sending any Hellos. When configured for both,
the router will advertise restarting regardless of whether the restart was planned or
unplanned.

1082 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command configures a router to perform graceful OSPF restarts only for
planned restarts:

configure ospf restart planned

History
This command was first available in ExtremeXOS 11.3.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf restart-helper

configure ospf [vlan [all | vlan-name] | area area-identifier |
virtual-link router-identifier area-identifier] restart-helper [none
| planned | unplanned | both]

Description
Configures the router as a graceful OSPF restart helper router.

Syntax Description
all Specifies all VLANs
vlan-name Specifies a VLAN name.
area-identifier Specifies an OSPF area.
router- Specifies the router ID of the remote router of the virtual link.
identifier
none Do not act as a graceful OSPF restart helper router.
planned Only act as a graceful OSPF restart helper router for planned
restarts.
unplanned Only act as a graceful OSPF restart helper router for unplanned
restarts.
both Act as a graceful OSPF restart helper router for both planned and
unplanned restarts.

Default
The router default is none.

Switch Engine™ Command Reference Guide for version 32.7.1 1083

Usage Guidelines Commands

Usage Guidelines
This command configures the router as a graceful OSPF restart helper router for a
single or multiple routers. When the router is acting as a helper, it will continue to
advertise the restarting router as if it was fully adjacent.

One OSPF interface may not help more than one restarting router. An OSPF interface
may not enter helper mode when the router is performing a graceful restart. All the
interfaces to a neighbor router must be configured as graceful restart helpers, or the
router will not support graceful restart for its neighbor.

Example
The following command configures a router to be a graceful OSPF helper router for
planned restarts for all routers in area 10.20.30.40:

configure ospf area 10.20.30.40 restart-helper planned

History
This command was first available in ExtremeXOS 11.3.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf routerid

configure ospf routerid [automatic | router-identifier]

Description
Configures the OSPF router ID. If automatic is specified, the switch uses the highest IP
interface address as the OSPF router ID.

Syntax Description
automatic Specifies to use automatic addressing.
router-identifier Specifies a router address.

Default
Automatic.

1084 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Each switch that is configured to run OSPF must have a unique router ID. It is
recommended that you manually set the router ID of the switches participating in
OSPF, instead of having the switch automatically choose its router ID based on the
highest interface IP address. Not performing this configuration in larger, dynamic
environments could result in an older link-state database remaining in use.

Note
Do not set the router ID to 0.0.0.0.

Example
The following command sets the router ID:

configure ospf routerid 10.1.6.1

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf spf-hold-time

configure ospf spf-hold-time seconds

Description
Configures the minimum number of seconds between Shortest Path First (SPF)
recalculations.

Syntax Description
seconds Specifies a time in seconds. The range is 0 to 300 seconds.

Default
3 seconds.

Usage Guidelines
Not applicable.

Switch Engine™ Command Reference Guide for version 32.7.1 1085

Example Commands

Example
The following command configures the minimum number of seconds between
Shortest Path First (SPF) recalculations:

configure ospf spf-hold-time 6

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf virtual-link timer

configure ospf virtual-link router-identifier area-identifier timer
retransmit-interval transit-delay hello-interval dead-interval

Description
Configures the timers for a virtual link.

Syntax Description
router- Specifies the router ID of the other end of the link.
identifier
area-identifier Specifies an OSPF area.
retransmit- Specifies the length of time that the router waits before
interval retransmitting an LSA that is not acknowledged. The range is 1–
3,600 seconds.
transit-delay Specifies the length of time it takes to transmit an LSA packet
over the interface. The range is 1–3,600 seconds.
hello-interval Specifies the interval at which routers send hello packets. The
range is 1–65,535 seconds.
dead-interval Specifies the interval after which a neighboring router is declared
down due to the fact that hello packets are no longer received
from the neighbor. The range is 1–2,147,483,647 seconds.

Default
• retransmit interval—Default: 5
• transit delay—Default: 1
• hello interval—Default: 10

1086 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

• dead interval—Default: 40
• wait timer interval—Default: dead interval

Usage Guidelines
Configuring OSPF timers on a per-area basis is a shorthand for applying the timers
and authentication to each VLAN in the area at the time of configuration. If you add
more VLANs to the area, you must configure the timers and authentication for the new
VLANs explicitly.

Example
The following command sets the timers on the virtual link in area 0.0.0.2 and remote
router ID 6.6.6.6:

configure ospf virtual-link 6.6.6.6 0.0.0.2 timer 10 1 20 200

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf vlan area

configure ospf vlan vlan-name area area-identifier

Description
Associates a VLAN (router interface) with an OSPF area. By default, all router interfaces
are associated with area 0.0.0.0.

Syntax Description
vlan-name Specifies a VLAN name.
area-identifier Specifies an OSPF area.

Default
Area 0.0.0.0

Switch Engine™ Command Reference Guide for version 32.7.1 1087

Usage Guidelines Commands

Usage Guidelines
Any OSPF network that contains more than one area is required to have an area
configured as area 0, also called the backbone. All areas in an autonomous system
must be connected to the backbone. When designing networks, you should start with
area 0, and then expand into other areas.

The backbone allows summary information to be exchanged between ABRs. Every ABR
hears the area summaries from all other ABRs. The ABR then forms a picture of the
distance to all networks outside of its area by examining the collected advertisements,
and adding in the backbone distance to each advertising router.

When a VLAN is configured to run OSPF, by default you must assign it to an area.

Example
The following command associates the VLAN accounting with an OSPF area:

configure ospf vlan accounting area 0.0.0.6

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf vlan neighbor add

configure ospf vlan vlan-name neighbor add ip-address

Description
Configures the IP address of a point-to-point neighbor.

Syntax Description
vlan-name Specifies a VLAN name.
ip-address Specifies an IP address.

Default
N/A.

1088 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
None.

Example
The following command configures the IP address of a point-to-point neighbor:

configure ospf vlan accounting neighbor add 10.0.0.1

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf vlan neighbor delete

configure ospf vlan vlan-name neighbor delete ip-address

Description
Deletes the IP address of a point-to-point neighbor.

Syntax Description
vlan-name Specifies a VLAN name.
ip-address Specifies an IP address.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes the IP address of a point-to-point neighbor:

configure ospf vlan accounting neighbor delete 10.0.0.1

Switch Engine™ Command Reference Guide for version 32.7.1 1089

History Commands

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospf vlan timer

configure ospf vlan [vlan-name | all] timer retransmit-interval transit-
delay hello-interval dead-interval {wait-timer-interval}

Description
Configures the OSPF wait interval for a VLAN or all VLANs.

Syntax Description
vlan-name Specifies a VLAN name.
all Specifies all VLANs.
retransmit- Specifies the length of time that the router waits before
interval retransmitting an LSA that is not acknowledged. The range is 1–
3,600.
transit-delay Specifies the length of time it takes to transmit an LSA packet
over the interface. The range is 1–3,600 seconds.
hello-interval Specifies the interval at which routers send hello packets. The
range is 1–65,535 seconds.
dead-interval Specifies the interval after which a neighboring router is declared
down due to the fact that hello packets are no longer received
from the neighbor. The range is 1–2,147,483,647.
wait-timer- Specifies the interval between the interface coming up and the
interval election of the DR and BDR. Usually equal to the dead timer
interval.

Default
• retransmit interval—5 seconds.
• transit delay—1 second.
• hello interval—10 seconds.
• dead interval—40 seconds.
• wait timer interval—dead interval.

1090 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Specify the following:
• retransmit interval—If you set an interval that is too short, unnecessary
retransmissions will result.
• transit delay—The transit delay must be greater than 0.
• hello interval—Smaller times allow routers to discover each other more quickly, but
also increase network traffic.
• dead interval—This interval should be a multiple of the hello interval.
• wait timer interval—This interval is required by the OSPF standard to be equal to the
router dead interval. Under some circumstances, setting the wait interval to smaller
values can help OSPF routers on a broadcast network to synchronize more quickly at
the expense of possibly electing an incorrect DR or BDR. This value should not be set
to less than the hello interval. The default value is equal to the router dead interval.

Example
The following command configures the OSPF wait interval on the VLAN accounting:

configure ospf vlan accounting timer 10 15 20 60 60

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 add interface all

configure ospfv3 add [vlan | tunnel] all {instance-id instanceId} area
area_identifier {passive}

Description
Enables OSPFv3 on all VLANs or all tunnels (router interfaces).

Syntax Description
all Specifies all IPv6 configured VLANs or all IPv6 tunnels.
instanceId Specifies the instance ID for these interfaces. Range is 0 to
255.

Switch Engine™ Command Reference Guide for version 32.7.1 1091

Default Commands

area_identifier Specifies the area to which the interfaces are assigned.

passive Specifies to stop sending and receiving hello packets on
this interface.

Default
OSPFv3 is disabled on the interfaces.

The default instance ID is 0.

Usage Guidelines
This command is used to enable the OSPFv3 protocol on all IPv6 configured VLANs
or all IPv6 tunnels. The instance ID is used to control the selection of other routers as
neighbors. The router will become a neighbor only with routers that have the same
instance ID.

To change the instance ID associated with an interface, you must first remove the
interface from the OSPFv3 area and then add it back with a different instance ID.

The passive parameter indicates that the router only synchronizes and listens, and does
not originate or send any new information on the interface.

Example
The following command enables OSPFv3 on all IPv6 tunnels:

configure ospfv3 add tunnel all area 0.0.0.1

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 add interface

configure ospfv3 add [vlan vlan_name | tunnel tunnel_name] {instance-id
instanceId} area area_identifier link-type [auto | broadcast | point-
to-point] {passive}

Syntax Description
Enables OSPFv3 on an interface.

1092 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
tunnel_name Specifies an IPv6 tunnel.
instanceId Specifies the instance ID for this interfaces. Range is 0 to
255.
area_identifier Specifies the area to which the VLAN is assigned.
auto Specifies to automatically determine the OSPFv3 link type
based on the interface type.
broadcast Specifies a broadcast link, such as Ethernet. Routers must
elect a DR and a BDR during synchronization.
point-to-point Specifies a point-to-point link type, such as PPP.
passive Specifies to stop sending and receiving hello packets on
this interface.

Default
The default link-type is Auto.

The default instance ID is 0.

Usage Guidelines
This command is used to enable the OSPFv3 protocol on an IPv6 configured VLAN
or an IPv6 tunnel. The instance ID is used to control the selection of other routers as
neighbors. The router will become a neighbor only with routers that have the same
instance ID.

To change the instance ID associated with an interface, you must first remove the
interface from the OSPFv3 area and then add it back with a different instance ID.

The passive parameter indicates that the router only synchronizes and listens, and does
not originate or send any new information on the interface.

Enable IPv6 forwarding before enabling OSPFv3; otherwise, you will receive a warning
message.

You cannot change the link-type value while OSPFv3 is enabled on the interface.

Example
The following example adds the VLAN accounting (enabling OSPFv3 on the interface),
to the area 0.0.0.1 with an instance ID of 2:
configure ospfv3 add vlan accounting instance-id 2 area 0.0.0.1 link-type auto

History
This command was first available in ExtremeXOS 11.2.

Switch Engine™ Command Reference Guide for version 32.7.1 1093

Platform Availability Commands

The broadcast and point-to-point link-type keywords were supported in

ExtremeXOS 15.7.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 add virtual-link

configure ospfv3 add virtual-link {routerid} router_identifier {area}
area_identifier

Description
Adds a virtual link connected to another ABR.

Syntax Description
router_identifier Specifies the router ID of the other end of the link.
area_identifier Specifies the transit area identifier, a four-byte, dotted
decimal number.

Default
N/A.

Usage Guidelines
A virtual link provides a logical path between the ABR of the disconnected area and
the ABR of the normal area that connects to the backbone. A virtual link must be
established between two ABRs that have a common area, with one ABR connected to
the backbone. Specify the following:
• router_identifier—Far-end router identifier, a four-byte, dotted decimal number.
• area_identifier—Transit area used for connecting the two end-points. The transit
area cannot have the area identifier 0.0.0.0. and cannot be a stub area or an NSSA.

Example
The following command configures a virtual link with router ID 10.1.2.1 through the
transit area 10.1.0.0:

configure ospfv3 add virtual-link 10.1.2.1 10.1.0.0

1094 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 area add range

configure ospfv3 area area_identifier add range ipv6netmask [advertise |
noadvertise] [inter-prefix | nssa]

Description
Configures a range of IPv6 addresses in an OSPFv3 area to be aggregated.

Syntax Description
area_identifier Specifies an OSPFv3 area, a four-byte, dotted decimal
number.
ipv6netmask Specifies an IPv6 address / prefix length.
advertise Specifies to advertise the aggregated range of IPv6
addresses.
noadvert Specifies not to advertise the aggregated range of IPv6
addresses.
inter-prefix Specifies aggregate, inter-area-prefix LSAs.
nssa NSSA LSAs.

Default
No OSPFv3 inter-area-prefix LSAs are configured.

Usage Guidelines
If advertised, the aggregated IPv6 range is exported as a single LSA by the ABR.

Example
The following command is used to summarize a certain range of IPv6 addresses within
an area and export them out as a single address to area 0.0.0.1:

configure ospfv3 area 0.0.0.1 add range 2aaa:456:3ffe::/64 advertise inter-prefix

Switch Engine™ Command Reference Guide for version 32.7.1 1095

History Commands

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 area cost

configure ospfv3 area area_identifier cost [automatic | cost]

Description
Configures the cost of sending a packet to all interfaces belonging to an area.

Syntax Description
area_identifier Specifies an OSPFv3 area, a four-byte, dotted decimal
number.
automatic Determine the advertised cost from the OSPFv3 metric
table.
cost Specifies the cost metric. Range is 1 to 65535.

Default
The default cost is automatic.

Usage Guidelines
Use this command to set the cost of the links belonging to area manually, if the default
cost needs to be overwritten. The interface cost is advertised as the link cost in router-
LSA.

Example
The following command configures the cost of area 0.0.0.1 to 10. All the links of this area
will inherit the area's cost value of 10.

configure ospfv3 area 0.0.0.1 cost 10

History
This command was first available in ExtremeXOS 11.2.

1096 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 area delete range

configure ospfv3 area area_identifier delete range ipv6netmask [inter-
prefix | nssa]

Description
Removes a range of IPv6 addresses in an OSPFv3 area to be aggregated.

Syntax Description
area_identifier Specifies an OSPFv3 area, a four-byte, dotted decimal
number.
ipv6netmask Specifies an IPv6 address / prefix length.
inter-prefix Inter-Area-Prefix LSAs.
nssa NSSA LSAs.

Default
No OSPFv3 inter-area-prefix LSAs are configured.

Usage Guidelines
If you attempt to delete a range that was not configured, you receive an error message.

Example
The following command is used to delete a summary network from area 0.0.0.1:

configure ospfv3 area 0.0.0.1 delete range 2aaa:456:3ffe::/64

History
This command was first available in ExtremeXOS 11.2.

The inter-prefix and nssa keywords were added in ExtremeXOS 21.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 1097

configure ospfv3 area external-filter Commands

configure ospfv3 area external-filter

configure ospfv3 area area_identifier external-filter [policy_map |none]

Description
Configures an external filter policy.

Syntax Description
area_identifier Specifies the OSPFv3 target area.
policy_map Specifies a policy.
none Specifies not to apply an external filter (removes the existing
policy, if any).

Default
N/A.

Usage Guidelines
For switches configured to support multiple OSPFv3 areas (an ABR function), a policy
can be applied to an OSPFv3 area that filters a set of OSPFv3 external routes from being
advertised into that area, in other words, filtering some of the inbound AS-external-
LSAs.

OPSFv3 routers that do not have enough memory to hold the entire AS-external-LSAa
should configure an external area filter to drop part of the external-LSAs. Configuring
this policy will enable routers with limited resources to be put into an OSPFv3 network.

Using the none mode specifies that no external filter is applied.

Policy files for this command will only recognize the following policy attributes:
• Match attributes:
◦ nlri IPv6-address/mask-len
• Action (set) attributes
◦ permit
◦ deny

Any other policy attribute will not be recognized and will be ignored.

The following is an example of an external filter policy file:

entry one {
if match any{
nlri 2001:db8:3e5c::/48;
nlri 2001:db8:2146:2341::/64;
} then {
deny;

1098 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

}
}

Example
The following command configures an external filter policy, nosales for area 1.2.3.4:

configure ospfv3 area 1.2.3.4 external-filter nosales

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 area interarea-filter

configure ospfv3 area area_identifier interarea-filter [policy_map |
none]

Description
Configures an inter-area filter policy.

Syntax Description
area_identifier Specifies the OSPFv3 target area.
policy_map Specifies a policy.
none Specifies not to apply an inter-area filter (removes the
existing policy, if any).

Default
N/A.

Usage Guidelines
ExtremeXOS OSPFv3 can apply an inter-area policy to filter some inter-area-prefix-LSAs
and inter-area-router-LSAs from other areas. This can reduce the size of link state
database of routers belonging to the area.

Using the none mode specifies that no external filter is applied.

Switch Engine™ Command Reference Guide for version 32.7.1 1099

Example Commands

Policy files for this command will only recognize the following policy attributes:
• Match attributes:
◦ nlri IPv6-address/mask-len
• Action (set) attributes:
◦ permit
◦ deny

Any other policy attribute will not be recognized and will be ignored.

The following is an example of an inter-area filter policy file:

entry one {
if match any{
nlri 2001:db8:3e5c::/48;
nlri 2001:db8:2146:2341::/64;
} then {
deny;
}
}
entry two {
if match any{
nlri 2001:db8:444::/48;
nlri 2001:db8:541f:65bd::/64;
} then {
permit;
}
}

Example
The following command configures an inter-area filter policy, nosales for area 1.2.3.4:

configure ospfv3 area 1.2.3.4 interarea-filter nosales

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 area normal

configure ospfv3 area area_identifier normal

Description
Configures an OSPFv3 area as a normal area.

1100 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
area_identifier Specifies an OSPFv3 area, a four-byte, dotted decimal
number.

Default
Normal.

Usage Guidelines
A normal area is an area that is not any of the following:
• Stub area
• NSSA

Virtual links can be configured through normal areas. External routes can be
distributed into normal areas.

Example
The following command configures an OSPFv3 area as a normal area:

configure ospfv3 area 10.1.0.0 normal

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 area nssa

configure ospfv3 area area-identifier nssa [nosummary | summary] stub-
default-cost cost {translate}

Description
NSSAs are similar to the OSPFv3 stub area configuration option, but have the following
two additional capabilities:
• External routes originating from an ASBR connected to the NSSA can be advertised
within the NSSA.
• External routes originating within the NSSA can be propagated to other areas if
translated to AS-external LSAs. When configuring an OSPFv3 area as an NSSA, the
translate option should only be used on NSSA border routers, where translation is to

Switch Engine™ Command Reference Guide for version 32.7.1 1101

Syntax Description Commands

be enforced. If translate is not used on any NSSA border router, one of the ABRs for
that NSSA is elected to perform translation.

Syntax Description
area-identifier Area identifier.
nosummary Inter-Area-Prefix LSAs prohibited.
summary Inter-Area-Prefix LSAs allowed.
cost Route metric.
translate Always translate NSSA LSAs to AS-external LSAs.

Default
None.

Usage Guidelines
This command must specify the cost of the default route advertised into the NSSA.

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ospfv3 area priority

configure ospfv3 area area_identifier priority priority

Description
Configures the priority used in the designated router and backup designated router
election algorithm for all the interfaces within the area.

Syntax Description
area_identifier Specifies an OSPFv3 area, a four-byte, dotted decimal
number.
priority Specifies a priority range. The range is 0 through 255.

Default
The default setting is 1.

1102 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
When two routers are attached to a network, both attempt to become the designated
router. The one with the higher priority takes precedence. If there is a tie, the router
with the higher router ID takes precedence. Setting the value to 0 ensures that the
router is never selected as the designated router or backup designated router.

Example
The following command sets all the interfaces in area 1.2.3.4 to not be selected as the
designated router:
# configure ospfv3 area 1.2.3.4 priority 0

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

On switches with a Core or Premier license, the non-zero interface priority takes effect;
on switches with and Advanced Edge or Base license, the default interface priority is 0.

configure ospfv3 area stub

configure ospfv3 area area_identifier stub [summary | nosummary] stub-
default-cost cost

Description
Configures an OSPFv3 area as a stub area.

Syntax Description
area_identifier Specifies an OSPFv3 area, a four-byte, dotted decimal
number.
summary Specifies that inter-area LSAs can be propagated into the
area.
nosummary Specifies that inter-area LSAs cannot be propagated into
the area.
cost Specifies a cost metric.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 1103

Usage Guidelines Commands

Usage Guidelines
A stub area is connected to only one other area. The area that connects to a stub area
can be the backbone area. External route information is not distributed into stub areas.
Stub areas are used to reduce memory consumption requirements on OSPFv3 routers.

Example
The following command configures an OSPFv3 area as a stub area:

configure ospfv3 area 0.0.0.6 stub nosummary stub-default-cost 10

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 area timer

configure ospfv3 area area_identifier timer {retransmit-interval}
retransmit_interval {transit-delay} transit_delay {hello-interval}
hello_interval {dead-interval} dead_interval

Description
Configures the timers for all interfaces in the same OSPFv3 area.

Syntax Description
area_identifier Specifies an OSPFv3 area, a four-byte, dotted decimal
number.
retransmit_interval Specifies the length of time that the router waits before
retransmitting an LSA that is not acknowledged. The range
is 1 to 1,800 seconds.
transit_delay Specifies the length of time it takes to transmit an LSA
packet over the interface. The range is 1 to 1,800 seconds.
hello_interval Specifies the interval at which routers send hello packets.
The range is 1 to 65,535 seconds.
dead_interval Specifies the interval after which a neighboring router is
declared down due to the fact that hello packets are no
longer received from the neighbor. The range is 1 to 65,535
seconds.

1104 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
• Retransmit interval—Default: 5 seconds
• Transit delay—Default: 1 second
• Hello interval—Default: 10 seconds
• Dead interval—Default: 40 seconds

Usage Guidelines
Configuring OSPFv3 timers on a per-area basis is a shorthand for applying the timers to
each VLAN and tunnel in the area at the time of configuration. If you add more VLANs
or tunnels to the area, you must configure the timers for them explicitly.

Specify the following:

• Retransmit interval—If you set an interval that is too short, unnecessary
retransmissions will result.
• Transit delay—The transit delay must be greater than 0.
• Hello interval—Smaller times allow routers to discover each other more quickly, but
also increase network traffic.
• Dead interval—This interval should be a multiple of the hello interval.

The value of the dead interval and the hello interval must be same for all OSPFv3
routers connected to a common link. The value of the dead interval and the hello
interval are advertised by OSPFv3 in Hello packets. The shorter the hello interval, the
earlier topological changes will be detected, but more routing traffic will ensue.

The retransmit interval must be greater than the expected round trip delay between
any two routers on the attached network. The setting of this parameter must be
conservative, or needless retransmission will result.

Note
The wait interval for the interface is not separately configurable. It is always
equal to the dead interval.

Example
The following command sets the timers in area 0.0.0.2:

configure ospfv3 area 0.0.0.2 timer 10 1 20 200

History
This command was first available in ExtremeXOS 11.2.

Switch Engine™ Command Reference Guide for version 32.7.1 1105

Platform Availability Commands

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 authentication (Authentication Trailer)

configure ospfv3 [{vlan} vlan-name | {tunnel} tunnel-name]
authentication [keychain keychain-name | none]

Description
Configures Authentication Trailer with a manual key to provide authentication on
OSPFv3 interfaces.

Syntax Description
ospfv3 Specifies OSPFv3 interface.
vlan Specifies OSPFv3 VLAN.
vlan-name Specifies an IPv6 configured VLAN.
tunnel Specifies Layer 3 tunnel.
tunnel-name Specifies Layer 3 tunnel name.
authentication Specifies interface authentication.
keychain Specifies the set of authentication keys.
keychain-name Specifies the keychain name.
none Specifies no authentication (default).

Default
If not specified, no authentication is applied.

Usage Guidelines
Users can only add keychains that are already present in the system. To add a keychain,
run the command create keychain keychain_name .

Example
The following example for VLAN "vlan1" applies authentication type Authentication
Trailer:
# configure ospfv3 vlan1 authentication keychain ospfv3-keys1

History
This command was first available in ExtremeXOS 31.3.

1106 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 authentication (IPsec)

configure ospfv3 [{vlan} vlan-name | {tunnel} tunnel-name]
authentication [none |ipsec spi spi esp-auth-algorithm algorithm key
[key-string | encrypted encrypted-key-string]

Description
Configures Internet Protocol Security (IPsec) with a manual key to provide
authentication on OSPFv3 interfaces.

Syntax Description
ospfv3 Specifies OSPFv3 interface.
vlan Specifies OSPFv3 VLAN.
vlan-name Specifies an IPv6 configured VLAN.
tunnel Specifies Layer 3 tunnel.
tunnel-name Specifies an Layer 3 tunnel name.
authentication Specifies interface authentication.
none Specifies no authentication (default).
ipsec spi Specifies the authentication type is IPsec Encapsulating
Security Payload (ESP) with manual key.
spi Specifies Security Parameter Index value. Range is
256-4294967295.
esp-auth-algorithm Specifies the ESP Authentication algorithm.
algorithm Specifies the authentication algorithm.
Supported authentication algorithms are hmac-sha-1 and
hmac-sha-256.
key Specifies the authentication key.
key-string Specifies the key string in clear text.
Both the ASCII string and hexadecimal string are
supported, and hexadecimal string must begin with “0x”.
encrypted Specifies that the key string is in encrypted format.
encrypted-key-string Specifies the encrypted key string.
The encrypted key string must be enclosed in double
quotes.

Default
If not specified, no authentication is applied.

Switch Engine™ Command Reference Guide for version 32.7.1 1107

Usage Guidelines Commands

Usage Guidelines
When configuring IPsec with manual key on an OSPFv3 VLAN, the exact same IPsec
parameters (SPI, algorithm and key-string) must be specified on all routers connected
to that VLAN.

To configure OSPFv3 virtual link authentication, run the command ospfv3 virtual-
link {routerid} router-identifier {area} area-identifier authentication
[none | ipsec spi spi esp-auth-algorithm algorithm key [key-string |
encrypted encrypted-key-string].

Example
The following example for VLAN "v1" applies authentication type IPsec with SPI "551"
and algorithm "hmac-sha-256" with key "mykey":
# configure ospfv3 vlan v1 authentication ipsec spi 551 esp-auth-algorithm hmac-sha-256
key mykey

History
This command was first available in ExtremeXOS 31.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 bfd

configure ospfv3 vlan vlan-name bfd on | off

Description
Configures BFD for OSPFv3.

Syntax Description
bfd Bidirectional forwarding detection
on Turn on BFD for OSPFv3 interface.
off Turn off BFD for OSPFv3 interface.

Default
Off.

1108 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use this command to turn on or off BFD protection on a specific OSPFv3 interface.
The following example configures BFD protection on for VLAN 1:

Example
# configure ospfv3 vlan1 bfd on

History
This command was first available in ExtremeXOS 15.3.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ospfv3 delete interface

configure ospfv3 delete [vlan vlan_name | tunnel tunnel_name | [vlan |
tunnel] all]

Description
Disables OSPFv3 on one or all VLANs or tunnels (router interfaces).

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
tunnel_name Specifies an IPv6 tunnel.
all Specifies all VLANs, or tunnels.

Default
N/A.

Usage Guidelines
None.

Example
The following command disables OSPFv3 on VLAN accounting:

configure ospfv3 delete vlan accounting

Switch Engine™ Command Reference Guide for version 32.7.1 1109

History Commands

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 delete virtual-link

configure ospfv3 delete virtual-link {routerid} router_identifier {area}
area_identifier

Description
Deletes a virtual link connected to another ABR.

Syntax Description
router_identifier Specifies the router ID of the other end of the link.
area_identifier Specifies the transit area identifier, a four-byte, dotted
decimal number.

Default
N/A.

Usage Guidelines
A virtual link provides a logical path between the ABR of the disconnected area and
the ABR of the normal area that connects to the backbone. A virtual link must be
established between two ABRs that have a common area, with one ABR connected to
the backbone. Specify the following:
• Router-identifier—Far-end router identifier, a four-byte, dotted decimal number.
• Area-identifier—Transit area used for connecting the two end-points. The transit area
cannot have the area identifier 0.0.0.0. and cannot be a stub area or an NSSA.

Example
The following command deletes a virtual link with router ID 10.1.2.1 through the transit
area 10.1.0.0:

configure ospfv3 delete virtual-link 10.1.2.1 10.1.0.0

1110 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 import-policy

configure ospfv3 import-policy [policy_map | none]

Description
Configures the import policy for OSPFv3.

Syntax Description
policy_map Specifies the policy.

Default
No policy.

Usage Guidelines
An import policy is used to modify route attributes while adding OSPFv3 routes to
the IPv6 route table. This command provides the flexibility of using import policy to
determine the routes to be added to or removed from the routing table. In order
to prevent a route being added to the routing table, the policy file must contain a
matching rule with action “deny”. If there is no matching rule for a particular route, or
the keyword “deny” is missing in the rule, the default action is “permit”, which means
that route will be installed into the routing table.

Use the none option to remove the policy association.

Policy files for this command will recognize only the following policy attributes:
• Match attributes:
◦ nlri IPv6-address/mask-len
◦ route-origin [ospf | ospf-extern1 | ospf-extern2 | ospf-inter | ospf-intra]
• Action (set) attributes
◦ cost cost
◦ tag number
◦ deny

Any other policy attribute will not be recognized and will be ignored.

Switch Engine™ Command Reference Guide for version 32.7.1 1111

Example Commands

Example
The following example applies the policy campuseast to OSPFv3 routes:

configure ospfv3 import-policy campuseast

History
This command was first available in ExtremeXOS 11.2.

Beginning in ExtremeXOS 15.7, this command allows Import Policy to be used by

OSPFv3 to install routes selectively into the switch routing table.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 interface area

configure ospfv3 [vlan vlan_name | tunnel tunnel_name] area
area_identifier

Description
Moves an interface from one OSPFv3 area to another.

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
tunnel_name Specifies an IPv6 tunnel.
area_identifier Specifies an OSPFv3 area, a four-byte, dotted decimal
number.

Default
N/A.

Usage Guidelines
Use this command to move an already configured interface from one area to another.
The instance ID associated with the interface will be unchanged.

1112 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command moves the VLAN accounting to the OSPFv3 area 0.0.0.6:

configure ospfv3 vlan accounting area 0.0.0.6

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 interface cost

configure ospfv3 [vlan vlan_name | tunnel tunnel_name | [vlan | tunnel]
all]] cost [automatic | cost]

Description
Configures the cost of one or all interface(s).

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
tunnel_name Specifies an IPv6 tunnel.
all Specifies all IPv6 configured VLANs or all IPv6 tunnels.
automatic Determine the advertised cost from the OSPFv3 metric
table.
cost Specifies the cost metric. Range is 1 to 65535.

Default
The default cost is automatic.

Usage Guidelines
Use this command to set the cost of an interface (a VLAN or tunnel) manually, if the
default cost needs to be overwritten. The interface cost is advertised as the link cost in
router-LSA.

Switch Engine™ Command Reference Guide for version 32.7.1 1113

Example Commands

Example
The following command configures the cost metric of the VLAN accounting:

configure ospfv3 vlan accounting cost 10

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 interface priority

configure ospfv3 [vlan vlan_name | tunnel tunnel_name | [vlan | tunnel]
all] priority priority

Description
Configures the priority used in the designated router and backup designated router
election algorithm for one or all OSPFv3 interface(s).

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
tunnel_name Specifies an IPv6 tunnel.
all Specifies all IPv6 configured VLANs or all IPv6 tunnels.
priority Specifies a priority range. The range is 0 through 255.

Default
The default setting is 1.

Usage Guidelines
When two routers are attached to a network, both attempt to become the designated
router. The one with the higher priority takes precedence. If there is a tie, the router
with the higher router ID takes precedence. Setting the value to 0 ensures that the
router is never selected as the designated router or backup designated router.

1114 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command sets the priority of the interface VLAN corporate to 10:
# configure ospfv3 vlan corporate priority 10

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

On switches with a Core or Premier license, the non-zero interface priority takes effect;
on switches with an Advanced Edge or Base license, the default interface priority is 0.

configure ospfv3 interface timer

configure ospfv3 [vlan vlan_name | tunnel tunnel_name | [vlan
| tunnel] all] timer {retransmit-interval} retransmit_interval
{transit-delay} transit_delay {hello-interval} hello_interval {dead-
interval} dead_interval

Description
Configures the timers for all interfaces in the same OSPFv3 area.

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
tunnel_name Specifies an IPv6 tunnel.
all Specifies all IPv6 configured VLANs or all IPv6 tunnels.
retransmit_interval Specifies the length of time that the router waits before
retransmitting an LSA that is not acknowledged. The range
is 1 to 3600 seconds.
transit_delay Specifies the length of time it takes to transmit an LSA
packet over the interface. The range is 1 to 3600 seconds.
hello_interval Specifies the interval at which routers send hello packets.
The range is 1 to 65535 seconds.
dead_interval Specifies the interval after which a neighboring router is
declared down due to the fact that hello packets are no
longer received from the neighbor. The range is 1 to 65535
seconds.

Switch Engine™ Command Reference Guide for version 32.7.1 1115

Default Commands

Default
• Retransmit interval—Default: 5 seconds.
• Transit delay—Default: 1 second.
• Hello interval—Default: 10 seconds.
• Dead interval—Default: 40 seconds.

Usage Guidelines
Use this command to configure the OSPFv3 timers on a per-interface basis.

Specify the following:

• retransmit interval—If you set an interval that is too short, unnecessary
retransmissions will result.
• transit delay—The transit delay must be greater than 0.
• hello interval—Smaller times allow routers to discover each other more quickly, but
also increase network traffic.
• dead interval—This interval should be a multiple of the hello interval.

The value of the dead interval and the hello interval must be same for all OSPFv3
routers connected to a common link. The value of the dead interval and the hello
interval are advertised by OSPFv3 in Hello packets. The shorter the hello interval, the
earlier topological changes will be detected, but more routing traffic will ensue.

The retransmit interval must be greater than the expected round trip delay between
any two routers on the attached network. The setting of this parameter must be
conservative, or needless retransmission will result.

Note
The wait interval for the interface is not separately configurable. It is always
equal to the dead interval.

Example
The following command sets the timers for the VLAN corporate:

configure ospfv3 vlan corporate timer retransmit-interval 10 transit-delay 2 hello-

interval 20 dead-interval 80

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

1116 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure ospfv3 lsa-batch-interval

configure ospfv3 lsa-batch-interval

configure ospfv3 lsa-batch-interval seconds

Description
This command configures the LSA batch interval. LSAs added during this interval are
batched together for update.

Syntax Description
seconds Interval in seconds. Range is 0 to 600. (Default 0, not
batched).

Default
0.

Usage Guidelines
The range is 0 to 600 seconds.

Example
The following example shows the output of the show ospfv3 command including the
LSA batch interval output:
# show ospfv3
OSPFv3 : Disabled RouterId : 0.0.0.0
RouterId Selection : Automatic ASBR : No
ABR : No ExtLSAs : 0
ExtLSAChecksum : 0x0 OriginateNewLSAs : 0
ReceivedNewLSAs : 0 SpfHoldTime : 3s
Num of Areas : 1 LSA Batch Interval : 0s
10M Cost : 100 100M Cost : 50
1000M Cost (1G) : 40 2500M Cost (2.5G) : 40
5000M Cost (5G) : 40 10000M Cost (10G) : 20
25000M Cost (25G) : 20 40000M Cost (40G) : 20
50000M Cost (50G) : 20 100000M Cost (100G) : 10
Graceful Restart : None Grace Period : 120s
Import Policy File : none
SNMP Traps : Disabled
Redistribute:
Protocol Status Cost Type Tag Policy
direct Disabled 20 2 --- none
e-bgp Disabled 20 2 --- none
i-bgp Disabled 20 2 --- none
ripng Disabled 20 2 --- none
static Disabled 20 2 --- none
isis-level-1 Disabled 20 2 --- none
isis-level-2 Disabled 20 2 --- none
isis-level-1-external Disabled 20 2 --- none
isis-level-2-external Disabled 20 2 --- none
host-mobility Disabled 20 2 --- none

Switch Engine™ Command Reference Guide for version 32.7.1 1117

History Commands

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ospfv3 metric-table

configure ospfv3 metric-table [{10M cost_10m} {100M cost_100m } {1G
cost_1g}{2.5G cost_2_5g} {5G cost_5g} {10G cost_10g} {25G cost_25g}
{40G cost_40g} {50G cost_50g} {100G cost_100g} ]

Description
Configures the optional interface costs for 10 Mbps, 100 Mbps, 1 Gbps. 2.5 Gbps, 5 Gbps,
10 Gbps, 25 Gbps 40 Gbps, 50 Gbps, and 100 Gbps interfaces.

Syntax Description
cost_x Specifies the interface cost for the indicated interfaces.
Range is 1 to 65535.

Default
• 10 Mbps—The default cost is 100.
• 100 Mbps—The default cost is 50.
• 1 Gbps—The default cost is 40.
• 2.5 Gbps—The default cost is 40.
• 5 Gbps—The default cost is 40.
• 10 Gbps—The default cost is 20.
• 25 Gbps—The default cost is 20.
• 40 Gbps—The default cost is 20.
• 50 Gbps—The default cost is 20.
• 100 Gbps—The default cost is 10.

Usage Guidelines
The value of the costs cannot be greater for higher speed interfaces. In other words, the
following condition must be true:

cost_10m >= cost_100m >= cost_1g >= cost_2.5g >= cost_5g cost_10g >= cost_25g >=
cost_40g >= cost_50g >= cost_100g

1118 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command configures the automatic interface costs for 10 Mbps, 100
Mbps, 1 Gbps, 2.5 Gbps, 5 Gbps, 10 Gbps, 25 Gbps, 40 Gbps, 50 Gbps, and 100 Gbps
interfaces:

configure ospfv3 metric-table 10M 110 100M 70 1G 50 2.5G 45 5G 40 10G 35 25G 30 40G 25
50G 20 100G 15

The following example displays the output of the show ospfv3 command:
# show ospfv3
OSPFv3 : Disabled RouterId : 0.0.0.0
RouterId Selection : Automatic ASBR : No
ABR : No ExtLSAs : 0
ExtLSAChecksum : 0x0 OriginateNewLSAs : 0
ReceivedNewLSAs : 0 SpfHoldTime : 3s
Num of Areas : 1 LSA Batch Interval : 0s
10M Cost : 110 100M Cost : 70
1000M Cost (1G) : 50 2500M Cost (2.5G) : 45
5000M Cost (5G) : 40 10000M Cost (10G) : 35
25000M Cost (25G) : 30 40000M Cost (40G) : 25
50000M Cost (50G) : 20 100000M Cost (100G) : 15
Graceful Restart : None Grace Period : 120s
Import Policy File : none
SNMP Traps : Disabled
Redistribute:
Protocol Status Cost Type Tag Policy
direct Disabled 20 2 --- none
e-bgp Disabled 20 2 --- none
i-bgp Disabled 20 2 --- none
ripng Disabled 20 2 --- none
static Disabled 20 2 --- none
isis-level-1 Disabled 20 2 --- none
isis-level-2 Disabled 20 2 --- none
isis-level-1-external Disabled 20 2 --- none
isis-level-2-external Disabled 20 2 --- none
host-mobility Disabled 20 2 --- none

History
This command was first available in ExtremeXOS 11.2.

The 40 Gbps parameter was added in ExtremeXOS 12.6.

The 2.5G, 5G, 25G and 50G speeds were added in ExtremeXOS 22.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 restart

configure ospfv3 restart [none | planned | unplanned | both]

Switch Engine™ Command Reference Guide for version 32.7.1 1119

Description Commands

Description
This command configures the graceful restart behavior the router.

Syntax Description
none Disable graceful restart.
planned Support planned restart only.
unplanned Support unplanned restart only.
both Support both planned and unplanned restart.

Default
Graceful restart is disabled by default.

Usage Guidelines
When configured for planned restarts, it will support planned restarts (like process
restart) and advertise Grace LSAs before restarting. When configured for unplanned
restarts, it will support unplanned restarts (like failover in a stack) and advertise Grace
LSAs after restarting but before sending any Hellos. When configured for both, the
router will support both planned and unplanned restarts. Unplanned restarts and BFD
configuration on interfaces are incompatible in ExtremeXOS. If both are enabled, an
unplanned restart will fail.

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ospfv3 restart grace-period

configure ospfv3 restart grace-period seconds

Description
This command configures the grace period sent out in Grace LSAs and used by a
restarting router.

Syntax Description
seconds Interval in seconds. Range is 1 to 1800.

1120 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
The default grace period is 120 seconds.

Usage Guidelines
The range is 1 to 1800 seconds. The grace period should be greater than hello interval
and router dead interval of the OSPFv3 interfaces on the router.

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ospfv3 restart-helper

configure ospfv3 [[vlan | tunnel] all | {vlan} vlan-name | {tunnel}
tunnel-name | area area-identifier] restart-helper [none | planned |
unplanned | both]

Description
This command configures graceful restart helper mode behavior of OSPFv3 interfaces
for its neighbors. When an interface is acting as a helper, it will continue to advertise
the restarting router as if it was fully adjacent.

Syntax Description
vlan
all Variable description, available options, and notes.
vlan-name VLAN name.
area OSPFv3 area.
area-identifier Area identifier.
none Disable helper mode.
planned Support planned restart only.
unplanned Support unplanned restart only.
both Support both planned and unplanned restart.

Default
Restart helper mode is disabled by default.

Switch Engine™ Command Reference Guide for version 32.7.1 1121

Usage Guidelines Commands

Usage Guidelines
When the area option is used the command applies to all interfaces in the area at that
time. One OSPFv3 interface may not help more than one restarting router at a time. An
OSPFv3 interface may not enter helper mode when the router is performing a graceful
restart. All the interfaces to a neighbor router must be configured as graceful restart
helpers, or the router will not support graceful restart for its neighbor.

Restart Helper mode is displayed in the show ospfv3 interfaces detail output.

# show ospfv3 interfaces detail

Interface : v100 Enabled : ENABLED
Router : ENABLED AreaID : 0.0.0.0
RouterID : 10.1.1.2 Link Type : point-to-point
Passive : No Cost : 40/A
Priority : 1 Transit Delay : 1s
Hello Interval : 10s Rtr Dead Time : 40s
Retransmit Interval : 5s Wait Timer : 40s
Interface ID : 19 Instance ID : 0
State : P2P Number of state chg : 1
Hello due in : 7s Number of events : 2
Total Num of Nbrs : 1 Nbrs in FULL State : 1
Hellos Rxed : 127733 Hellos Txed : 127739
DB Description Rxed : 4 DB Description Txed : 3
LSA Request Rxed : 1 LSA Request Txed : 1
LSA Update Rxed : 2121 LSA Update Txed : 6156
LSA Ack Rxed : 5962 LSA Ack Txed : 2121
In Discards : 0
DR RtId : 0.0.0.0 BDR RtId : 0.0.0.0
Restart Helper : Both
Restart Helper Strict LSA Checking: Enabled
BFD Protection : Off

Neighbors:
RtrId: 10.1.1.1 IpAddr: fe80::204:96ff:fe51:ea8e Pri: 1 Type: Auto
State: FULL DR: 0.0.0.0 BDR: 0.0.0.0 Dead Time: 00:00:31
Options: 0x13 (-|R|-|-|E|V6) Opaque LSA: No
Restart Helper Status: Off
Last Restart Helper Exit Reason: None
BFD Session State: None

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ospfv3 routerid

configure ospfv3 routerid [automatic | router_identifier]

1122 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures the OSPFv3 router ID. If automatic is specified, the switch uses the highest
IPv4 interface address as the OSPFv3 router ID.

Syntax Description
automatic Specifies to use automatic addressing.
router_identifi Specifies a router identifier, a four-byte, dotted decimal number.
er

Default
Automatic.

Usage Guidelines
Each switch that is configured to run OSPFv3 must have a unique router ID. The router
ID is a four-byte, dotted decimal number, like an IPv4 address. Even though the IP
address format has changed from IPv4 to IPv6, the router ID format has not. It is
recommended that you manually set the router ID of the switches participating in
OSPFv3, instead of having the switch automatically choose its router ID based on the
highest interface IPv4 address (if it exists). Not performing this configuration in larger,
dynamic environments could result in an older link-state database remaining in use.

This command is accepted only when OSPFv3 is globally disabled.

Note
Do not set the router ID to 0.0.0.0.

Example
The following command sets the router ID to 10.1.6.1:

configure ospfv3 routerid 10.1.6.1

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 1123

configure ospfv3 spf-hold-time Commands

configure ospfv3 spf-hold-time

configure ospfv3 spf-hold-time seconds

Description
Configures the minimum number of seconds between Shortest Path First (SPF)
recalculations.

Syntax Description
spf-hold-time SPF hold time.
seconds Specifies a time in seconds. The range is 0 to 300 seconds.

Default
3 seconds.

Usage Guidelines
Setting the interval too high will force OSPFv3 to run SPF calculations less frequently.
This will reduce the CPU load, but will cause delay in routes getting updated in the
IPv6 routing table. Setting the interval too low will decreases the interval between SPF
calculations, but will increase the processing load on CPU.

Example
The following command configures the minimum number of seconds between
Shortest Path First (SPF) recalculations:

configure ospfv3 spf-hold-time 6

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 virtual-link authentication (Authentication Trailer)

configure ospfv3 virtual-link {routerid} router-identifier {area} area-
identifier authentication [keychain keychain_name | none]

1124 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configure Authentication Trailer with a manual key to provide authentication on
OSPFv3 virtual-links.

Syntax Description
ospfv3 Specifies OSPFv3 virtual-link.
virtual-link OSPFv3 virtual link.
routerid OSPFv3 router ID.
router-identifier Specifies the router identifier of the advertising router.
area OSPFv3 area.
area-identifier Specifies an OSPFv3 area, a four-byte, dotted decimal
number.
authentication Specifies interface authentication.
keychain Specifies the set of authentication keys.
keychain-name Specifies the keychain name.
none Specifies no authentication (default).

Default
If not specified, no authentication is applied.

Usage Guidelines
Users can only add keychains that are already present on the system. Keychains can be
created using this command create keychain keychain_name .

Example
The following example for virtual-link with a router id of 10.1.1.3 and an area identifier of
1.1.1.1:
# configure ospfv3 virtual-link 10.1.1.3 area 1.1.1.1 authentication keychain ospfv3-
keys1

History
This command was first available in ExtremeXOS 31.3.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 1125

configure ospfv3 virtual-link authentication Commands

configure ospfv3 virtual-link authentication

configure ospfv3 virtual-link {routerid} router-identifier {area} area-
identifier authentication [none | keychain keychain-name | ipsec
spi spi esp-auth-algorithm algorithm key [key-string | encrypted
encrypted-key-string]

Description
Configure Internet Protocol Security (IPsec) with a manual key to provide
authentication on OSPFv3 virtual-links.

Syntax Description
ospfv3 Specifies OSPFv3 virtual-link.
virtual-link OSPFv3 virtual link.
routerid OSPFv3 router ID.
router-identifier Specifies the router identifier of the advertising router.
area OSPFv3 area.
area-identifier Specifies an OSPFv3 area, a four-byte, dotted decimal
number.
authentication Specifies interface authentication.
none Specifies no authentication (default).
keychain Specifies the authentication method is keychain.
keychain-name Specifies the keychain name.
ipsec spi Specifies the authentication type is IPsec Encapsulating
Security Payload (ESP) with manual key.
spi Specifies Security Parameter Index value. Range is
256-4294967295.
esp-auth-algorithm Specifies the ESP Authentication algorithm.
algorithm Specifies the authentication algorithm.
Supported authentication algorithms are hmac-sha-1 and
hmac-sha-256.
key Specifies the authentication key,
key-string Specifies the key string in clear text.
Both the ASCII string and hexadecimal string are
supported, and hexadecimal string must begin with “0x”.
encrypted Specifies that the key string is in encrypted format.
encrypted-key-string Specifies the encrypted key string.
The encrypted key string must be enclosed in double
quotes.

1126 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
If not specified, no authentication is applied.

Usage Guidelines
When configuring IPsec with a manual key on an OSPFv3 virtual link, the exact same
IPsec parameters (SPI, algorithm and key-string) must be specified on all routers
connected to both sides of the virtual link.

To configure OSPFv3 VLAN authentication, run the command configure ospfv3

[{vlan} vlan-name | {tunnel} tunnel-name] authentication [none |ipsec
spi spi esp-auth-algorithm algorithm key [key-string | encrypted
encrypted-key-string].

Example
The following example for virtual-link "5.5.5.5 0.0.0.2" applies authentication type IPsec
with SPI "1001" and algorithm "hmac-sha-1" with key "mykey":
# configure ospfv3 virtual-link 5.5.5.5 0.0.0.2 authentication ipsec spi 1001 esp-auth-
algorithm hmac-sha-1 key mykey

History
This command was first available in ExtremeXOS 31.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure ospfv3 virtual-link restart-helper

configure ospfv3 virtual-link {routerid} router-identifier {area} area-
identifier restart-helper [none | planned | unplanned | both]

Description
This command configures graceful restart helper mode behavior of OSPFv3 interfaces
for its neighbors. When an interface is acting as a helper, it continues to advertise the
restarting router as if it was fully adjacent.

Syntax Description
virtual-link OSPFv3 virtual link.
routerid OSPFv3 router ID.
router-identifier Router ID of neighbor OSPFv3 router.

Switch Engine™ Command Reference Guide for version 32.7.1 1127

Default Commands

area OSPFv3 area.

area-identifier Transit area ID of virtual link.
restart-helper Graceful restart helper mode.
none Disable helper mode (default).
planned Support planned restart only.
unplanned Support unplanned restart only.
both Support both planned and unplanned restart.

Default
Helper mode is disabled by default.

Usage Guidelines
When the area option is used, the command applies to all interfaces in the area at that
time. One OSPFv3 interface may not help more than one restarting router at a time. An
OSPFv3 interface may not enter helper mode when the router is performing a graceful
restart. All the interfaces to a neighbor router must be configured as graceful restart
helpers, or the router does not support graceful restart for its neighbor.

Restart helper mode appears in the show ospfv3 interfaces detail output.
# show ospfv3 interfaces detail
Interface : v100 Enabled : ENABLED
Router : ENABLED AreaID : 0.0.0.0
RouterID : 10.1.1.2 Link Type : point-to-point
Passive : No Cost : 40/A
Priority : 1 Transit Delay : 1s
Hello Interval : 10s Rtr Dead Time : 40s
Retransmit Interval : 5s Wait Timer : 40s
Interface ID : 19 Instance ID : 0
State : P2P Number of state chg : 1
Hello due in : 7s Number of events : 2
Total Num of Nbrs : 1 Nbrs in FULL State : 1
Hellos Rxed : 127733 Hellos Txed : 127739
DB Description Rxed : 4 DB Description Txed : 3
LSA Request Rxed : 1 LSA Request Txed : 1
LSA Update Rxed : 2121 LSA Update Txed : 6156
LSA Ack Rxed : 5962 LSA Ack Txed : 2121
In Discards : 0
DR RtId : 0.0.0.0 BDR RtId : 0.0.0.0
Restart Helper : Both
Restart Helper Strict LSA Checking: Enabled
BFD Protection : Off

Neighbors:
RtrId: 10.1.1.1 IpAddr: fe80::204:96ff:fe51:ea8e Pri: 1 Type: Auto
State: FULL DR: 0.0.0.0 BDR: 0.0.0.0 Dead Time: 00:00:31
Options: 0x13 (-|R|-|-|E|V6) Opaque LSA: No
Restart Helper Status: Off
Last Restart Helper Exit Reason: None
BFD Session State: None

1128 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ospfv3 virtual-link timer

configure ospfv3 virtual-link {routerid} router_identifier {area}
area_identifier timer {retransmit-interval} retransmit_interval
{transit-delay} transit_delay {hello-interval} hello_interval {dead-
interval} dead_interval

Description
Configures the timers for a virtual link.

Syntax Description
router_identifi Specifies the router ID of the other end of the link.
er
area_identifier Specifies an OSPFv3 area, a four-byte, dotted decimal number.
retransmit_inte Specifies the length of time that the router waits before
rval retransmitting an LSA that is not acknowledged. The range is 1
to 3600 seconds.
transit_delay Specifies the length of time it takes to transmit an LSA packet
over the interface. The range is 1 to 3600 seconds.
hello_interval Specifies the interval at which routers send hello packets. The
range is 1 to 65535 seconds.
dead_interval Specifies the interval after which a neighboring router is declared
down due to the fact that hello packets are no longer received
from the neighbor. The range is 1 to 65535 seconds.

Default
• Retransmit interval—Default: 5 seconds.
• Transit delay—Default: 1 second.
• Hello interval—Default: 10 seconds.
• Dead interval—Default: 40 seconds.

Usage Guidelines
In OSPFv3, all areas must be connected to a backbone area. If the connection to the
backbone is lost, it can be repaired by establishing a virtual link.

Switch Engine™ Command Reference Guide for version 32.7.1 1129

Example Commands

The smaller the hello interval, the faster topological changes will be detected, but more
routing traffic will ensue.

The setting of the retransmit interval should be conservative, or needless

retransmissions will result. The value should be larger for serial lines and virtual links.

The transmit delay value should take into account the transmission and propagation
delays for the interface.

Note
The wait interval is not separately configurable. It is always equal to the dead
interval.

Example
The following command sets the timers on the virtual link to router 6.6.6.6 transiting
area 0.0.0.2:
configure ospfv3 virtual-link 6.6.6.6 area 0.0.0.2 timer 10 transit-delay 1
hello‑interval 20 dead-interval 200

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure pim add tunnel

configure pim {ipv4} add {tunnel} [tunnel_name | tunnel all] {sparse |
dense} {passive}

Description
Configures an IP interface for PIM tunnel.

Syntax Description
ipv4 Specifies the IPv4 address family.
add Specifies to add PIM to a VLAN.
tunnel Specifies the tunnel name.
tunnel_name Specifies to configure PIM information for interface.
all Specifies to configure PIM information on all Layer 3
interfaces.

1130 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

dense Specifies PIM dense mode (PIM-DM). (Default mode.)

sparse Specifies PIM sparse mode (PIM-SM).
passive Specifies a passive interface.

Default
Dense.

Usage Guidelines
When an IP interface is created, per-interface PIM configuration is disabled by default.

The switch supports both dense mode and sparse mode operation. You can configure
dense mode or sparse mode on a per-interface basis. After they are enabled, some
interfaces can run dense mode, while others run sparse mode.

Passive interfaces are host only interfaces that allow a multicast stream from other
VLANs to be forwarded to edge hosts. Since they do not peer with other PIM routers,
you should not connect a multicast router to a passive interface.

In order for the interface to participate in PIM, PIM must be globally enabled on the
switch using the following command: enable pim

Example
The following example enables PIM-DM multicast routing on tunnel accounting:
configure pim add tunnel accounting dense

History
This command was first available in ExtremeXOS 32.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim add vlan

configure pim {ipv4 | ipv6} add vlan [vlan-name | all] {dense | sparse}
{passive}

Description
Configures an IP interface for PIM.

Switch Engine™ Command Reference Guide for version 32.7.1 1131

Syntax Description Commands

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.
vlan-name Specifies a VLAN name.
all Specifies all VLANs.
dense Specifies PIM dense mode (PIM-DM). (Default mode.)
sparse Specifies PIM sparse mode (PIM-SM).
passive Specifies a passive interface.

Default
Dense.

Usage Guidelines
When an IP interface is created, per-interface PIM configuration is disabled by default.

The switch supports both dense mode and sparse mode operation. You can configure
dense mode or sparse mode on a per-interface basis. After they are enabled, some
interfaces can run dense mode, while others run sparse mode.

Passive interfaces are host only interfaces that allow a multicast stream from other
VLANs to be forwarded to edge hosts. Since they do not peer with other PIM routers,
you should not connect a multicast router to a passive interface.

In order for the interface to participate in PIM, PIM must be globally enabled on the
switch using the following command: enable pim

Example
The following example enables PIM-DM multicast routing on VLAN accounting:
configure pim add vlan accounting dense

History
This command was first available in ExtremeXOS 10.1.

The passive option was added in ExtremeXOS 11.1.

The IPv4 and IPv6 options were added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade

1132 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure pim anycast-rp

your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim anycast-rp

configure pim {ipv4 | ipv6} anycast-rp ip_address [policy | none]

Description
Configures or removes a rendezvous point (RP) for Anycast RP using PIM (RFC 4610).

Syntax Description
ipv4 Specifies IPv4 address family.
ipv6 Specifies IPv6 address family.
anycast-rp Specifies configuring Anycast RP.
ip_address Specifies the Anycast RP address.
policy Specifies the policy file having a list of IP addresses of peer
RP nodes. These IP addresses should be specified using
NLRI keyword.
none Specifies removing an Anycast RP and associated policy
containing peer information.

Default
N/A.

Usage Guidelines
The Anycast RP using PIM feature provides fast convergence when RP routers fail using
PIM protocol without using the source discovery protocol Multicast Source Discovery
Protocol (MSDP) for both IPv4 and IPv6 address families.

To view Anycast RP using PIM information, use the show pim {ipv4 | ipv6}
anycast-rp {ip_address} command.

Example
The following example specifies the router at IP address 10.45.7.12 as the Anycast RP
with policy_file as the policy file with the list of peer Anycast RP nodes:
# configure pim ipv4 anycast-rp 10.45.7.12 policy_file

With a policy_file of:

entry policy1 {
if match any{
nlri 10.10.10.1/32;
nlri 20.20.20.1/32;

Switch Engine™ Command Reference Guide for version 32.7.1 1133

History Commands

nlri 30.30.30.1/32;
}
then {
permit;
}
}

The following example removes the RP router at IP address 10.45.7.12

# configure pim ipv4 anycast-rp 10.45.7.12 none

History
This command was first available in ExtremeXOS 31.1.

Platform Availability
This command is available on platforms that support the appropriate license for the
PIM feature. For complete information about software licensing, including how to
obtain and upgrade your license and which licenses support the PIM feature, see the
Switch Engine 32.7.1 Feature License Requirements.

configure pim border

configure pim {ipv4 | ipv6} [{vlan} vlan_name] border

Description
Configures a PIM VLAN as a border VLAN, which is used to demarcate a PIM domain
when using MSDP.

Syntax Description
ipv4 Configures a PIM timer on IPv4 router interfaces.
ipv6 Configures a PIM timer on IPv6 router interfaces.
vlan_name Specifies a VLAN name.
border Interface is domain border.

Default
None.

Usage Guidelines
MSDP is used to connect multiple multicast routing domains. A PIM-SM domain is
created by limitingthe reach of PIM BSR advertisements. When a border VLAN is
configured, PIM BSR advertisements are not forwarded out of the PIM VLAN.

1134 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example configures a PIM border on a VLAN called "vlan_border":
configure pim vlan_border border

History
This command was first available in ExtremeXOS 10.1.

The ipv4 and ipv6 keywords were added giving an option to support this functionality
in IPv6 as well in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the ExtremeXOS User
Guide.

configure pim cbsr

configure pim cbsr {ipv4 | ipv6} [{vlan} vlan_name {priority [0-255]} |
none]

Description
Configures a candidate bootstrap router for PIM sparse-mode operation.

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.
vlan_name Specifies a VLAN name.
priority Specifies a priority setting. The range is 0 - 255.
none Deletes a CBSR.

Default
The default setting for priority is 0, and indicates the lowest priority.

Usage Guidelines
The VLAN specified for CBSR must have PIM enabled for it to take effect. After PIM
is enabled, CBSRs advertise themselves in the PIM domain. A bootstrap router (BSR)
is elected among all the candidates based on CBSR priority. To break the tie among
routers with the same priority setting, the router with the numerically higher IP address
is chosen.

Switch Engine™ Command Reference Guide for version 32.7.1 1135

Example Commands

An ExtremeXOS switch can support up to 145 RPs per group when it is configured as a
PIM BSR (bootstrap router). If more than 145 RPs are configured for a single group, the
BSR ignores the group and does not advertise the RPs. Non-BSR switches can process
more than 145 RPs in the BSR message.

Example
The following example configures a candidate bootstrap router on the VLAN
accounting:
configure pim cbsr vlan accounting 30

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim crp static

configure pim {ipv4 | ipv6} crp static ip_address [none | policy]
{priority [0-255]}

Description
Configures a rendezvous point and its associated groups statically, for PIM sparse mode
operation.

Syntax Description
ipv4 Specifies an IPv4 address.
ipv6 Specifies an IPv6 address.
ip_address Specifies a static CRP address.
none Deletes the static rendezvous point.
policy Specifies a policy file name.
priority Specifies a priority setting. The range is 0–255.

Default
The default setting for priority is 192. Priority value 0 indicates the highest priority.

1136 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
In PIM-SM, the router sends a join message to the rendezvous point (RP). The RP is
a central multicast router that is responsible for receiving and distributing multicast
packets. If you use a static RP, all switches in your network must be configured with the
same RP address for the same group (range).

ExtremeXOS switches support up to 64 static RPs (32 IPv4 and 32 IPv6), and up to 180
groups (group/mask entries) in a single RP policy file. If you configure more than 180
group entries in a single RP policy file, the switch will not process entries added after
the first 180.

The policy file contains a list of multicast group addresses served by this RP.

This policy file is not used for filtering purposes. As used with this command, the
policy file is just a container for a list of addresses. So a typical policy file used for RP
configuration looks a little different from a policy used for other purposes.

If routers have different group-to-RP mappings, due to misconfiguration of the static

RP (or any other reason), traffic is disrupted.

Example
The following example statically configures an RP and its associated groups defined in
policy file rp-list:
configure pim crp static 10.0.3.1 rp-list

The following is a sample policy file:

entry extreme1 {
if match any { }
then { nlri 224.0.0.0/4 ;
nlri 239.255.0.0/24 ;
nlri 232.0.0.0/8 ;
nlri 238.1.0.0/16 ;
nlri 232.232.0.0/20 ;
}
}

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 1137

configure pim crp timer Commands

configure pim crp timer

configure pim {ipv4 | ipv6} crp timer crp_adv_interval

Description
Configures the candidate rendezvous point advertising interval in PIM sparse mode
operation.

Syntax Description
ipv4 Specifies an IPv4 address.
ipv6 Specifies an IPv6 address.
crp_adv_interval Specifies a candidate rendezvous point advertising interval
in seconds. The range is 1 to 1,717,986,918.

Default
The default is 60 seconds.

Usage Guidelines
Increasing this time results in increased convergence time for CRP information to the
PIM routers.

Example
The following example configures the candidate rendezvous point advertising interval
to 120 seconds:
configure pim crp timer 120

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim crp vlan

configure pim {ipv4 | ipv6} crp vlan vlan_name [none | policy]
{priority}

1138 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures the dynamic candidate rendezvous point (CRP) for PIM sparse-mode
operation.

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.
vlan_name Specifies a VLAN name.
none Specifies to delete a CRP.
policy Specifies a policy file name.
priority Specifies a priority setting. The range is 0–255.

Default
The default setting for priority is 192. Priority value 0 indicates the highest priority.

Usage Guidelines
ExtremeXOS switches support up to 50 RPs in a switch, and up to 180 groups (group/
mask entries) in a single RP policy file. If you configure more than 180 group entries in
single RP policy file, then the switch will not process entries added after first 180.

The policy file contains the list of multicast group addresses serviced by this RP. This
set of group addresses are advertised as candidate RPs. Each router then elects the
common RP for a group address based on a common algorithm. This group to RP
mapping should be consistent on all routers.

This policy file is not used for filtering purposes. As used with this command, the
policy file is just a container for a list of addresses. So a typical policy file used for RP
configuration looks a little different from a policy used for other purposes. The following
is a sample policy file that configures the CRP for the address ranges 239.0.0.0/24 and
232.144.27.0/24:
entry extreme1 {
if match any {
}
then {
nlri 239.0.0.0/24 ;
nlri 232.144.27.0/24 ;
}
}

The VLAN specified for a CRP must have PIM configured.

To delete a CRP, use the keyword none as the access policy.

Switch Engine™ Command Reference Guide for version 32.7.1 1139

Example Commands

Example
The following example configures the candidate rendezvous point for PIM sparse-mode
operation on the VLAN HQ_10_0_3 with the policy rp-list and priority set to 30:
configure pim crp HQ_10_0_3 rp-list 30

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim delete tunnel

configure pim {ipv4} delete tunnel [tunnel_name | tunnel all]

Description
Disables PIM on a router interface.

Syntax Description
ipv4 Specifies the IPv4 address family.
delete Specifies to delete PIM on a VLAN.
tunnel Specifies the tunnel name.
tunnel_name Specifies to configure PIM information for interface.
all Specifies to configure PIM information on all Layer 3
interfaces.

Default
N/A.

Usage Guidelines
Use this command to disable PIM for a specific or all tunnels.

Example
The following example disables PIM on tunnel accounting:
configure pim delete tunnel accounting

1140 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 32.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim delete vlan

configure {ipv4 | ipv6} pim delete vlan [vlanname | all]

Description
Disables PIM on a router interface.

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.
vlanname Specifies a VLAN name.
all Specifies all VLANs.

Default
N/A.

Usage Guidelines
Use this command to disable PIM for a specific or all VLANs.

Example
The following example disables PIM on VLAN accounting:
configure pim delete vlan accounting

History
This command was first available in ExtremeXOS 10.1.

Switch Engine™ Command Reference Guide for version 32.7.1 1141

Platform Availability Commands

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim dense-neighbor-check

configure pim dense-neighbor-check [on | off}

Description
This command is used to configure a PIM interface that receives multicast data traffic.
It could be either from a source directly connected or from a PIM neighbor. In the
second case (from a source not directly connected), if the received interface has no PIM
neighbor, the traffic is dropped (default behavior). If you turn off this check, the traffic is
processed.

Syntax Description
dense-neighbor-check Check if multicast traffic is received from PIM neighbor in
dense mode.
on Drop multicast traffic if not received from PIM neighbor
(default).
off Forward multicast traffic even if not received from PIM
dense neighbor.

Default
The default is on.

Example
The following example turns on dense neighbor check:
configure pim dense-neighbor-check on

History
This command was first available in ExtremeXOS 15.1.4.

Platform Availability
This command is available on platforms that support the appropriate license. For more
information, see the Switch Engine 32.7.1 Feature License Requirements.

1142 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure pim dr-priority

configure pim dr-priority

configure pim {ipv4 | ipv6} [ {vlan} vlan_name | vlan all ] dr-priority
priority

Description
Configures the designated router (DR) priority that is advertised in PIM hello messages.

Syntax Description
ipv4 IPv4 address family (default).
ipv6 IPv6 address family.
vlan all Apply to all VLANs.
dr-priority Designated Router Priority for VLAN.
priority Priority value for VLAN (default 1). The range is 0–
4294967295.

Default
The default setting for dr-priority is 1.

Usage Guidelines
The dr-priority option allows a network administrator to give preference to a
particular router in the DR election process by giving it a numerically larger DR priority.
The dr-priority option is included in every hello message, even if no DR priority
is explicitly configured on that interface. This is necessary because priority-based DR
election is only enabled when all neighbors on an interface advertise that they are
capable of using the dr-priority option.

The DR priority is a 32-bit unsigned number, and the numerically larger priority is
always preferred. A router's idea of the current DR on an interface can change when
a PIM hello message is received, when a neighbor times out, or when a router's own
DR priority changes. If the router becomes the DR or ceases to be the DR, this will
normally cause the DR register state machine to change states. Subsequent actions are
determined by that state machine. The DR election process on interface is as follows:
• If any one of the neighbor on the interface is not advertised the DR priority (not DR
capable) then DR priority will not considered for the all the neighbors in the circuit,
and the primary IP address will be considered for all the neighbors.
• The higher DR priority or higher primary address will be elected as DR.

Example
configure pim ipv4 vlan accounting dr-priority 10

Switch Engine™ Command Reference Guide for version 32.7.1 1143

History Commands

History
This command was first available in ExtremeXOS 15.3.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim iproute sharing hash

configure pim {ipv4 | ipv6} iproute sharing hash [source | group |
source-group | source-group-nexthop]

Description
This command is used to configure the PIM ECMP hash algorithm.

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.
hash Configure Hash Algorithm for Equal Cost Multipath
Routing.
source Hash for route sharing is based on source address
only.
group Hash for route sharing is based on group address
only.
source-group Hash for route sharing is based on source and
group addresses.
source-group-nexthop Hash for route sharing is based on source, group,
and next hop addresses (default).

Default
Source-group-nexthop.

Usage Guidelines
Use this command to modify the hash algorithm used by PIM for path selection.

1144 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command configures the PIM ECMP hash algorithm based on source-
group-nexthop:
configure pim ipv6 iproute sharing hash source-group-nexthop

History
This command was first available in ExtremeXOS 15.3.2.

Platform Availability
This command is available on platforms that support the appropriate license.

configure pim register-policy

configure pim {ipv4 | ipv6} register-policy [rp_policy_name | none]

Description
Configures the register filter at the First Hop Router (FHR). This is the router to which
the multicast source is connected to.

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.
rp_policy_name Specifies the Policy File for Register filter.
none Unconfigures the configured FHR Register filter.

Default
IPv4.

Usage Guidelines
Use this command to add or remove a First Hop Router Register Filter policy.

Example
The following example configures an IPv4 register policy named "entry_policy" at the
FHR:
configure pim ipv4 register-policy entry_policy

Switch Engine™ Command Reference Guide for version 32.7.1 1145

History Commands

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim register-policy rp

configure pim {ipv4 | ipv6} register-policy rp [rp_policy_name | none]

Description
Configures the register filter at the Rendezvous Point.

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.
rp_policy_name Specifies the Policy File for RP Register filter.
none Unconfigures the configured RP Register filter.

Default
N/A.

Usage Guidelines
Use this command to add or remove a Rendezvous Point Register Filter policy.

Example
The following example configures IPv4 register policy named "entry_policy":
configure pim ipv4 register-policy rp entry_policy

History
This command was first available in ExtremeXOS 15.3.

1146 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim register-rate-limit-interval

configure pim {ipv4 | ipv6} register-rate-limit-interval interval

Description
Configures the initial PIM-SM periodic register rate.

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.
interval Specifies an interval time in seconds. Range is 0 - 60.
Default is 0.

Default
The default interval is 0.

Usage Guidelines
Configuring a non-zero interval time can reduce the CPU load on the first hop switch, in
case register stop messages are not received normally.

When a non-zero value is configured, the first hop switch sends a few register
messages and then waits for a corresponding register stop from the RP for time
seconds. The process is repeated until the register stop is received. This command
should be used when the (S,G) tree between the first hop router and the RP is not
converging quickly.

When the default value is zero in default mode, the switch sends continuous register
messages until the register stop is received.

Example
The following example configures the initial PIM register rate limit interval:
configure pim register-rate-limit-interval 2

History
This command was first available in ExtremeXOS 10.1.

Switch Engine™ Command Reference Guide for version 32.7.1 1147

Platform Availability Commands

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim register-suppress-interval register-probe-interval

configure pim {ipv4 | ipv6} register-suppress-interval reg-interval
register-probe-interval probe_interval

Description
Configures an interval for periodically sending null-registers.

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.
reg-interval Specifies an interval time in seconds. Range is 30 - 200
seconds. Default is 60.
probe-interval Specifies an interval time in seconds. Default is 5.

Default
The following defaults apply:
• register-suppress-interval—60
• register-probe-interval—5

Usage Guidelines
The register-probe-interval time should be set less than the register-suppress-interval
time. By default, a null register is sent every 55 seconds (register-suppress-interval –
register-probe-interval). A response to the null register is expected within register probe
interval. By specifying a larger interval, a CPU peak load can be avoided because the
null-registers are generated less frequently. The register probe time should be less than
half of the register suppress time, for best results.

Example
The following example configures the register suppress interval and register probe
time:
configure pim register-suppress-interval 90 register-probe time 10

1148 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim snooping sgrpt-prune

configure pim snooping sgrpt-prune [accept | drop]

Description
Configures <S,G,RPT> prune messages processing by PIM Snooping.

Syntax Description
accept <S,G,RPT> prune messages are processed.
drop <S,G,RPT> prune messages are not processed.

Default
Default configuration is accept.

Usage Guidelines
Use this command when it is desirable to disable PIM <S,G,RPT> prune messages
processing by PIM Snooping.

Example
The following example disables <S,G,RPT> prune messages processing by PIM
Snooping:
configure pim snooping sgrpt-prune drop

History
This command was first available in ExtremeXOS 15.6.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade

Switch Engine™ Command Reference Guide for version 32.7.1 1149

configure pim shutdown-priority Commands

your license and which licenses support the PIM feature, see the Feature License
Requirements document.

configure pim shutdown-priority

configure pim {ipv4 | ipv6} [ {vlan} vlan_name | vlan all ] shutdown-
priority number

Description
Configures the priority for out of memory shutdown.

Syntax Description
ipv4 Configures a PIM timer on IPv4 router interfaces.
ipv6 Configures a PIM timer on IPv6 router interfaces.
vlan_name Specifies a VLAN name.
all Specifies all VLANs.
number Priority for VLAN range is [0 - 65535].

Default
IPv4.

Usage Guidelines
None.

Example
The following example configures the shutdown priority for VLAN 36:
config pim vlan v36 shutdown-priority 22

History
This command was first available in ExtremeXOS 12.4.

The ipv4 and ipv6 keywords were added giving an option to support this functionality
in IPv6 as well in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

1150 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure pim spt-threshold

configure pim spt-threshold

configure pim {ipv4 | ipv6} spt_threshold [infinity | leaf_threshold]
{rp_threshold}

Description
Configures the threshold, in kbps, for switching to SPT. On leaf routers, this setting
is based on data packets. On the RP, this setting is based on register packets.
When infinity option is configured on First Hop Routers or Intermediary Routers, SPT
switching is disabled. Traffic forwarding will be performed based on RPT paths only.

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.
infinity Disables Shortest Path Tree (SPT) switching on Last Hop or
Intermediary routers.
leaf-threshold Specifies the rate of traffic per (s,g,v) group in kbps for the
last hop. Range is 0 - 4194303.
rp_threshold Specifies an RP threshold. Range is 0 - 4194303.

Default
The default setting is 0 for both parameters.

Usage Guidelines
For the best performance, use default value of 0.

Example
The following example changes the threshold for switching to SPT:
configure pim spt-threshold 4 16

History
This command was first available in ExtremeXOS 10.1.

The infinity option was added in ExtremeXOS 15.7.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade

Switch Engine™ Command Reference Guide for version 32.7.1 1151

configure pim ssm range Commands

your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim ssm range

configure pim {ipv4 | ipv6} ssm range [default | policy policy-name]

Description
Configures the range of multicast addresses for PIM SSM.

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.
default Specifies the default address range. 232.0.0.0/8 for IPv4 or
FF3x::/96 for IPv6.
policy-name Specifies a policy that defines the SSM address range.

Default
By default, no SSM range is configured. Using this command with the default keyword
sets the range to 232.0.0.0/8. To reset the switch to the initial state, use the unconfigure
pim ssm range command.

Usage Guidelines
Initially, no range is configured for SSM. After a range is configured, you can remove the
range with the unconfigure pim ssm range command. If you wish to change the PIM
SSM range, you must first unconfigure the existing range, and then configure the new
range.

SSM requires that hosts use IGMPv3 messages to register to receive multicast group
packets. When a range is configured for SSM, any IGMPv2 messages for an address in
the range are ignored. Also, any IGMPv3 Exclude messages are ignored.

Note
If a PIM-SSM range is configured, IGMPv2 messages and IGMPv3 exclude
messages within the PIM-SSM range are ignored on all IP interfaces, whether
or not PIM-SSM is configured on the interfaces.

To specify a range different from the default PIM SSM range, create a policy file. The
match statement of the policy file contains the group addresses to be treated as PIM
SSM addresses. For example, to specify the PIM SSM address range as 232.0.0.0/8 and
233.0.0.0/8, use the following policy file:
Entry extreme1 {
if match any {
nlri 232.0.0.0/8 ;

1152 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

nlri 233.0.0.0/8 ;
}
then {
permit ;
}
}

Example
The following example sets the PIM SSM range to 232.0.0.0/8 and 233.0.0.0/8, if the
policy file ssmrange.pol contains the policy example used above:
configure pim ssm range policy ssmrange

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim state-refresh timer origination-interval

configure pim {ipv4 | ipv6} state-refresh timer origination-interval
interval

Description
Configures the interval at which state refresh messages are originated.

Syntax Description
interval Specifies a refresh interval in seconds. The range is 30–90
seconds.

Default
60 seconds.

Usage Guidelines
None.

Switch Engine™ Command Reference Guide for version 32.7.1 1153

Example Commands

Example
The following example configures the interval to 45 seconds:
configure pim state-refresh timer origination-interval 45

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim state-refresh timer source-active-timer

configure pim {ipv4 | ipv6} state-refresh timer source-active-timer
interval

Description
Defines how long a multicast source (S,G) is considered active after a packet is received
from the source.

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.
interval Specifies a source-active timer interval in seconds. The
range is 90–300 seconds.

Default
210 seconds.

Usage Guidelines
None.

Example
The following example configures the interval to 180 seconds:
configure pim state-refresh timer source-active-timer 180

1154 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim state-refresh ttl

configure pim {ipv4 | ipv6} state-refresh ttl ttlvalue

Description
Configures a time-to-live (TTL) value for PIM-DM state refresh messages.

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.
ttl_value Specifies a TTL value. The range is 1–64.

Default
16.

Usage Guidelines
None.

Example
The following example configures the TTL value for 24:
configure pim state-refresh ttl 24

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade

Switch Engine™ Command Reference Guide for version 32.7.1 1155

configure pim state-refresh Commands

your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim state-refresh

configure pim {ipv4 | ipv6} state-refresh {vlan} [vlan_name | all] [on |
off]

Description
Enables or disables the PIM-DM state refresh feature on one or all VLANs.

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.
vlan_name Specifies a VLAN on which to enable or disable the PIM-DM
state refresh feature.
on Enables the PIM-DM state refresh feature on the specified
VLANs.
off Disables the PIM-DM state refresh feature on the specified
VLANs.

Default
Disabled.

Usage Guidelines
When this feature is disabled on an interface, the interface behaves as follows:
• State refresh messages are not originated.
• State refresh messages received on the interface are dropped without processing.
• State refresh messages received on other interfaces are not forwarded to the
disabled interface.

Example
The following example enables the PIM-DM state refresh feature on VLAN blue:
configure pim state-refresh blue on

History
This command was first available in ExtremeXOS 12.4.

1156 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim timer tunnel

configure pim {ipv4} timer hello_interval jp_interval [{tunnel}
tunnel_name | tunnel all]

Description
Configures the global PIM timers on the specified router interfaces.

Syntax Description
ipv4 Specifies the IPv4 address family.
timer Specifies to configure the timer.
hello_interval Specifies the amount of time before a hello message is
sent out by the PIM router. The range is 1–65,535 seconds.
jp_interval Specifies the join/prune interval. The range is 1–65,535
seconds.
tunnel Specifies the tunnel name.
tunnel_name Specifies the name of the PIM interface.
all Specifies to apply to all interfaces.

Default
• hello_interval—30 seconds
• jp_interval—60 seconds

Usage Guidelines
These default timers should only be adjusted when excess PIM control packets are
observed on the interface.

Example
The following example configures the PIM timers on the tunnel accounting:
configure pim timer 150 300 tunnel accounting

History
This command was first available in ExtremeXOS 32.3.

Switch Engine™ Command Reference Guide for version 32.7.1 1157

Platform Availability Commands

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim timer vlan

configure pim {ipv4 | ipv6} timer hello_interval jp_interval [{vlan}
vlan_name | vlan all]

Description
Configures the global PIM timers on the specified router interfaces.

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.
hello_interval Specifies the amount of time before a hello message is
sent out by the PIM router. The range is 1–65,535 seconds.
jp_interval Specifies the join/prune interval. The range is 1–65,535
seconds.
vlan_name Specifies a VLAN name.
all Specifies all VLANs.

Default
• hello_interval—30 seconds
• jp_interval—60 seconds

Usage Guidelines
These default timers should only be adjusted when excess PIM control packets are
observed on the interface.

Example
The following example configures the PIM timers on the VLAN accounting:
configure pim timer 150 300 vlan accounting

History
This command was first available in ExtremeXOS 10.1.

1158 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim tunnel dr-priority

configure pim {ipv4} [{tunnel} tunnel_name | tunnel all] dr-priority
priority

Description
Configures the tunnel designated router (DR) priority that is advertised in PIM hello
messages.

Syntax Description
ipv4 IPv4 address family (default).
tunnel Specifies the tunnel name.
tunnel_name Specifies the name of the PIM interface.
dr-priority Designated Router Priority for VLAN.
priority Priority value for VLAN (default 1). The range is 0–
4294967295.

Default
The default setting for dr-priority is 1.

Usage Guidelines
The dr-priority option allows a network administrator to give preference to a
particular router in the DR election process by giving it a numerically larger DR priority.
The dr-priority option is included in every hello message, even if no DR priority
is explicitly configured on that interface. This is necessary because priority-based DR
election is only enabled when all neighbors on an interface advertise that they are
capable of using the dr-priority option.

The DR priority is a 32-bit unsigned number, and the numerically larger priority is
always preferred. A router's idea of the current DR on an interface can change when
a PIM hello message is received, when a neighbor times out, or when a router's own
DR priority changes. If the router becomes the DR or ceases to be the DR, this will

Switch Engine™ Command Reference Guide for version 32.7.1 1159

Example Commands

normally cause the DR register state machine to change states. Subsequent actions are
determined by that state machine. The DR election process on interface is as follows:
• If any one of the neighbor on the interface is not advertised the DR priority (not DR
capable) then DR priority will not considered for the all the neighbors in the circuit,
and the primary IP address will be considered for all the neighbors.
• The higher DR priority or higher primary address will be elected as DR.

Example
configure pim ipv4 tunnel accounting dr-priority 10

History
This command was first available in ExtremeXOS 32.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure pim vlan trusted-gateway

configure pim {ipv4 | ipv6} [{vlan} vlan_name] trusted-gateway [policy |
none]

Description
Configures a trusted neighbor policy.

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.
vlan_name Specifies a VLAN name.
policy Specifies a policy file name.
none Specifies no policy file, so all gateways are trusted.

Default
No policy file, so all gateways are trusted.

1160 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Because PIM leverages the unicast routing capability that is already present in the
switch, the access policy capabilities are, by nature, different. When the PIM protocol is
used for routing IP multicast traffic, the switch can be configured to use a policy file to
determine trusted PIM router neighbors for the VLAN on the switch running PIM. This is
a security feature for the PIM interface.

Example
The following example configures a trusted neighbor policy on the VLAN backbone
using the policy "nointernet":
configure pim vlan backbone trusted-gateway nointernet

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure policy access-list

configure policy access-list [rule-precedence [list_dot_rule [after
member_rule | before member_rule | first | last ] ] ]

Description
Adds rules and configures the rule precedence list for an access-list.

Syntax Description
access-list Configures access-list rule model.
rule-precedence Specifies modifying a rule's precedence in the access-list.
list_dot_rule Specifies the access-list name and rule name in the format
list_name.rule_name.
after Moves the rule after an existing entry.
before Moves the rule before an existing entry.
member_rule Specifies the access-list name and rule name in format
list_name.rule_name.
first Makes the rule the first.
last Makes the rule the last.

Switch Engine™ Command Reference Guide for version 32.7.1 1161

Default Commands

Default
N/A.

Usage Guidelines
An access-list always contains at least one rule and is not active or programmed until
it is assigned to a profile. Assigning a different profile ID to an access-list that already
has one overwrites the current value. Setting the profile ID to “none” removes the
access-list from the active/programmed rules. A profile ID can only be assigned to an
access-list, and not per rule, so the list_name must only contain an access-list and not
a list_dot_rule value.

Example
The following example places the access-list "ACL1.ace3" before "ACL1.ace1":
# configure policy access-list rule-precedence ACL1.ace3 before ACL1.ace1

History
This command was first available in ExtremeXOS 30.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy autoclear

configure policy autoclear {interval interval}

Description
Sets the interval at which the switch automatically clears rule usage statistics.

Syntax Description
autoclear Designates setting the parameters for auto-clearing the
policy rule usage statistics.
interval Designates setting the interval when the switch
automatically clears rule usage. Default is 0 (statistics are
not automatically cleared).
interval Sets the value for the interval in minutes when the switch
automatically clears rule usage. Range is 0 to 65,535.

1162 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
By default, the autoclear interval is 0, which means that statistics are not
automatically cleared.

Usage Guidelines
If you have configured Syslog and/or trap actions to notify you when a
policy rule is used by using the following command: configure policy
rule profile_index [{app-signature group group name name} | ether
ether | icmp6type icmp6type | icmptype icmptype | ip6dest ip6dest |
ipdestsocket ipdestsocket | ipfrag | ipproto ipproto | ipsourcesocket
ipsourcesocket | iptos iptos | ipttl ipttl | macdest macdest | macsource
macsource | port port | tcpdestportIP tcpdestportIP | tcpsourceportIP
tcpsourceportIP | udpdestportIP udpdestportIP | udpsourceportIP
udpsourceportIP ] {mask mask } {port-string [ port_string | all]}
{storage-type [non-volatile | volatile]} {drop | forward} {syslog
syslog} {trap trap} {cos cos } {mirror-destination control_index}
{clear-mirror} , this command allows you to set the interval when these statistics
will be cleared.

To view the auto-clear interval, use the following command:

show policy autoclear interval

Example
The following example sets the interval for automatically clearing rule usage statistics
to 1 minute:
# configure policy autoclear interval 1

History
This command was available in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy app-signature group name pattern

configure policy app-signature group group name name [add | delete]
pattern_list

Description
Configures a user-defined policy application signature.

Switch Engine™ Command Reference Guide for version 32.7.1 1163

Syntax Description Commands

Syntax Description
app-signature Configures application signature specific settings.
group Configures application signature group-specific settings.
group Specifies the group name.
name Configures application signature display name-specific
settings.
name Specifies the display name assigned to the application
signature. Maximum of 32 characters. To see name
choices, use the show policy app-signature group
{group {name name}} {built-in | custom {detail} |
detail} command.
add Adds patterns to the display name.
delete Removes patterns from the display name.
pattern_list Specifies a list of strings enclosed in quotes used to identify
the application, each separated by a space. Maximum of
255 characters.

Default
N/A.

Usage Guidelines
The application signature groups are built-in and additional ones cannot be created.
There are built-in values for application signature names, which cannot be modified or
deleted.

Example
The following example for the group name "E-commerce" and application signature
name "Warehouse" adds the patterns "bjs.com", "costco.com", and "samsclub.com":
# configure policy app-signature group "E-commerce" name Warehouse add "bjs.com
costco.com samsclub.com"

History
This command was first available in ExtremeXOS 30.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy app-signature minimum-ttl

configure policy app-signature minimum-ttl [none | 1 | 5 | 10]

1164 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures a minimum time-to-live (TTL) value for Layer 7 policy/application signature.

Syntax Description
app-signature Specifies configuring application signature settings.
minimum-ttl Specifies setting override to low DNS-reply TTL values with
a minimum value. The default is none, which specifies not
overriding the TTL values.
none Specifies not overriding DNS-reply TTL values (default).
1 Specifies a minimum TTL of 1 minute.
5 Specifies a minimum TTL of 5 minutes.
10 Specifies a minimum TTL of 10 minutes.

Default
By default, the DNS-reply TTL values are not overridden (none).

Usage Guidelines
To view the TTL minimum value set by this command, use the show policy app-
signature command.

Example
The following example sets a minimum TTL of 5 minutes:
# configure policy app-signature minimum-ttl 5

History
This command was first available in ExtremeXOS 30.5.

Limitations
The ExtremeSwitching 5520 series switch does not support Layer 7 policy (DNS).

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy captive-portal

configure policy captive-portal web-redirect redirect_index server
server_id {url redirect_url} {status}

Switch Engine™ Command Reference Guide for version 32.7.1 1165

Description Commands

Description
This command configures a captive portal server’s HTTP redirect URL and its status.

Syntax Description
web-redirect Configures web-redirect.
redirect_index Configures a web redirect index (range = 1–10).
server Configures a server for the web redirect index.
server_id Sets the server ID to use ( range = 1–2).
url Configures captive portal server absolute URL.
redirect_url Sets HTTP/HTTPS URL that users are redirected to
http(s)://<IPv4Address or Hostname>:<L4Port>/
<Path>
Where IPV4Address or Hostname is the IPv4 address or
hostname of the captive portal server (DNS server needs to
be configured on the device).
L4Port by default is 80. Should be provided with the value
on which the captive portal web-server is running.
status Captive portal server status: "enable" or "disable" (default is
disable).

Default
By default, captive portal server status is disabled.

Example
The following example configures and enables the URL for a particular captive portal
server (index 2) in web-redirect (index 1):
configure policy captive-portal web-redirect 1 server 2 url http://192.168.1.1:80/static/
index.jsp enable

History
This command was first available in ExtremeXOS 22.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy captive-portal listening

configure policy captive-portal listening socket_list

1166 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
This command configures which L4 listening ports (sockets) are redirected when a
captive portal web-redirect is defined on a policy profile.

Syntax Description
listening Configures captive portal HTTP listening ports (up to three
L4 ports).
socket_list List of L4 ports on which to listen (1–65,535) separated by
commas (for example: 80,8080,2000).

Default
N/A

Usage Guidelines
You can configure a maximum of three L4 listening ports.

Example
The following example configures two L4 listening ports 80 and 8080 to be redirected
by captive portal:
configure policy captive-portal listening 80,8080

The following example add one more L4 listening port 2000:

configure policy captive-portal listening 2000

The following example tries to apply a fourth listening port 5000. This fails because you
can only have three listening ports configured:

configure policy captive-portal listening 5000

ERROR: Unable to add 5000. Only 0 remaining socket(s) available.

History
This command was first available in ExtremeXOS 22.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy captive-portal rule-use

configure policy captive-portal rule-use [reserved | unreserved]

Switch Engine™ Command Reference Guide for version 32.7.1 1167

Description Commands

Description
Configures whether or not captive portal ACL rules are programmed within the
reserved space for ONEPolicy.

Syntax Description
captive-portal Configures captive portal elements.
rule-use Configures captive portal rule use.
reserved Configures captive portal to program rules in the space
reserved by resource-profile configuration at the expense
of IPv4 group rules.
unreserved Configures captive portal to program rules outside the
space reserved by resource-profile configuration (default).

Default
By default, captive portal rules are programmed outside of the reserved space for
ONEPolicy.

Usage Guidelines
If not specified to do otherwise, ONEPolicy programs its captive portal-related rules
outside of the reserved ACL rule space for ONEPolicy (unreserved). This results in
additional ACL slice usage. This command enables you to specify that these rules are
programmed within the already reserved ACL rule space at the expense of IPv4 rule
capacity (reserved).

To view the selection for this command, use the show policy captive-portal {web-
redirect {redirect_index | all} | listening | rule-use} command with the
rule-use option.

Example
The following example confines captive portal ACL rules to the reserved space for
ONEPolicy:
# configure policy captive-portal rule-use reserved

History
This command was first available in ExtremeXOS 30.4.

Platform Availability
This command is available on all Universal switches supported in this document.

1168 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure policy convergence-endpoint

configure policy convergence-endpoint

configure policy convergence-endpoint [enable | disable]

Description
This command globally enables or disables Convergence End Point (CEP) for
ONEPolicy.

Syntax Description
enable Enables CEP for ONEPolicy.
disable Disables CEP for ONEPolicy.

Default
By default CEP is disabled.

Usage Guidelines
This feature requires that ONEPolicy is enabled on the switch (see enable policy on
page 2379).

Example
The following example enables CEP on the switch:
# configure policy convergence-endpoint enable

History
This command was first available in ExtremeXOS 22.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy convergence-endpoint clear

configure policy convergence-endpoint clear ports [port_list | all]

Description
This command clears all existing Convergence End Point (CEP) connections per port.

Switch Engine™ Command Reference Guide for version 32.7.1 1169

Syntax Description Commands

Syntax Description
ports Specify ports to configure.
port_list Designates which ports to clear CEP connections from.

Default
N/A

Example
The following example clears CEP connections from port 3:
# configure policy convergence-endpoint clear ports 3

History
This command was first available in ExtremeXOS 22.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy convergence-endpoint index

configure policy convergence-endpoint index index [cisco | lldp-med]

Description
This command sets a global default policy index for a Convergence End Point (CEP)
detection type. This policy is applied when a phone of the specified type is detected on
a port.

Syntax Description
index The policy index to apply. Use 0 to clear an index.

Note: After CEP devices are mapped to a profile, changing

the index value to "0" or to some other policy profile name,
the existing CEP connections are still be mapped to the old
profile that was configured initially when the CEP devices
were detected. To force a refresh of existing detected
devices, disable, and then enable, CEP (see configure policy
convergence-endpoint on page 1169) or disable, and then
enable, the port(s) (see disable port on page 2040 and
enable port on page 2380).

cisco Specifies Cisco type CEP.

lldp-med Specifies LLDP-MED type CEP.

1170 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A

Usage Guidelines
The corresponding policy must be configured using the policy management
commands (for example, configure policy profile on page 1174).

Example
The following example applies as default the policy associated with index number "12"
to Cisco type CEPs.
# configure policy convergence-endpoint index 12 cisco

History
This command was first available in ExtremeXOS 22.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy convergence-endpoint ports

configure policy convergence-endpoint ports [<port_list> | all] [cisco |
lldp-med] [enable | disable]

Description
This command enables or disables a Convergence End Point (CEP) detection type on
one or more ports.

Syntax Description
port_list Specifies ports to configure for CEP detection.
all Specifies that all ports are configured for CEP detection.
cisco Selects Cisco type of CEP detection.
lldp-med Selects LLDP-MED type of CEP detection.
enable Enables CEP for the provided type.
disable Disables CEP for the provided type.

Default
By default, CEP detection is disabled on all ports for all types.

Switch Engine™ Command Reference Guide for version 32.7.1 1171

Usage Guidelines Commands

Usage Guidelines
This feature requires that ONEPolicy is enabled on the switch (see enable policy on
page 2379).

Example
The following example configures CEP detection for Cisco type on port 3:
# configure policy convergence-endpoint ports 3 cisco enable

History
This command was first available in ExtremeXOS 22.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy invalid action

configure policy invalid action [default-policy | drop | forward]

Description
This command configures what action is taken for an invalid policy.

Syntax Description
default-policy Ignore the result and search for the next policy assignment
rule.
drop Block traffic.
forward Forward traffic as if no policy has been assigned via
802.1D/Q rules.

Default
None.

Example
This example shows how to assign a drop action to invalid policies:
# configure policy invalid action drop

History
This command was first available in ExtremeXOS 16.1.

1172 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy maptable

configure policy maptable [response [tunnel | policy | both] | vlan_list
profile_index]

Description
Use this command to add entries to the mapping table and to set the map table
response state for the switch.

Syntax Description
vlan_list VLAN ID or range of IDs (1–4,094)
profile_index Policy ID (1–63).
response Indicates which attributes to use from RADIUS response.
tunnel Applies the VLAN-tunnel attribute. VLAN/NSI mappings
from RADIUS are used if present. Mappings in policy profile
are ignored.
policy Applies the policy specified in the filter-ID. VLAN/NSI
mappings from policy profile are used if present. Mappings
in RADIUS response are ignored.
both An enhanced policy option that applies either all the filter-
ID and VLAN tunnel attributes or the policy depending
upon whether one or both are present.
VLAN/NSI mappings from either RADIUS or policy profile
may be used. Mappings in RADIUS response have a
higher precedence over policy profile when both contain
mappings.

Default
N/A.

Usage Guidelines
The policy response is the default response for the configure policy maptable
command.

Example
This example adds an entry to the map table that maps VLAN 3 to policy profile 8:
configure policy maptable 3 8

Switch Engine™ Command Reference Guide for version 32.7.1 1173

History Commands

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy port

configure policy port ports admin-id admin_id

Description
This command assigns an administrative rule to a port.

Syntax Description
ports Port string
admin-id Policy ID
admin_id Policy ID (1-63).

Default
N/A.

Usage Guidelines
Use this command to assign an administrative rule to a port.

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy profile

configure policy profile profile_index {name name} {pvid pvid} {pvid-
status pvid_status} {cos cos} {cos-status cos_status} {egress-
vlans egress_vlan_list}{forbidden-vlans forbidden_vlans} {untagged-
vlans untagged_vlans} {append | clear} {tci-overwrite tci_overwrite}
{precedence [precedence | default]} {auth-override auth_override}
{nsi [nsi | none]} {web-redirect web_redir_index} {access-list
[unassigned | list_name | list_name_placeholder]}

1174 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Creates a policy profile entry.

Syntax Description
profile_index Policy ID (1-63).
name Policy profile name.
name Profile name string 1-64 characters.
pvid-status PVID status (enable/disable).
pvid PVID value (0-4,095). Default is 1, which specifies Default
VLAN.
cos-status CoS status (enable/disable).
cos Class of Service value (0-22).
egress-vlans Egress VLAN list (1-4094).
forbidden-vlan Forbidden VLAN list (1–4,094).
untagged-vlans Untagged VLAN list (1-4,094).
append Append to one of Egress, Forbidden, Untagged VLAN list.
clear Clear from one of Egress, Forbidden, Untagged VLAN list.
tci_overwrite TCI-overwrite status (enable/disable).

Note: The ExtremeSwitching 5520 platform does not

support TCI-overwrite.

Note: With tci-overwrite disabled, you can only add a VLAN

to incoming packets that are untagged or priority tagged
(priority set, but vlan=0).

auth-override Configures authentication override using a port profile

attribute. No further authentication occurs on the port if
enabled.
auth_override Authentication override status: "enable" or "disable".
Default is disabled.
precedence Specifies setting the policy classification rule precedence.

Note: You cannot set a precedence if the rule model is set

for ACL Style Policy (access-list). To set the rule model, use
the command configure policy rule-model [access-
list | hierarchical].

precedence Sets the rule precedence (for example: 1–2, 10, 12–18, 20–23,
25, 31).
To see the supported rules, use show policy profile
{all | profile_index} {detail} .
default Sets the default rule precedence, rather than a custom one
(1–2, 10, 12–19, 23, 20–22, 25, 31).

Switch Engine™ Command Reference Guide for version 32.7.1 1175

Default Commands

web-redirect Configures web-redirect.

web_redir_index Configures a web redirect index (range = 1–10). Default is 0,
which is disabled.
nsi Network Service Identifier. For Fabric Attach and VXLAN
(VNI = NSI), provides a mechanism to apply the VLAN/NSI
mappings in policy using a profile-based attribute.
nsi NSI 24-bit value ranging from 1 to 16,777,215.
none No NSI for the VLAN (default).
access-list Designates assigning an access list to this profile.
unassigned Removes an assigned access list (default).
list_name Selects the access list name to assign to this profile. Type
the access-list name as shown in the provided list.
list_name_placeholder Allows you to provide an access-list name that does not
currently exist to assign to this profile.

Default
If optional parameters are not specified, none are applied.

Web direct is disabled by default.

The default for NSI is none.

If no PVID value is given, the default is 1 (Default VLAN).

If you do not set a policy classification rule precedence, the default order is used (1–2, 10,
12–19, 23, 20–22, 25, 31).

By default, not access list is assigned to a profile.

Usage Guidelines
Use this command to create a policy profile entry.

Example
This example shows how to create a policy profile 1 named "netadmin" with PVID
override enabled for PVID 10, and Class-of-Service override enabled for CoS 5. This
profile can use VLAN 10 for untagged egress:
# configure policy profile 1 name netadmin pvid-status enable pvid 10 cos-status enable
cos 5 untagged-vlans 10

History
This command was first available in ExtremeXOS 16.1.

The authentication override parameter was added in ExtremeXOS 22.2.

1176 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

The NSI keyword was added in ExtremeXOS 22.5.

Policy classification rule precedence re-ordering was added in ExtremeXOS 30.2.

Access list capability was added in ExtremeXOS 30.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy resource-profile

configure policy resource-profile [default |less-acl [more-ipv4 | more-
ipv4-no-ipv6 | more-ipv4-no-l2 |more-ipv4-no-mac-no-ipv6] | more-
ipv4-no-mac-no-ipv6-no-l2 | more-ipv4-no-ipv6 | more-ipv4-no-mac-no-
ipv6 | more-mac-no-ipv6] {profile-modifier [{no-mac no_mac} {no-ipv4
no_ipv4} {no-ipv6 no_ipv6} {no-l2 no_l2}]}

Description
Configures a profile that controls the policy rule resources available for MAC/IPv4/
IPv6/L2.

Syntax Description
default Configure a profile with the default settings.
less-acl Configure a profile that removes some access list resources
to be used for rules.
more-ipv4 Configure a profile that adds IPv4 rules.
more-ipv4-no-ipv6 Configure a profile that adds IPv4 rules at the expense of
IPv6 rules.
more-ipv4-no-l2 Configure a profile that adds IPv4 rules at the expense
of L2 rules. L2 ether rules are accounted for in the first
available space from IPv4, IPv6, or MAC group.
more-ipv4-no-mac-no- Configure a profile that adds IPv4 rules at the expense of
ipv6 MAC and IPv6 rules
more-ipv4-no-mac-no- Configure a profile that adds IPv4 rules at the expense of
ipv6-no-l2 MAC, IPv6, and L2 rules. L2 ether rules are accounted for in
the IPv4 group.
more-mac-no-ipv6 Configure a profile that adds MAC rules at the expense of
IPv6 rules.
profile-modifier Specifies modifying the current profile settings.
no-mac Specifies modifying the current profile, which removes all
MAC rules.
no_mac Specifies removing all MAC rules: "enable" or "disable"
(default is disabled).

Switch Engine™ Command Reference Guide for version 32.7.1 1177

Default Commands

no-ipv4 Specifies modifying the current profile, which removes all

IPv4 rules.
no_ipv4 Specifies removing all IPv4 rules: "enable" or "disable"
(default is disabled).
no-ipv6 Specifies modifying the current profile, which removes all
IPv6 rules.
no_ipv6 Specifies removing all IPv6 rules: "enable" or "disable"
(default is disabled).
no-l2 Modify the current profile that removes all L2 rules. L2
ether rules are accounted for in the first available space
from IPv4, IPv6, or MAC group.
no_l2 Modifier that removes all L2 rules: enable or disable
(default is disabled).

Default
By default, the profile modifier is none.

By default, the profile modifier no-l2 is disabled.

Usage Guidelines
You cannot configure the system to use a new resource profiles while policy is enabled.
You must disable policy first.

You cannot configure the system to use a new resource-profile where the profile does
not fit with existing defined rules. An error message similar to the following appears:
Current IPv6 rule usage 1 is higher than max value 0 supplied by profile more-mac-no-ipv6

Example
The following example configures the system to use the resource settings of more-
ipv4-no-ipv6:
configure policy resource-profile more-ipv4-no-ipv6

History
This command was first available in ExtremeXOS 22.1.

Profile modification ability was added in ExtremeXOS 22.4.

The profiles more-ipv4-no-mac-no-ipv6 and less-acl-more-ipv4-no-mac-no-ipv6

were added in ExtremeXOS 22.4.

The profiles more-ipv4-no-l2 and more-ipv4-no-mac-no-ipv6-no-l2, and profile

modifier no-l2 were added in ExtremeXOS 30.2.

1178 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy rule

configure policy rule profile_index [{app-signature group group name
name} | ether ether | icmp6type icmp6type | icmptype icmptype |
ip6dest ip6dest |ipdestsocket ipdestsocket | ipfrag | ipproto ipproto
| ipsourcesocket ipsourcesocket | iptos iptos | ipttl ipttl |
macdest macdest | macsource macsource | port port | tcpdestportIP
tcpdestportIP | tcpsourceportIP tcpsourceportIP | udpdestportIP
udpdestportIP | udpsourceportIP udpsourceportIP ] {mask mask } {port-
string [ port_string | all]} {storage-type [non-volatile | volatile]}
{drop | forward} {syslog syslog} {trap trap} {cos cos } {mirror-
destination control_index} {clear-mirror}

Description
Use this command to assign incoming untagged frames to a specific policy profile and
to VLAN or CoS classification rules.

Syntax Description
port Port string.
port Port string - (data: 1; mask: 16).
app-signature Associates an application signature to a policy profile.
group Associates an application signature group to a policy
profile
group Specifies the group name.
name Associates an application signature name to a policy
profile.
name Specifies the display name assigned to the application
signature. Maximum of 32 characters. To see name
choices, use the show policy app-signature group
{group {name name}} {built-in | custom {detail} |
detail} command.
macsource MAC source address.
macsource MAC source address - (data: a-b-c-d-e-f; mask: 1-48).
macdest MAC destination address.
macdest MAC destination address - (data: a-b-c-d-e-f; mask: 1-48).
ip6dest IPv6 address.
ip6dest IPv6 address (data: aaaa::bbbb; mask 1-128).
ipsourcesocket Source IP address / Source IpSocket.

Switch Engine™ Command Reference Guide for version 32.7.1 1179

Syntax Description Commands

ipsourcesocket Source IP address (data: a.b.c.d[:ab (0-65535)[-cd (0-65535)]];

mask: 1-48, 64).
ipdestsocket Destination IP address / Destination IpSocket.
ipdestsocket Destination IP address (data: a.b.c.d[:ab (0-65535) [-cd
(0-65535)]]; mask: 1-48,64).
ipfrag IP fragmentation flag.
tcpdestportIP TCP port dst with optional post-fix IPv4 address.
tcpdestportIP TCP port dst with optional post-fix IPv4 address - (data:
ab[-cd][:c.d.e.f]); mask: 1-64).
udpdestportIP UDP port dst with optional post-fix IPv4 address.
udpdestportIP UDP port dst with optional post-fix IPv4 address - (data:
ab[-cd][:c.d.e.f]); mask: 1-64.
tcpsourceportIP TCP port src with optional post-fix IPv4 address.
tcpsourceportIP TCP port src with optional post-fix IPv4 address - (data:
ab[-cd][:c.d.e.f]); mask: 1-64.
udpsourceportIP UDP port src with optional post-fix IPv4 address.
udpsourceportIP UDP port src with optional post-fix IPv4 address - (data:
ab[-cd][:c.d.e.f]); mask: 1-64.
ipttl IP time to live.
ipttl ipttl IP time to live (data: 0-255 or 0x0-0xFF; mask:1-8).
iptos IPv4 type of service / IPv6 traffic class field.
iptos ipproto Protocol field in IP packet - (data: 0-255 or
0x0-0xFF; mask: 1-8).
ipproto Protocol field in IP packet.
ipproto Protocol field in IP packet - (data: 0-255 or 0-0xFF; mask:
1-8).
ether Type field in Ethernet II packet.
ether Type field in Ethernet II packet - (data: 0-65535 or
0x0-0xFFFF; mask: 1-16).
icmp6type Specifies type code in ICMPv6 packet.
icmp6type ICMPv6 type code [(data: 123.456 (dotted-decimal) or AB-
CD (dashed-hexadecimal)] mask: 1–16).
icmptype Specifies type code in ICMP packet.
icmptype ICMP type code (data: a.b; mask: 1–16).
cos Class of Service [0–255] or -1 for no CoS or forwarding
behavior modification is desired
cos Class of Service [0–255] or -1 for no CoS or forwarding
behavior modification is desired.
mirror-destination Specifies selecting a mirror destination control index.
mirror-destination Selects the mirror destination control index. Range is 1 to 4.
clear-mirror Clears mirroring on this rule.

1180 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

syslog Specifies setting a Syslog action when rule is used.

syslog Enable/disable/prohibit Syslog using event
Policy.LogRuleHit on first rule use.
By default, a Syslog entry only occurs on the first use
of the rule. You can change this using the configure
policy syslog [machine-readable machine_readable
| extended-format extended_format | every-time
every_time] command.
trap Specifies setting a trap action when rule is first used.
trap Enable/disable/prohibit trap on first rule use.

Default
• If mask is not specified, all data bits are considered relevant.
• If port-string is not specified, rule is scoped to all ports.
• By default, a Syslog or trap entry only occurs on the first use of the rule.

Usage Guidelines
Classification rules are automatically enabled when created.

Example
This example shows how to create (and enable) a classification rule to associate with
policy number 1. This rule will drop Ethernet II Type 1526 frames:
# configure policy rule 1 ether 1526 drop
This example shows how to create (and enable) a classification rule to associate with
policy profile number 5. This rule specifies that UDP frames from source port 45 will be
forwarded:
# configure policy rule 5 udpsourceportip 45 forward forward

The following example associates the application signature with group "Storage and
name "mike1" to policy rule "2" to block traffic:
# configure policy rule 2 app-signature group "Storage" name "mike1" drop

History
This command was first available in ExtremeXOS 16.1.

ICMP and ICMPv6 rule types added in ExtremeXOS 22.5.

Applying mirrors to policies and Syslog/trap actions on rule use was added in
ExtremeXOS 30.2.

Application signature capability was added in ExtremeXOS 30.4.

Switch Engine™ Command Reference Guide for version 32.7.1 1181

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy rule admin-profile

configure policy rule admin-profile [ macsource macsource | port port ]
{mask mask } {port-string [port_string | all] } {storage-type [non-
volatile | volatile]} {admin-pid admin_pid }

Description
Use this command to assign incoming untagged frames to a specific policy profile and
to VLAN or Class-of-Service classification rules.

Syntax Description
admin-profile Policy ID of 0.
macsource MAC source address.
macsource MAC source address - (data: a-b-c-d-e-f; mask: 1-48).
port Port string.
port Port string - (data: 1; mask: 16).
mask Number of most significant bits to match data value (rule-
meaning)
mask Number of most significant bits to match data value (rule-
meaning). Range: 1 - 144.
port-string Rule port scope.
port-string Rule port scope.
all Scope to all ports.
storage-type Storage type of this rule.
non-volatile This entry shall be added to non-volatile storage.
volatile This entry shall be removed from volatile storage.
admin-pid Policy ID (1-63).
admin-pid Policy ID (1-63).

Default
• If mask is not specified, all data bits will be considered relevant.
• If port-string is not specified, rule will be scoped to all ports.

Usage Guidelines
Classification rules are automatically enabled when created.

1182 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
This example shows how to configure classification rule 2 as an administrative profile
and assign it to ingress port 1:1:
configure policy rule admin-profile port 1:1 port-string 1:1 admin-pid 2

History
This command was first available in ExtremeXOS release 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy rule-model

configure policy rule-model [access-list | hierarchical]

Description
Selects the rule model type for configuring policy rules.

Syntax Description
rule-model Selects a rule model for configuring and ordering policy-
based rules.
access-list Selects access-list rule model, which allows multiple match
criteria per rule along with assignable rule ordering within
an access-list.
hierarchical Selects hierarchical rule model, which allows one match
criteria per rule and uses the rule type to assign its
precedence (default).

Default
The factory default for rule model is hierarchical.

However, if you are upgrading to ExtremeXOS 30.5 or later, and the switch has an
existing policy rules configuration, then the rule model remains hierarchical.

Usage Guidelines
To configure rule models, policy must be disabled.

If you change rule models, the configuration of the other rule model is deleted.

Switch Engine™ Command Reference Guide for version 32.7.1 1183

Example Commands

Example
The following example sets the rule model to hierarchical:
# configure policy rule-model hierarchical

History
This command was first available in ExtremeXOS 30.5.

The default rule model was changed from "access list" to "hierarchical" in ExtremeXOS
30.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy slices shared

configure policy slices shared [{ shared } { l7GuaranteedPercentage
l7GuaranteedPercentage } { dynAclGuaranteedPercentage
dynAclGuaranteedPercentage}]

Description
Configures the number of slices used by shared features, such as Layer 7 policy and
dynamic ACL.

Syntax Description
slices Configures look-up stage TCAM resources.
shared Designates setting the shared lookup stage TCAM
resources.
shared Sets the shared slice value (range is 0–4).
l7GuaranteedPercentag Designates setting the percentage of shared slice that
e Layer 7 is guaranteed.
l7GuaranteedPercentag Specifies the guaranteed Layer 7 percentage value (range
e is 0–100).
dynAclGuaranteedPerce Designates setting the percentage of shared slice that is
ntage dynamic ACL guaranteed.
dynAclGuaranteedPerce Specifies the guaranteed dynamic ACL percentage value
ntage (range is 0–100).

Default
N/A.

1184 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
To make changes using this command, you must first disable policy (disable policy).

To view selections made by this command, use the show policy slices command.

Example
The following example configures policy to use 2 slices for shared features and allocate
a guaranteed 40% to Layer 7 and 40% to dynamic ACLs:
# configure policy slices shared 2 l7GuaranteedPercentage 40 dynAclGuaranteedPercentage 40

History
This command was first available in ExtremeXOS 30.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy slices tci-overwrite

configure policy slices {shared shared} {tci-overwrite slices}

Description
Configures the number of slices used by a profile in the look-up stage TCAM resources.

Syntax Description
slices Configures look-up stage TCAM resources.
tci-overwrite Configures look-up Stage TCAM resources used by profile
with tci-overwrite enabled.
slices Specifies the number of slices between 0 and 4. The
default is 4.
shared Configures look-up stage TCAM resources.
shared Specifies the shared slice value (0–4).

Default
By default, the number of slices is 4.

Usage Guidelines
This command only runs if policy is disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1185

Example Commands

This command enables you to allocate only the slice resources necessary and allow
the rest to be used outside of policy. In a stack with slots having differing VCAP slice
depths, each slot has the number of rules available as follows: numSlices * (VCAP
slice depth)).

Example
The following example configures policy to use 3 slices with tci-overwrite enabled:
# configure policy slices tci-overwrite 3

History
This command was first available in ExtremeXOS 30.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy syslog

configure policy syslog [machine-readable machine_readable | extended-
format extended_format | every-time every_time]

Description
Sets Syslog parameters for policy rules.

Syntax Description
syslog Sets Syslog parameters for policy rules.
machine-readable Sets whether hexadecimal or decimal format is used for
Syslog messages.
machine_readable Sets whether hexadecimal or decimal format is used for
Syslog messages: "enable" (= hexadecimal) or "disable" (=
decimal). Default is disabled (decimal).
extended-format Sets whether extended format is used for Syslog messages.
extended_format Sets whether extended format is used for Syslog messages:
"enable" (= extended) or "disable" (= not extended). Default
is disabled (not extended).
every-time Sets whether Syslog messages are sent every time a rule is
used (not just first time).
every_time Sets whether Syslog messages are sent every time a rule
is used (not just first time): "disable" or "enable". Default is
disabled.

1186 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
By default, Syslog messages are only sent on first use of a rule.

By default, extended-format and machine-readable are disabled (not extended and in

decimal format).

Usage Guidelines
This command allows you to set parameters for Syslog messages that are sent
when a policy rule is used when set up in the command configure policy
rule profile_index [{app-signature group group name name} | ether
ether | icmp6type icmp6type | icmptype icmptype | ip6dest ip6dest |
ipdestsocket ipdestsocket | ipfrag | ipproto ipproto | ipsourcesocket
ipsourcesocket | iptos iptos | ipttl ipttl | macdest macdest | macsource
macsource | port port | tcpdestportIP tcpdestportIP | tcpsourceportIP
tcpsourceportIP | udpdestportIP udpdestportIP | udpsourceportIP
udpsourceportIP ] {mask mask } {port-string [ port_string | all]}
{storage-type [non-volatile | volatile]} {drop | forward} {syslog
syslog} {trap trap} {cos cos } {mirror-destination control_index}
{clear-mirror} .

When Syslog messages are configured to be sent every time a rule is used, messages
are sent at a maximum rate of once every five seconds.

To view the parameters configured by this command, use the command show policy
syslog {machine-readable} {extended-format} {every-time}.

Example
The following example sets Syslog messages to be sent every time a rule is used:
#configure policy syslog every-time enable

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy vlanauthorization

configure policy vlanauthorization [enable | disable]

Description
This command enables or disables the configuration of VLAN Authorization-specific
settings.

Switch Engine™ Command Reference Guide for version 32.7.1 1187

Syntax Description Commands

Syntax Description
enable Enable VLAN Authorization.
disable Disable VLAN Authorization

Default
N/A.

Usage Guidelines
None.

Example
This example shows how to enable VLAN Authorization:
# configure policy vlanauthorization enable

History
This command was first available in ExtremeXOS 16.1

Platform Availability
This command is available on all Universal switches supported in this document.

configure policy vlanauthorization port

configure policy vlanauthorization port [ port_list | all ] [{enable |
disable} {tagged | untagged } ]

Description
This command configures VLAN Authorization for a port, port list, or all ports.

Syntax Description
port_list List of ports to configure.
all Configure all ports.
enable Enable VLAN Authorization on port.
disable Disable VLAN Authorization on port.
tagged Add port to egress of the VLAN-ID returned.
untagged Add port to the untagged egress of the VLAN-ID returned.

1188 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
None.

Example
This example shows how to enable VLAN Authorization for port 1:1 for tagged packets:
# configure policy vlanauthorization port 1:1 enable tagged

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure port description-string

configure ports port_list description-string string

Description
Configures a description string setting up to 255 characters.

Syntax Description
port_list Specifies one or more ports or slots and ports.
string Specifies a port description of up to 255 characters per port. You
cannot use the following characters: ‘ “ ‘, “<”, “>”, “:”, “<space>”, “&”

Default
None.

Usage Guidelines
Use this command to configure a port description of up to 255 characters per port.

In case that user configures a string longer than 64 chars, the following warning will be
displayed:

Switch Engine™ Command Reference Guide for version 32.7.1 1189

Example Commands

Port description strings longer than 64 chars are only accessible

through SNMP if the following command is issued: configure snmp ifmib
ifalias size extended

Some characters are not permitted as they have special meanings. These are: ‘ “ ‘, “<”,
“>”, “:”, “<space>”, “&”. The first character should be alphanumeric. This new field is CLI
accessible only via “show port info detail” but is also accessible via the SNMP ifAlias
object of IfXTable from IF-MIB (RFC 2233) and the XML API. In order to access the value
via SNMP the following command should be issued: configure snmp ifmib ifalias
size extended.

Example
The following command configures the port:
configure ports 1:3 description-string CorporatePort_123

History
This command was available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure port ethertype

configure port port_list ethertype {primary | secondary}

Description
Assigns the primary or secondary ethertype value to the specified ports.

Syntax Description
port_list Specifies the list of ports to be configured.
primary Assigns the primary ethertype value to the specified ports.
secondary Assigns the secondary ethertype value to the specified
ports.

Default
N/A.

Usage Guidelines
None.

1190 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example configures port 2:1 to use the secondary ethertype:
configure port 2:1 ethertype secondary

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure port reflective-relay

configure port port reflective-relay [on | off]

Description
Enables the direct attach feature on the specified port.

Syntax Description
port Specifies a single port on which to enable the direct attach
feature.

Default
Off.

Usage Guidelines
You should only enable the direct attach feature on ports that directly connect to a VM
server running VEPA software.

This feature requires installation of the Direct Attach feature pack. For more
information, see the Switch Engine 32.7.1 Feature License Requirements document..

Example
The following command enables the direct attach feature on port 2:1:
# configure port 2:1 reflective-relay on

History
This command was first available in ExtremeXOS 12.5.

Switch Engine™ Command Reference Guide for version 32.7.1 1191

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure port shared-packet-buffer

configure port port_list shared-packet-buffer [percent | default]

Description
Configures the maximum amount of the shared packet buffer to be used by the
specified ports.

Syntax Description
port_list Specifies a list of ports or slots and ports.
percent Specifies the maximum portion of the shared packet buffer to
allot. The range is 0 to 100 percent.

Note
On some platforms, the hardware provides a limited number of settings. In
these cases, ranges of percentage values achieve the same setting.

Note
You can view the configured percentage value using the show ports port-
list info detail command.

Note
You can view the effect of this command using the show ports port-list
buffer command.

Default
None.

Usage Guidelines
It is possible to overcommit the shared packet buffer using this command.

Example
The following command sets the shared packet buffer for port 1:1 to 50%:

configure port 1:1 shared-packet-buffer 50

1192 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports
configure ports {group} port_group [[ add | delete ] port_list ]

Description
Creates or deletes a generic port-group name that can be associated with a list of ports.

Syntax Description
group Named list of ports.
port_group Port group name.
add Add ports to port group.
delete Delete ports from port group.
port_list Specifies a port list.

Default
N/A.

Usage Guidelines
Use this command to add or delete a generic port-group name to a list of ports.

Note
Because port-groups may be configured for multiple applications, no check
is done other than that the values entered are ports. Individual applications
handle illegal actions on ports as necessary. QoS commands that use port
groups are updated automatically if the ports group is removed or if ports are
added or removed from the group.

Example
configure ports group testGroup add 1-5
configure ports testGroup delete 3

History
This command was first available in ExtremeXOS 16.1.

Switch Engine™ Command Reference Guide for version 32.7.1 1193

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports auto 1G-optics-in-10G-ports

configure ports auto 1G-optics-in-10G-ports [ on | off ]

Description
Configures the default 1 Gbps auto-negotiation mode to enabled or disabled (the
default) when 1 Gbps optics are inserted in 10 Gbps ports.

Syntax Description
on Specifies that the default 1 Gbps auto-negation mode is
enabled.
off Specifies that the default 1 Gbps auto-negation mode is
disabled (default).

Default
N/A.

Usage Guidelines
Use this command to configure the default 1 Gbps auto-negotiation mode when 1
Gbps optics are inserted in 10 Gbps ports. The default mode was changed to off In
ExtremeXOS 31.4 for Universal switches, which can lead to interoperability issues with
older releases of Switch Engine and mixed deployments with ExtremeXOS and Switch
Engine devices, where 1 Gbps optics are inserted in 10 Gbps ports. The new default
auto-negotiation mode takes effect on 1 Gbps optics inserted in 10 Gbps ports after the
CLI command execution finishes.

Example
The following example sets the default auto-negotiation mode to on.
configure ports auto 1G-optics-in-10G-ports on

History
This command was first available in ExtremeXOS 32.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

1194 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure ports auto off

configure ports auto off

configure ports port_list {medium [copper | fiber]} auto off speed speed
duplex [half | full]

Description
Manually configures port speed and duplex setting configuration on one or more ports
on a switch.

Syntax Description
port_list Specifies one or more ports or slots and ports.
medium Specifies the medium as either copper or fiber. Note: This
parameter applies to combo ports..
speed Specifies the port speed as either 10, 100, 1,000 (1 Gigabit),
2,500 (2.5 Gigabit), 5,000 (5 Gigabit), 10,000 (10 Gigabit),
25,000 (25 Gibabit), 40,000 (40 Gigabit), 50,000 (50 Gigabit),
or 100,000 (100 Gigabit) Mbps ports.
duplex [half] Specifies half duplex; transmitting and receiving data one
direction at a time.
duplex [full] Specifies full duplex; transmitting and receiving data at the
same time.

Default
Auto on for 1G and 10G copper ports.

Auto off for 25G, 40G, 50G, and 100G ports.

Usage Guidelines
You can manually configure the duplex setting and the speed on 10/100 and
10/100/1000 Mbps and fiber SFP gigabit Ethernet ports.

In general, SFP gigabit Ethernet ports are statically set to 1 Gbps, and their speed
cannot be modified. However, there are SFPs supported by Extreme Networks that can
have a configured speed:
• 100 FX SFPs, which must have their speed configured to 100 Mbps.
• 100FX/1000LX SFPs, which can be configured at either speed.
• SFP+ optics, must have their speed configured to 10G auto off.

In certain interoperability situations, it is necessary to turn autonegotiation off on a

fiber gigabit Ethernet port. Even though a gigabit Ethernet port runs only at full duplex
and gigabit speeds, the command that turns off autonegotiation must still include the
duplex setting.

Switch Engine™ Command Reference Guide for version 32.7.1 1195

Example Commands

Gigabit Ethernet ports support flow control only when autonegotiation is turned on.
When autonegotiation is turned off, flow control is not supported. For more detailed
information about flow control on Extreme Networks devices, see the Switch Engine
32.7.1 User Guide.

When configuring combination ports you can specify the medium as copper or fiber.
If the medium is not specified for combination ports then the configuration is applied
to the current primary medium. The current primary medium is displayed in the Media
Primary column of the show ports configuration command output.

Note
The keyword medium is used to select the configuration medium for
combination ports. If the port_list contains any non-combination ports, the
command is rejected.
When upgrading a switch running ExtremeXOS 12.3 or earlier software to
ExtremeXOS 12.4 or later, saved configurations from combo ports (copper or
fiber) are applied only to combo ports fiber medium. When downgrading from
ExtremeXOS 12.4 or later to ExtremeXOS 12.3 or earlier, saved configurations
from combo ports (copper or fiber) are silently ignored. Therefore, you need to
reconfigure combo ports during such an upgrade or downgrade.

Example
The following example turns autonegotiation off for port 2 with copper medium and a
port speed of 100 Mbps at full duplex:
configure ports 2 medium copper auto off speed 100 duplex full

History
This command was first available in ExtremeXOS 10.1.

The medium parameter was added in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports auto on

configure ports port_list {medium [copper|fiber]} auto on {[{speed
speed} {duplex [half | full]}] | [{duplex [half | full]} {speed
speed}]}

Description
Enables autonegotiation for the particular port type.

1196 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
port_list Specifies one or more ports or slots and ports.
medium Specifies the medium as either copper or fiber. Note: This
parameter applies to combo ports.
speed Specifies the port speed as either 10, 100, 1,000 (1 Gigabit),
2,500 (2.5 Gigabit), 5,000 (5 Gigabit), 10,000 (10 Gigabit),
25,000 (25 Gibabit), 40,000 (40 Gigabit), 50,000 (50 Gigabit),
or 100,000 (100 Gigabit) Mbps ports.
duplex [half] Specifies half duplex; transmitting and receiving data one
direction at a time.
duplex [full] Specifies full duplex; transmitting and receiving data at the
same time.

Default
Auto on for 1G and 10G copper ports.

Auto off for 25G, 40G, 50G, and 100G ports.

Usage Guidelines
The type of ports enabled for autonegotiation are 802.3u for 10/100 Mbps ports or
802.3z for gigabit Ethernet ports.

Flow control on gigabit Ethernet ports is enabled or disabled as part of

autonegotiation. If autonegotiation is set to off, flow control is disabled. When
autonegotiation is turned on, flow control is enabled. See the Switch Engine 32.7.1 User
Guide for more detailed information on flow control on Extreme Networks devices.

When configuring combo ports you can specify the medium as copper or fiber. If the
medium is not specified for combination ports then the configuration is applied to
the current primary medium. The current primary medium is displayed in the Media
Primary column of the show ports configuration command output.

If there is a port configuration mismatch detected in the LAG, warning messages like
the following may display:

Switch Engine™ Command Reference Guide for version 32.7.1 1197

Example Commands

WARNING: Port 9 is a trunk member port. It is recommended that all member ports
configuration be consistent to avoid traffic imbalance across LAG members.

Note
The keyword medium is used to select the configuration medium for
combination ports. If the port_list contains any non-combination ports, the
command is rejected.
When upgrading a switch running ExtremeXOS 12.3 or earlier software to
ExtremeXOS 12.4 or later, saved configurations from combo ports (copper or
fiber) are applied only to combo ports fiber medium. When downgrading from
ExtremeXOS 12.4 or later to ExtremeXOS 12.3 or earlier, saved configurations
from combo ports (copper or fiber) are silently ignored. Therefore, you need to
reconfigure combo ports during such an upgrade or downgrade.
Version 32.2 supports a 2.5G connection between ExtremeSwitching X435
uplink ports and 5520-24X front panel ports This feature also supports
connecting a 5520-24X to another 5520-24X at 2.5G. Use of this feature requires
10G-SR-SFP300M-ET and 10G-LR-SFP10KM-ET 10G transceivers.

Note
For switches that do not support half-duplex (the ExtremeSwitching
5520-12MW-36W multi-rate ports), the copper switch ports must have auto
negotiation disabled and full duplex enabled when connecting 10/100/1000
Mbps devices that do not auto negotiate. If the switch attempts and fails
to auto negotiate with its partner, it will fail to link up. A non-negotiating
connected device must also be manually configured for full duplex or packet
loss and port errors will occur each time it detects a collision.

Note
1G auto negotiation is not supported in 5420-YE and 5420-XE ports.

Note
10G auto negotiation is supported in 5420 switches while using SFP+ passive
copper cables.

Note
2.5G support for X435 and 5520-24X is only available with auto negotiation
disabled.

Example
The following example configures the switch to auto negotiate for port 2, with copper
medium at a port speed of 100 Mbps at full duplex:
# configure ports 2 medium copper auto on speed 100 duplex full

History
This command was first available in ExtremeXOS 10.1.

1198 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

The speed and duplex parameters were added in ExtremeXOS 11.6.

The medium parameter was added in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports auto-polarity

configure ports port_list auto-polarity [on | off { mdi-mode [ default |
mdi | mdix]}]

Description
Configures the autopolarity detection feature on the specified Ethernet ports.

Syntax Description
port_list Specifies one or more ports on the switch.
on Enables the autopolarity detection feature on the specified
ports.
off Disables the autopolarity detection feature on the specified
ports.
mdi-mode Specifies to configure Medium-Dependent Interface (MDI)
mode for the port.
default Specifies to use the platform’s default MDI mode.
mdi Specifies to force straight-through or MDI mode for the
port.
mdix Specifies to force crossover or MDIX mode for the port.

Default
Enabled.

Usage Guidelines
This feature applies to only the 10/100 BASE-T ports, and copper medium on
combination ports.

When autopolarity is disabled and optionally a specific MDI mode is configured on one
or more Ethernet ports, you can verify the autopolarity status and the MDI mode by
using the following command:
# show ports information detail

Switch Engine™ Command Reference Guide for version 32.7.1 1199

Example Commands

Example
The following command disables the autopolarity detection feature on ports 5 to 7 on a
switch:
# configure ports 5-7 auto-polarity off

Example
The following command disables the autopolarity detection feature and sets crossover
or MDIX mode on ports 6 to 8 on a switch:
# configure ports 6-8 auto-polarity off mdi-mode mdix

History
This command was first available in ExtremeXOS 11.2.

The mdi-mode option was added in version 32.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports ddmi

configure ports [port_list | all] ddmi [on | off]

Description
Enables or disables Digital Diagnostic Monitoring Interface (DDMI).

Syntax Description
port_list Designates the ports to enable or disable DDMI on.
all Designates enabling or disabling DDMI on all ports.
ddmi Designates enabling or disabling DDMI on specified ports.
on Specifies enabling DDMI on the selected ports (default).
off Specifies disabling DDMI on the selected ports.

Default
By default, DDMI is enabled.

Usage Guidelines
DDMI provides critical system information about the installed optical modules.

1200 Switch Engine™ Command Reference Guide for version 32.7.1

 Commands Example

Example
The following example disables DDMI on port 1:
# configure ports 1 ddmi off

History
This command was first available in ExtremeXOS 30.7.

Platform Availability
This command is available on all Universal switches supported in this document.

NEW!configure ports debounce time

configure ports {port-list} debounce time [default | time]

Description
Configured debounce time feature on all or specified ports in milliseconds.

Syntax Description
port-list Specifies one or more stacking ports.
default Configure the default value.
milliseconds Time in milliseconds. Range is 0 (no debouncing) to 5000.

Default
Default debounce time value is 0.

Usage Guidelines
Debounce timer can be configured to override the false link flaps, such as link flaps that
happen in a milliseconds interval.

Example
configure ports 1 debounce time 15

History
This command was first available in ExtremeXOS 32.6.

Switch Engine™ Command Reference Guide for version 32.7.1 1201

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports display-string

configure ports port_list display-string string

Description
Configures a user-defined string for a port or group of ports.

Syntax Description
port_list Specifies one or more ports or slots and ports.
string Specifies a user-defined display string.

Default
The null string is the default.

Usage Guidelines
The display string can be up to 15 characters. Display strings do not need to be unique
for each port—you can assign the same string to multiple ports. For example, you could
give all the ports that connected to a particular department a common display string.

The string is displayed in certain commands such as the show ports information
command.

Note
Do not use a port number as a display string. For example, do not assign the
display string “2” to port2.

Example
The following command configures the user-defined string corporate for port 1 on a
stand-alone switch:

configure ports 1 display-string corporate

History
This command was first available in ExtremeXOS 10.1.

1202 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports dot1p

configure ports [port_list | all] dot1p dot1p_priority

Description
This command configures the default dot1p priority to be used for the internal priority
for untagged traffic on the specified port.

Syntax Description
port_list Specifies a port list.
all Specifies all ports.
dot1p_priority Priority number from 0 to 7 to be used for untagged
packets.

Default
0.

Usage Guidelines
Use this command to configure the default dot1p priority to be used for the internal
priority for untagged traffic on the specified port. This priority is used for untagged
frames when dot1p examination is enabled on a port.

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports dwdm channel none

configure port all | port_list dwdm channel none

Description
Configures the default DWDM channel number.

Switch Engine™ Command Reference Guide for version 32.7.1 1203

Syntax Description Commands

Syntax Description
all Specifies all ports.
port_list Specifies one or more ports or slots and ports.

Default
Channel number - 21.

Usage Guidelines
Use this command to configure the default DWDM channel number to the DWDM
optical module inserted in the given port. This default channel number of 21 and will
be mapped to the appropriate corresponding channel number of the vendor specific
channel. If a non-tunable DWDM optic is present, then the DWDM configuration is
silently removed from the software.

Example
The following command configures the default DWDM channel 21 on supported port 1:

configure port 1 dwdm channel none

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports dwdm channel

configure port all | port_list dwdm channel channel_number

Description
Selects the DWDM channel frequency for the selected ports.

Syntax Description
all Specifies all ports.
port_list Specifies one or more ports or slots and ports.
channel_number Specifies the channel number, which corresponds to one
of 102 available channel frequencies.

1204 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Channel number – 21.

Usage Guidelines
The following table lists the available frequencies and the channel number you must
specify to select each frequency.

Table 16: TX Wavelengths and Channel Assignments for the Tunable DWDM XFP/
SPF+
TX Channel TX Channel TX Channel TX Channel
Wavelengt Wavelengt Wavelengt Wavelengt
h h h h
1568.77 nm 11 1558.17 nm 24 1547.72 nm 37 1537.40 nm 50
1568.36 nm 1150 1557.77 nm 2450 1547.32 nm 3750 1537.00 nm 5050
1567.95 nm 12 1557.36 nm 25 1546.92 38 1536.61 nm 51
nm
1567.54 nm 1250 1556.96 nm 2550 1546.52 nm 3850 1536.22 nm 5150
1567.13 nm 13 1556.55 nm 26 1546.12 nm 39 1535.82 nm 52
1566.72 nm 1350 1556.15 nm 2650 1545.72 nm 3950 1535.43 nm 5250
1566.31 nm 14 1555.75 nm 27 1545.32 nm 40 1535.04 nm 53
1565.90 1450 1555.34 nm 2750 1544.92 4050 1534.64 5350
nm nm nm
1565.50 nm 15 1554.94 28 1544.53 41 1534.25 nm 54
nm nm
1565.09 nm 1550 1554.54 2850 1544.13 nm 4150 1533.86 nm 5450
nm
1564.68 16 1554.13 nm 29 1543.73 nm 42 1533.47 nm 55
nm
1564.27 1650 1553.73 nm 2950 1543.33 nm 4250 1533.07 nm 5550
nm
1563.86 nm 17 1553.33 nm 30 1542.94 43 1532.68 nm 56
nm
1563.45 nm 1750 1552.93 nm 3050 1542.54 4350 1532.29 nm 5650
nm
1563.05 nm 18 1552.52 nm 31 1542.14 nm 44 1531.90 nm 57
1562.64 1850 1552.12 nm 3150 1541.75 nm 4450 1531.51 nm 5750
nm
1562.23 nm 19 1551.72 nm 32 1541.35 nm 45 1531.12 nm 58
1561.83 nm 1950 1551.32 nm 3250 1540.95 4550 1530.72 nm 5850
nm
1561.42 nm 20 1550.92 nm 33 1540.56 46 1530.33 nm 59
nm

Switch Engine™ Command Reference Guide for version 32.7.1 1205

Example Commands

Table 16: TX Wavelengths and Channel Assignments for the Tunable DWDM XFP/
SPF+ (continued)
TX Channel TX Channel TX Channel TX Channel
Wavelengt Wavelengt Wavelengt Wavelengt
h h h h
1561.01 nm 2050 1550.52 nm 3350 1540.16 nm 4650 1529.94 nm 5950
1560.61 nm 21 1550.12 nm 34 1539.77 nm 47 1529.55 nm 60
1560.20 2150 1549.72 nm 3450 1539.37 nm 4750 1529.16 nm 6050
nm
1559.79 nm 22 1549.32 nm 35 1538.98 48 1528.77 nm 61
nm
1559.39 nm 2250 1548.91 nm 3550 1538.58 nm 4850 1528.38 nm 6150
1558.98 23 1548.51 nm 36 1538.19 nm 49
nm
1558.58 nm 2350 1548.11 nm 3650 1537.79 nm 4950

The supported channel numbers are not contiguous. If you specify a channel number
that is not listed in the preceding table, the following error message appears:
Error: DWDM Channel configuration failed. Channel number 100 is out of
configurable range. The channel range for the Optical module in port
<port number> is 11 .. 6150.

If the optical module in one of the ports in the specified list does not support DWDM,
the following error message is displayed:
Error: No TDWDM Optics on port <port number>.

If the optical module in one of the ports in the specified port list is not an Extreme
supported optical module, the following error message is displayed:
Error: DWDM Channel configuration failed. Optical module is not Extreme
Networks certified. For DWDM channel configuration, Extreme Network
Certified DWDM module is required.

To display the configuration, use the show ports configuration or the show ports
information detail command.

Example
The following command configures DWDM channel 21 on a modular port 1:1:

configure port 1:1 dwdm channel 21

History
This command was first available in ExtremeXOS 12.5.

1206 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports eee

configure ports port_list eee [on | off]

Description
Enables or disables EEE on the physical layer.

Syntax Description
port_list Specifies one or more ports or slots and ports.
on Specifies that the port advertises to its link partner that it is
EEE capable at certain speeds
off Specifies that the port advertises to its link partner that it is
not EEE capable at certain speeds

Default
Off.

Usage Guidelines
Use this command to enable EEE on the switch. The keyword on specifies that the
port advertises to its link partner that it is EEE capable at certain speeds. If both sides,
during auto-negotiation, determine that they both have EEE on and are compatible
speed wise, they will determine other parameters (how long it takes to come out of
sleep time, how long it takes to wake up) and the link comes up. During periods of
non-activity, the link will shut down parts of the port to save energy. This is called LPI
for low power idle. When one side sees it must send something, it wakes up the remote
and then transmits.

Example
The following example turns the EEE feature on for port 2:
config port 2 eee on

History
This command was first available in ExtremeXOS 15.4.

Switch Engine™ Command Reference Guide for version 32.7.1 1207

Platform Availability Commands

Platform Availability
EEE is supported on the following Extreme Networks platforms:
• 4120, 4220, ExtremeSwitching 5320, 5420, 5520, 5720, and 7520-48XT—copper
10/100/1000 and multi-rate ports

Note
There are hardware limitations on EEE at 2.5 Gbps and 5 Gbps speeds on
4220 Series and ExtremeSwitching 5720 Series switches. See the topic Energy
Efficient Ethernet in the Switch Engine User Guide for your version of Switch
Engine for more information.

configure ports forward-error-correction

configure ports port_list forward-error-correction [off | on [cl74 |
cl91]]

Description
Enables/disables IEEE Forward Error Correction (FEC) Clause 74 or 91 modes.

Syntax Description
port_list List of ports to enable/disable FEC modes on.
forward-error- Configures port FEC mode.
correction
off Disables all FEC modes (default).
on Enables FEC modes.
c174 Enables/disables FEC IEEE Clause 74.
c191 Enables/disables FEC IEEE Clause 91.

Default
FEC is not enabled by default.

Usage Guidelines
This command allows you to enable/disable Clause 91 or Clause 74 (exclusively) on a
per-port basis regardless of speed/type.

FEC gives the receiver the ability to correct errors without requiring a reverse channel
to request retransmission of data, but at the cost of a fixed, higher forward channel
bandwidth. Some devices require this to interoperate.

1208 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example enables FEC Clause 91 on port 1:
# configure ports 1 forward-error-correction on cl91

The following example turns off FEC on port 1:

# configure ports 1 forward-error-correction off

History
This command was first available in ExtremeXOS 22.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports ingress-filtering

configure ports port_list mac-based-vlans ingress-filtering [on|off]

Description
Allows users to toggle the ingress filtering setting for MAC-based VLANs.

Syntax Description
port_list Specifies one or more ports, or slots and ports.
mac-based-vlans Specifies MAC-based VLANs.
ingress-filtering Specifies the configuration of ingress filtering when MAC-
based VLANs are enabled.
on Turns on ingress filtering. Enabling ingress filtering
prevents VLANs other than those with egress membership
from being forwarded.
off Turns off ingress filtering. Disabling ingress filtering allows
the forwarding of packets sourced from any VLAN. This is
the default setting.

Default
The default is off.

Usage Guidelines
If the command is executed on a port that does not have MAC-based VLANs enabled,
the command will be accepted, but it will not be applied until MAC-Based VLANs are
enabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1209

Example Commands

Example
The following command enables ingress filtering for ports 1:2:

# configure ports 1:2 mac-based-vlans ingress-filtering on

History
This command was first available in ExtremeXOS 31.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports isolation

configure ports port_list isolation[on|off]

Description
Enables isolation mode on a per-port basis.

Syntax Description
port_list Specifies one or more ports, or slots and ports.
isolation Specifies that Isolated ports are not allowed to inter-
communicate.
on Turns on isolation. Isolated ports are not allowed to inter-
communicate.
off Turns off isolation. This is the default setting.

Default
Isolation is off by default.

Usage Guidelines
Use this command to enable isolation mode on a per-port basis. You can issue the
command on a single port or on a master port of a load share group. If you issue the
command on a non-master port of a load share group the command will fail. When a
port load share group is formed, all of the member ports assume the same isolation
setting as the master port.

1210 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command enables isolation mode on ports 2 and 4 on a switch:

configure ports 1, 4 isolation on

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports l2pt profile

configure [vlan | vman] vlan_name ports port_list l2pt profile [none |
profile_name]

Description
Configures L2PT profiles on service interfaces.

Syntax Description
vlan Specifies the VLAN configuration.
vman Specifies the VMAN configuration.
vlan_name Specifies the VLAN name.
ports port_list Specifies the port and port list separated by a comma ( , )
or dash ( - ).
profile Specifies the L2PT profile for the ports.
none Specifies that no L2PT profile should be bound to the ports
(default).
profile_name Specifies the L2PT profile to be bound to the ports.

Default
Disabled.

Usage Guidelines
Use this command to configure L2PT profiles on service interfaces.

Switch Engine™ Command Reference Guide for version 32.7.1 1211

Example Commands

Example
The following example binds my_l2pt_prof with ports 2 and 5 of VMAN cust1:
configure vman cust1 ports 2,5 l2pt profile my_l2pt_prof

The following example binds my_l2pt_prof with ports 2 and 5 of VMAN cust1. Port 5 is
not a part of VMAN cust1:
configure vman cust1 ports 2,5 l2pt profile my_l2pt_prof
Error: Port 5 is not part of the service.

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports link-flap-detection action

configure ports [port_list | all] link-flap-detection action [add |
delete] [{{disable-port} {log} {trap}} | all-actions]

Description
Add or deletes actions (disabling ports, logging events, generating SNMP traps) to be
taken when excessive link flapping is detected.

Syntax Description
ports Physical ports.
port_list List of ports to set link-flap detection actions upon.
all Sets the configured action for link-flap detection upon all
ports in the system.
action Sets actions to be taken when excessive link flapping is
detected.
add Adds action(s).
delete Deletes action(s).
disable-port Disables selected ports if link-flap threshold is exceeded.
After a port is disabled, the port either stays down for the
configured disable time value (set in the configure ports
link-flap-detection interval threshold disable-
time command) or can be re-enabled manually using the
clear ports link-flap-detection status command.
log Generates a log event if link-flap threshold is exceeded.

1212 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

trap Generates an SNMP trap if link-flap threshold is exceeded.

all-actions Adds or deletes all the actions.

Default
By default, all actions are turned off.

Example
The following example adds all link-flap actions (disabling ports, logging events,
generating SNMP traps) on ports 3–10:
configure ports 3-10 link-flap-detection action add all-actions

History
This command was first available in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports link-flap-detection interval threshold disable-time

configure ports [port_list | all] link-flap-detection [{interval
[interval | indefinitely]} {threshold threshold} {disable-time
[disable_time | until-cleared]}]

Description
Sets interval, threshold (maximum number of link down events), and disable time
values for link-flap detection.

Syntax Description
ports Physical ports.
port_list List of ports to activate link-flap detection upon.
all Sets link-flap detection characteristics on all ports in the
system.
interval Sets time interval for collecting link-flap events.
interval Interval value in seconds. Default is 5 seconds. Range is 1
second to indefinitely.
indefinitely Accumulate link-flap instances forever.
threshold Sets number of link-flap events tolerated before action is
taken.

Switch Engine™ Command Reference Guide for version 32.7.1 1213

Default Commands

threshold Threshold value. Default is 10. Minimum threshold is

1; maximum threshold value depends on the link-flap
detection configured link-flap interval and the link scan
interval.
disable-time Sets time period a port remains disabled after detecting
excessive link flapping.
disable_time Disable time in seconds. Default is 300 seconds. Range is 1
seconds to until enabled by user.
until-cleared Port remains down until you issue clear ports
[port_list | all] link-flap-detection status
command.

Default
These options have the following default values:

Option Default Value

Interval 5 seconds
Threshold 10 link flaps
Disable time 300 seconds

Usage
If the default link-scan interval is 50 ms, then in 1 second, a maximum of 20 link state
transitions (up or down) and 10 link down transitions can be detected. Assuming the
link-flap interval is set to 5, the maximum link-flap threshold is 10 * 5 = 50. Maximum
threshold for interval of 10 seconds appears in the output of the show ports all
link-flap configuration command.

For example, the following sequence of commands generates an error message:

configure ports 7 link-flap-detection interval 5
configure ports 7 link-flap-detection threshold 200
Error: Maximum threshold is 100 for port 7 for current
configuration of link-flap interval of 5 seconds.

Similarly, if the current threshold is 50, default link-scan interval is 50 ms, and the
interval is changed to 4 seconds, then an error message appears:
configure ports 7 link-flap-detection threshold 100
configure ports 7 link-flap-detection interval 2
Error: Current threshold of 100 for port 7 is invalid with
new interval value of 2 seconds. Threshold must be less
than 40 for interval to be 2 seconds.

Example
The following example sets the threshold value to 15 link flaps that can be accumulated
in an infinite interval for all ports.
configure ports all link-flap-detection interval indefinitely threshold 15

1214 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS release 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports link-flap-detection

configure ports [port_list | all] link-flap-detection [on | off]

Description
Turns on or off link-flap detection.

Syntax Description
ports Physical ports.
port_list List of ports to activate link-flap detection upon.
all Activates link-flap detection on all port in the system.
on Link-flap detection is on.
off Link-flap detection is off.

Default
Link-flap detection is disabled by default.

Example
The following example turns off link-flap detection on ports 1–15:
Configure ports 1-15 link-flap-detection off

History
This command was first available in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports link-scan interval

configure ports link-scan interval [ milliseconds | default ] { slot
[ slot | all ] }

Switch Engine™ Command Reference Guide for version 32.7.1 1215

Description Commands

Description
Configures the link-scan interval. The configure command allows the user to set the
interval in a range between the default for the platform and 500 ms. A higher interval
can free up CPU cycles when fast link detection is not a requirement.

Syntax Description
ports Ports.
link-scan Configure link scan attributes for polling port status.
interval Configure amount of time between polling port status
milliseconds Interval in milliseconds. Range is 50 to 500 for most platforms.
The minimum interval depends on the default for the platform.";
type="int"; range="[50,500]
default Default interval (50 ms for most platforms).
slot Slot number (default all slots)"; capability="slot_available"
all All slots.

Default
50 ms.

Usage Guidelines
Use this command to configure the link-scan interval.

Example

# sh ports link-scan
Slot Interval (ms)
----- ---------------
1 50 (default)
2 300
3 50 (default)
4 50 (default)
5
6
7
8 200

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

1216 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure ports monitor vlan

configure ports monitor vlan

configure ports [port_list|all] monitor vlan [vlan_name | vlan_list]
{rx-only | tx-only}

Description
Starts counting VLAN statistics on a port or a group of ports.

Syntax Description
port_list Specifies one or more ports. May be in the form: 1, 2, 3-5, 2:5, 2:6-2:8.
all Specifies all ports.
vlan_name Specifies a VLAN name.
vlan_list Specifies a VLAN list of IDs.
rx-only Specifies receive statistics.
tx-only Specifies transmit statistics.

Default
N/A.

Usage Guidelines
Use this command to configure access to VLAN statistics per port.

The rx-only and tx-only parameters are intended for, but not restricted to, use on ports
that support both receive and transmit statistics. Ports on slots that do not support
transmit statistics do not require explicit use of the rx-only keyword. In the absence of
specifying either rx-only or tx-only, both RX and TX VLAN statistics are gathered if both
are supported on the configured port.

When both receive and transmit statistics are configured and resources for either
receive or transmit are not available, neither receive nor transmit statistics will be
configured.

The number of VLANs that can be monitored is dependent on filtering resources on the
involved switch.

When per-port monitoring is configured, the following commands display the latest
statistics directly from the hardware in real time. This information is not logged.

To display VLAN statistics at the port level, use the following command:
show ports {port_list} vlan statistics {no-refresh | refresh}

To display VLAN statistics at the VLAN level, use the following command:
show vlan {vlan_name | vlan_list} statistics

Switch Engine™ Command Reference Guide for version 32.7.1 1217

Example Commands

Example
The following example configures per-port monitoring of transmit statistics for a set of
ports for the VLAN named finance on a switch:
configure ports 2,3 monitor vlan finance tx-only

History
This command was first available in ExtremeXOS 12.0.

Support for ExtremeSwitching switches was added in ExtremeXOS 12.5.

The vlan_list variable was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports partition

configure ports [port_list | all] partition [1x100G | 1x40G | 2x50G |
4x10G | 4x25G]

Description
Partitions 100G and 40G ports into multiple partition speeds, and partitions 25G ports
into a single 10G port for supported Universal platforms.

Syntax Description
port_list Specifies one or more ports.
all Specifies partitioning all available 100G ports on an entire switch or
stack.
1x100G Specifies partitioning a 100G port into a single 100G port (applies
only to switches with 100G port(s)).
1x40G Specifies partitioning a 40G port into a single 40G port (applies only
to switches with 40G port(s)).
2x50G Specifies partitioning a 100G port into a two 50G port (applies only
to switches with 100G port(s)).
3x1G Specifies partitioning a 5720-VIM-6YE into a three consecutive 1G
ports.
Apply 3x1G option on the first VIM port (port 27 or 30 for 24-port
models and ports 51 or 55 for 48-port models). All three ports (ports
27-29 or 30-32 for 24-port models and ports 51-53 and 54-56 on
48-port models) on the VIM become 1G ports when applying this
option.

1218 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

3x10G Specifies partitioning a 5720-VIM-6YE into a three consecutive 10G

ports.
Apply 3x10G option on the first VIM port (port 27 or 30 for 24-port
models and ports 51 or 55 for 48-port models). All three ports (ports
27-29 or 30-32 for 24-port models and ports 51-53 and 54-56 on
48-port models) on the VIM become 10G ports when applying this
option.
3x25G Specifies partitioning a 5720-VIM-6YE into a three consecutive 25G
ports.
Apply 3x25G option on the first VIM port (port 27 or 30 for 24-port
models and ports 51 or 55 for 48-port models). All three ports (ports
27-29 or 30-32 for 24-port models and ports 51-53 and 54-56 on
48-port models) on the VIM become 25G ports when applying this
option.
4x10G Specifies partitioning a 40G port into a four 10G port (applies only to
switches with 40G port(s)).
Specifies partitioning a 25G port into a single 10G port. Apply 4x10G
option on the first 5520 VIM port (port 33 for 24-port models and
port 57 for 48-port models). All four ports on the 5520 VIM become
10G ports when applying this option.
4x25G Specifies partitioning a 100G port into a four 25G port.
Also specifies changing a 25G port that was partitioned to a 10G
port to back to 25G. Apply 4x25G option on the first 5520 VIM port
(port 33 for 24-port models and port 57 for 48-port models). All four
ports on the 5520 VIM become 25G ports when applying this option.

Default
For 4120, U1 and U2 ports default to 1x100G.

For 5520-VIM-4YE, 25G ports default to 1x25G.

For 5520 QSFP28 ports the default partition is 40G.

For 5720-VIM-2CE ports default to 1x100G.

For 5720-VIM-6YE ports default to 3x25G.

Usage Guidelines
Partion supported QSFP28 ports in Ethernet mode can be configured for 40G (default),
2x50G, 4x25G or 4x10G. These ports are normally configured for stacking.

Note
If stacking-support is enabled, then stacking supported 100G ports will not
accept this command. To use the stacking supported 100G ports for Ethernet,
stacking-support should be disabled

For the ExtremeSwitching 5520-VIM-4YE module you can switch all four ports on the
VIM from 25G to 10G using the 4x25G option.

Switch Engine™ Command Reference Guide for version 32.7.1 1219

Example Commands

If there is a port configuration mismatch detected in the LAG, warning messages like
the following may display:
WARNING: A LAG member port is now partitioned. It is recommended that master and member
ports configuration be consistent to avoid traffic imbalance across LAG members.

Example
The following example partitions port 6:1 into four 10G ports:
# configure ports 6:1 partition 4x10G

History
This command was available in ExtremeXOS 12.6.

This command was expanded to include partitioning 100G ports in ExtremeXOS 22.2

Dynamic partitioning (no reboot required) was added in ExtremeXOS 30.2.

Platform Availability
This command is available on 4120, ExtremeSwitching 5520, 5720, 7520, and 7720 switch
models.

configure ports protocol filter

configure ports [port_list | all] protocol filter [none | filter_name]

Description
Configures protocol filtering on a port.

Syntax Description
port_list Specifies the port list separated by a comma ( , ) or dash
( - ).
all Specifies all ports.
protocol filter Specifies the protocol filter.
none Specifies to not perform protocol filtering on specified
ports.
filter_name Specifies the protocol filter name.

Default
Disabled.

1220 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use this command to configure protocol filtering on a port.

Example
The following example unbinds the L2PT profile from peer 1.1.1.1 of VPLS cust2:
configure l2vpn vpls cust2 peer 1.1.1.1 l2pt profile none

The following example enables filtering of protocols in my_list on port 1:

configure ports 1 protocol filter "my_list"

The following example disables protocol filtering on port 7:

configure ports 7 protocol filter none

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports qosprofile

configure ports port_list {qosprofile} qosprofile

Description
Creates a port-based traffic group, which configures one or more ingress ports to use a
particular egress QoS profile.

Syntax Description
port_list Specifies a list of ports or slots and ports.
qosprofile Specifies a QoS profile.

Default
All ingress ports have the default qosprofile of QP1.

Usage Guidelines
This command assigns traffic ingressing the specified port to a specified egress QoS
profile. Extreme switches support eight egress QoS profiles (QP1 to QP8) for each port.
SummitStack does not permit configuration of QP7.

Switch Engine™ Command Reference Guide for version 32.7.1 1221

Example Commands

Example
The following command configures port 5 to use QoS profile QP3:

configure ports 5 qosprofile QP3

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports rate-limit egress

configure ports port_list rate-limit egress [no-limit | cir-rate [Kbps |
Mbps | Gbps] {max-burst-size burst-size [Kb | Mb]}]

Description
Configures an egress traffic rate limit for a port or groups of ports.

Syntax Description
port_list Specifies one or more ports or slots and ports.
no-limit Specifies traffic be transmitted without limit; use to reconfigure or
unconfigure previous rate-limiting parameters.
cir-rate Specifies the desired rate limit in Kbps, Mbps, or Gbps.
max-burst-size Specifies the maximum burst size or peak burst size in kilobits (Kb)
or megabits (Mb).

Default
No-limit.

Usage Guidelines
Port speed limits the egress traffic, as follows:
• 1 Gbps port—64 Kbps increments.
• 10 Gbps port—1 Mbps increments.

If the specified egress limit (cir-rate) is not a multiple of 64 Kbps for a 1 Gbps port or 1
Mbps for a 10Gbps port, the specified value is rounded down to the nearest appropriate
multiple based on the port type.

1222 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Use the no-limit parameter to:

• Unconfigure egress rate limiting on the port(s).
• Reconfigure existing egress rate limiting on the port(s).

The max-burst-size parameter is the amount of traffic above the value in the cir-rate
parameter that is allowed to burst from the port(s) for a short duration. If max-burst-size
has been configured as "0", then it will use maximum available burst value.

Example
The following command configures egress rate-limiting on port 1 a switch for 3 Mbps
and a maximum burst size or 5 M bits:

configure port 1 rate-limit egress 3 Mbps max-burst-size 5 Mb

History
This command was available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports rate-limit flood

configure ports [port_list | port_group]rate-limit flood [broadcast |
multicast | unknown-destmac] [no-limit | pps {out-actions [{log}
{trap} {disable-port}]}]]

Description
Limits the amount of ingress flooded traffic; minimizes network impact of broadcast
loops.

Syntax Description
port_list Specifies the port number. On a stand-alone switch, this value is just
the port number, and on a SummitStack, this value is the slot and
port number.
port_group Port group name.
broadcast Specifies all broadcast packets.
multicast Specifies all flooded multicast packets (known IP multicast caches
are still forwarded at line rate).
unknown- Specifies all packets with unknown MAC DAs.
destmac
no-limit Specifies unlimited rate.

Switch Engine™ Command Reference Guide for version 32.7.1 1223

Default Commands

pps Packets per second allowed; range is from 0 to 262,144.

out-actions Out-of-profile action.
log Generate log event if traffic exceeds configured rate.
trap Generate SNMP trap if traffic exceeds configured rate.
disable-port Disable the underlying port when traffic exceeds configured rate.

Default
No limit.

Usage Guidelines
Use this command to limit the amount of ingress flooding traffic and to minimize the
network impact of broadcast loops.

Note
When the multicast keyword is used, both known and unknown multicast
traffic will be rate limited.

To display results, use the show ports rate-limit flood command.

Example
The following example rate limits broadcast packets on port 3 on a stand-alone switch
to 500 pps:
configure ports 3 rate-limit flood broadcast 500

History
This command was available in ExtremeXOS 11.1.

The out-actions, log, trap, disable-port, and port_group options were added in
ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports redundant

configure ports primaryPort redundant secondaryPort {link [on | off]}

Description
Configures a software-controlled redundant port.

1224 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
primaryPort Specifies one primary port or slot and port.
redundantPort Specifies one or redundant port or slot and port.
secondaryPort
link Specifies state of link:
on—Specifies keeping the redundant port active, but block
trafficoff—Specifies forcing the link down on the redundant port

Note: The default value is off.

Default
N/A.

Usage Guidelines
The first port specifies the primary port. The second port specifies the redundant port.

A software-controlled redundant port is configured to back up a specified primary port;

both ports are on the same device. The redundant port tracks the link state of the
associated primary port, and if the link on the primary port fails, the redundant port
establishes a link and becomes active. You can back up a specified Ethernet port with a
redundant, dedicated Ethernet port.

You configure the redundant link to be always physically up but logically blocked or to
be always physically down. The default is off, or the redundant link is down.

The following criteria must be considered when configuring a software-controlled

redundant port:
• You can configure only one redundant port for each primary port.
• You cannot have any Layer 2 protocols configured on any of the VLANs that are
present on the ports. (You will see an error message if you attempt to configure
software redundant ports on ports with VLANs running Layer 2 protocols.)
• The primary and redundant port must have identical VLAN memberships.
• The master port is the only port of a load-sharing group that can be configured
as either a primary or redundant port. (The entire trunk must go down before the
software-controlled redundant port takes effect.)
• Only one side of the link should be configured as redundant.

Example
The following command configures a software-controlled redundant port:

configure ports 1:3 redundant 2:3

Switch Engine™ Command Reference Guide for version 32.7.1 1225

History Commands

History
This command was available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ports vlan

configure ports port_list [ {tagged tag} vlan vlan_name | {tagged}
vlan vlan_list ] [limit-learning number {action [blackhole | stop-
learning]} | lock-learning | unlimited-learning | unlock-learning]

Description
Configures virtual ports for limited or locked MAC address learning.

Syntax Description
port_list Specifies one or more ports or slots and ports.
tagged tag Specifies the port-specific VLAN tag. When there are
multiple ports specified in the port_list, the same tag is
used for all of them.
vlan_name Specifies the name of the VLAN.
vlan_list Specifies a VLAN list of IDs.
limit-learning number Specifies a limit on the number of MAC addresses that can
be dynamically learned on the specified ports.
blackhole Specifies that blackhole entries are created for MAC
addresses that exceed the limit-learning limit. This is the
default setting.
stop-learning Specifies that the learning be halted to protect the switch
from exhausting FDB resources by not creating blackhole
entries.
lock-learning Specifies that the current FDB entries for the specified
ports should be made permanent static, and no additional
learning should be allowed.
unlimited-learning Specifies that there should not be a limit on MAC
addresses that can be learned.
unlock-learning Specifies that the port should be unlocked (allow
unlimited, dynamic learning).

Default
Unlimited, unlocked learning.

1226 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
If you have enabled ESRP, see the appropriate volume of the Switch Engine 32.7.1 User
Guide for information about using this feature with ESRP.

Limited learning
The limited learning feature allows you to limit the number of dynamically-learned
MAC addresses per VLAN. When the learned limit is reached, all new source MAC
addresses are blackholed at both the ingress and egress points. This prevent these MAC
addresses from learning and responding to ICMP and address resolution protocol (ARP)
packets.

If the limit you configure is greater than the current number of learned entries, all the
current learned entries are purged.

Dynamically learned entries still get aged, and can be cleared. If entries are cleared or
aged out after the learning limit has been reached, new entries will then be able to be
learned until the limit is reached again.

Permanent static and permanent dynamic entries can still be added and deleted using
the create fdb and delete fdb commands. These override any dynamically learned
entries.

For ports that have a learning limit in place, the following traffic still flows to the port:
• Packets destined for permanent MACs and other non-blackholed MACs.
• Broadcast traffic.
• EDP traffic.
Traffic from the permanent MAC and any other non-blackholed MACs will still flow from
the virtual port.

If you configure a MAC address limit on VLANS that participate in an Extreme Standby
Router Protocol (ESRP) domain, you should add an additional back-to-back link (that
has no MAC address limit on these ports) between the ESRP-enabled switches. Doing
so prevents ESRP protocol data units (PDUs) from being dropped due to MAC address
limit settings.

Stop learning
When stop-learning is enabled with learning-limit configured, the switch is protected
from exhausting FDB resources by not creating blackhole entries. Any additional
learning and forwarding is prevented, but packet forwarding from FDB entries is not
impacted.

Port lockdown
The port lockdown feature allows you to prevent any additional learning on the
virtual port, keeping existing learned entries intact. This is equivalent to making the

Switch Engine™ Command Reference Guide for version 32.7.1 1227

Example Commands

dynamically-learned entries permanent static, and setting the learning limit to zero. All
new source MAC addresses are blackholed.

Locked entries do not get aged, but can be deleted like any other permanent FDB
entries. The maximum number of permanent lockdown entries is 1024. Any FDB entries
above will be flushed and blackholed during lockdown.

For ports that have lockdown in effect, the following traffic still flows to the port:
• Packets destined for the permanent MAC and other non-blackholed MACs.
• Broadcast traffic.
• EDP traffic.

Traffic from the permanent MAC will still flow from the virtual port.

Once the port is locked down, all the entries become permanent and will be saved
across reboot.

When you remove the lockdown using the unlock-learning option, the learning-limit is
reset to unlimited, and all associated entries in the FDB are flushed.

To display the locked entries on the switch, use the following command:
show fdb

Locked MAC address entries have the “l” flag.

To verify the MAC security configuration for the specified VLAN or ports, use the
following commands:
show vlan vlan name security show ports port_list info detail

Example
The following example limits the number of MAC addresses that can be learned on
ports 1, 2, 3, and 6 in a VLAN named accounting, to 128 addresses:
configure ports 1, 2, 3, 6 vlan accounting learning-limit 128

The following example locks ports 4 and 5 of VLAN accounting, converting any FDB
entries to static entries, and prevents any additional address learning on these ports:
configure ports 4,5 vlan accounting lock-learning

The following example removes the learning limit from the specified ports:
configure ports 1, 2, vlan accounting unlimited-learning

The following example unlocks the FDB entries for the specified ports:
configure ports 4,5 vlan accounting unlock-learning

The following example illustrates use of the tagged keyword:

configure ports 1 tag 10 vlan accounting learning-limit 128
configure ports 1 vlan accounting learning-limit 128

1228 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

configure ports 4 tag 10 vlan accounting lock-learning

configure ports 4 vlan accounting lock-learning

History
This command was first available in ExtremeXOS 11.1.

The vlan_list option was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure power monitor

configure power monitor poll-interval [off | seconds] change-action
[none | [log | log-and-trap | trap] change-threshold watts]

Description
Configures the power visualization, which periodically polls for input power usage.

Syntax Description
seconds Input power usage poll interval in seconds. If zero
is configured, then the input power measurement is
disabled.
change-action The action to be taken whenever the power is increased or
decreased by the configured threshold power value (none,
log, log-and-trap, or trap).
watts The power value in watts for the change threshold. The
default value is 2 watts.

Default
The default poll interval is 60 seconds.

The default change action is none.

The default change threshold is 2 watts.

Switch Engine™ Command Reference Guide for version 32.7.1 1229

Usage Guidelines Commands

Usage Guidelines
Use this command to configure change actions to be taken when input power usage is
increased or decreased by the configured threshold power value. The polling interval is
also configurable, with a default value of 60 seconds.

Note
Input power usage values are only estimates.

Example
The following command configures a polling interval of 10 seconds, a change action of
log-and-trap, and a change threshold of 3 watts:

configure power monitor poll-interval 10 change-action log-and-trap change-threshold 3

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure private-vlan add network

configure private-vlan name add network vlan_name

Description
Adds the specified VLAN as the network VLAN on the specified PVLAN.

Syntax Description
name Specifies the name of the PVLAN to which the VLAN is
added.
vlan_name Specifies a VLAN to add to the PVLAN.

Default
N/A.

Usage Guidelines
The VLAN must be created and configured with a tag before it is added to the PVLAN.

1230 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example adds VLAN "sharednet" as the network VLAN for the PVLAN
named "companyx":
configure private-vlan companyx add network sharednet

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all platforms that support the Private VLAN feature. The
features and the platforms that support them are listed in the Switch Engine 32.7.1
Feature License Requirements document.

configure private-vlan add subscriber

configure private-vlan name add subscriber vlan_name {non-isolated}
{loopback-port port}

Description
Adds the specified VLAN as a subscriber VLAN on the specified PVLAN.

Syntax Description
name Specifies the name of the PVLAN to which the VLAN is
added.
vlan_name Specifies a VLAN to add to the PVLAN.
non-isolated Configures the subscriber VLAN as a non-isolated
subscriber VLAN.
port Specifies the port that serves as the loopback port.

Default
If the non-isolated option is omitted, this command adds the specified VLAN as an
isolated subscriber VLAN.

Usage Guidelines
The VLAN must be created and configured with a tag before it is added to the PVLAN.
If the non-isolated option is omitted, the VLAN is added as an isolated subscriber VLAN.
If the non-isolated option is included, the VLAN is added as an non-isolated subscriber
VLAN.

Switch Engine™ Command Reference Guide for version 32.7.1 1231

Example Commands

If two or more subscriber VLANs have overlapping ports (where the same ports are
assigned to both VLANs), each of the subscriber VLANs with overlapping ports must
have a dedicated loopback port.

Example
The following example adds VLAN "restricted" as a subscriber VLAN for the PVLAN
named "companyx":
configure private-vlan companyx add subscriber restricted isolated

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all platforms that support the Private VLAN feature. For
features and the platforms that support them, see the Switch Engine 32.7.1 Feature
License Requirements document.

configure private-vlan delete

configure private-vlan name delete [network | subscriber] vlan_name

Description
Deletes the specified VLAN from the specified PVLAN.

Syntax Description
name Specifies the name of the PVLAN from which the VLAN is
deleted.
network Specifies that the VLAN to be deleted is a network VLAN.
subscriber Specifies that the VLAN to be deleted is a subscriber VLAN.
vlan_name Specifies the VLAN to delete from the PVLAN.

Default
N/A.

Usage Guidelines
This command deletes a VLAN from a PVLAN, but it does not delete the VLAN from
the system—it just breaks the link between the VLAN and the PVLAN. You can use this
command to delete both network and subscriber VLANs.

1232 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example deletes network VLAN "sharednet "from the PVLAN named
"companyx":
configure private-vlan companyx delete network sharednet

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all platforms that support the Private VLAN feature. For
features and the platforms that support them, see the Switch Engine 32.7.1 Feature
License Requirements document.

configure protocol add

configure protocol {filter} filter_name add [etype | llc | snap] hex
{[etype | llc | snap] hex}

Description
Configures a user-defined protocol filter.

Syntax Description
filter Configures a protocol filter.
filter_name Specifies a protocol filter name.
add Specifies that you add a protocol.
delete Specifies that you delete a protocol.
etype Specifies an ethertype protocol.
llc Specifies LLC protocol.
snap Specifies SNAP protocol.
hex Specifies a four-digit hexadecimal number between 0 and
FFFF that represents:
• The Ethernet protocol type taken from a list maintained
by the IEEE.
• The DSAP/SSAP combination created by concatenating
a two-digit LLC Destination SAP (DSAP) and a two-digit
LLC Source SAP (SSAP).
• The SNAP-encoded Ethernet protocol type.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 1233

Usage Guidelines Commands

Usage Guidelines
Supported protocol types include:
• etype—IEEE Ethertype.
• llc—LLC Service Advertising Protocol.
• snap—Ethertype inside an IEEE SNAP packet encapsulation.

A maximum of 16 customized protocol filters can be active at a time.

The protocol filter must already exist before you can use this command. Use the create
protocol command to create the protocol filter.

Note
Protocol-based VLAN for Etype from 0x0000 to 0x05ff are not classifying as per
filter. When traffic arrive with these Etypes, it is classifed to native VLAN rather
protocol-based VLAN.

Example
The following example adds MPLS to "my_filter":
configure protocol “my_filter” add etype 0x8847
configure protocol filter “my_filter” add etype 0x8847

The following example deletes MPLS from "my_other_filter":

configure protocol “my_other_filter” delete etype 0x8847
configure protocol filter “my_other_filter” delete etype 0x8847

History
This command was first available in ExtremeXOS 10.1.

The filter keyword and options were added in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure process group other cpu-limit

configure process group other cpu-limit cpu_limit

Description
This command changes the CPU limit for the "Other" (non-vital) process group.

1234 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
other Designates "Other" (non-vital) process group.
cpu-limit Designates changing the maximum amount of CPU
that the "Other" process group can use during resource
contention.
cpu-limit Sets the value for the CPU limit value as a percentage. The
valid range is 5% to 50%; default is 10%.

Default
By default, the CPU limit of "Other" group is 10%. With the default configuration, the
"Vital" group CPU limit is 90%.

Usage Guidelines
This command allows you to configure CPU limits for the “Other” group. The configured
CPU percentage is guaranteed for the "Other" group, unless a real-time kernel task
needs CPU.

When this command is issued, the CPU limit for the "Vital" group is changed as well.
For example, if you change the CPU limit value to 30, the new values are: 70% for "Vital",
and 30% for "Other".

If you try to configure a limit that is greater than the current configured value, a
warning message appears:
Warning: Increasing CPU limit of the “Other” group may degrade EXOS performance and lead
to network instability. The CPU limit for the “Other” group has been increased from 10% to
30%.

To see the status of the process groups, use the command show process group on
page 3279.

Example
The following example changes the "Other" process group CPU limit to 30%.
Additionally, the "Vital" group is changed to 70%:
# configure process group other cpu-limit 30

History
This command was first available in ExtremeXOS 22.2.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1235

configure process group other memory-limit Commands

configure process group other memory-limit

configure process group other memory-limit memory_limit

Description
This command changes the memory limit for the "Other" (non-vital) process group.

Syntax Description
other Designates "Other" (non-vital) process group.
memory-limit Designates changing the memory limit for the "Other"
process group.
memory-limit Sets the value, as a percentage, for the "Other" process
group memory limit. The valid range is 5% to 50%; default is
5% of total system memory.

Default
Default memory limit for the "Other" group is 5% of total system memory. With the
default configuration, the memory limit of the "Vital" group is 95%.

Usage Guidelines
This command allows you to increase or decrease the memory limit assigned to the
“Other” (non-vital) process group. The configured limit is used as the new upper
bound for the "Other" group. When this command is issued, the memory limit for the
"Vital" group is changed as well. For example, if the current value is 95% for "software
application", and 5% for “Other”, if you change the memory limit value to 30, the new
values are: 70% for "Vital", and 30% for “Other”.

When you issue this command, a warning message appears:

Warning: Increasing memory-limit of the “Other” group will reduce the available memory for
“EXOS”.

If you try to set a memory limit below the value that is already consumed by the "Other"
group, an error message appears. For example, when you change the memory limit to
5% when it is already consuming 8.7%, the following error message appears.
Error: Desired memory-limit (5%) must be greater than or equal to the current memory
consumption (8.7%) of the group “Other”.

You also cannot increase the memory limit on a process group beyond the available
memory for the process group. For example, if you try increasing the memory limit on
the “Other” (non-vital) group to 40% when the group is already consuming 70%, the
following error message appears:
Error: Desired memory-limit (40%) must be less than or equal to the available memory of
(30%) for the “Other” group. “EXOS” is currently consuming 70% of system memory.

1236 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

To see the status of the process groups, use the command show process group on
page 3279.

Example
The following example sets the "other" process group memory limit to 25%. This also
sets the memory limit to 75% for the "Vital" group:
# configure process group other memory-limit 25

History
This command was first available in ExtremeXOS 22.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure protocol delete

configure protocol name delete [etype | llc | snap] hex {[etype | llc |
snap] hex} ...

Description
Deletes the specified protocol type from a protocol filter.

Syntax Description
name Specifies a protocol filter name.
hex Specifies a four-digit hexadecimal number between 0 and
FFFF that represents:
• The Ethernet protocol type taken from a list maintained
by the IEEE.
• The DSAP/SSAP combination created by concatenating
a two-digit LLC Destination SAP (DSAP) and a two-digit
LLC Source SAP (SSAP).
• The SNAP-encoded Ethernet protocol type.

Default
N/A.

Usage Guidelines
Supported protocol types include:
• etype—IEEE Ethertype.

Switch Engine™ Command Reference Guide for version 32.7.1 1237

Example Commands

• llc—LLC Service Advertising Protocol.

• snap—Ethertype inside an IEEE SNAP packet encapsulation.

Example
The following example deletes protocol type LLC SAP with a value of FEFF from
protocol "fred":
configure protocol fred delete llc feff

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure protocol filter

configure protocol filter filter_name [add | delete] dest-mac
mac_address {[etype | llc | snap] hex} {field offset offset value
value {mask mask}} {tagged}

Description
Configures the destination address as well as an arbitrary field of the protocol.

Syntax Description
filter_name Specifies a protocol filter name.
add Specifies that you add a protocol.
delete Specifies that you delete a protocol.
dest-mac Specifies the destination MAC address used by PDUs of the
protocol.
mac_address Specifies the MAC address.
etype Specifies the EtherType used by PDUs of the protocol.
llc Specifies the LLC DSAP and SSAP used by PDUs of the
protocol.
snap Specifies the SNAP protocol identifier used by PDUs of the
protocol.

1238 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

hex Specifies a four-digit hexadecimal number between 0 and

FFFF that represents:
• The Ethernet protocol type taken from a list maintained
by the IEEE.
• The DSAP/SSAP combination created by concatenating
a two-digit LLC Destination SAP (DSAP) and a two-digit
LLC Source SAP (SSAP).
• The SNAP-encoded Ethernet protocol type.

field Specifies a field used by PDUs of the protocol.

offset Specifies the offset of the field from the start of the PDU.
value value Specifies the value of the field in hexadecimal (for example,
A1:B2:0C. Maximum 16 bytes).
mask mask Specifies the mask for the field in hexadecimal (for
example, FF:FF:0F. Maximum 16 bytes).
tagged Specifies if the protocol is a tagged protocol. Default is not
tagged.

Default
N/A.

Usage Guidelines
Supported protocol types include:
• etype—IEEE Ethertype.
• llc—LLC Service Advertising Protocol.
• snap—Ethertype inside an IEEE SNAP packet encapsulation.

A maximum of 15 protocol filters, each containing a maximum of six protocols, can be

defined.

The protocol filter must already exist before you can use this command. Use the create
protocol command to create the protocol filter.

No more than seven protocols can be active and configured for use.

Note
Protocol-based VLAN for Etype from 0x0000 to 0x05ff are not classifying as per
filter. When traffic arrive with these Etypes, it is classifed to native VLAN rather
than protocol-based VLAN.

Example
The following example LACP to the protocol list "mylist":
configure protocol “mylist” add dest-mac 01:80:C2:00:00:02 etype 0x8809 field offset 14
value
01 mask FF

Switch Engine™ Command Reference Guide for version 32.7.1 1239

History Commands

The following example removes EFM OAM from the protocol list "mylist":
configure protocol filter “mylist” delete dest-mac 01:80:C2:00:00:02 etype 0x8809 field
offset
14 value 03 mask FF

The following example configures a mismatched mask and value:

configure protocol “mylist” delete dest-mac 01:80:C2:00:00:02 etype 0x8809 field offset
14 value 03 mask FF:FF
Error: The length of the field value is not the same as the field mask.

History
This command was first available in ExtremeXOS 15.5.

The tagged keyword was added in ExtremeXOS 31.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure qosprofile
configure qosprofile egress qosprofile [{minbw minbw_number} {maxbw
maxbw_number} | {peak_rate peak_bps [K | M]}] [ports [port_list |
port_group |all]]
configure qosprofile qosprofile [{minbw minbw_number} {maxbw
maxbw_number} | {{committed_rate committed_bps [K | M]} {peak_rate
peak_bps [K | M]} | [ports [port_list | all]]
configure {qosprofile} qosprofile [{maxbuffer buffer_percentage} {weight
weight_value | use-strict-priority} {ports [port_list | port_group |
all]}]

Description
Modifies the default egress QoS profile parameters.

1240 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
minbw The minimum bandwidth (minbw) option specifies the
committed information rate as a percentage of the
maximum port speed. The range is 0 to 100%, and the
default value is 0. When autonegotiation is off, the CIR
is the specified percentage of the configured port speed.
When autonegotiation is on, the CIR is the specified
percentage of the maximum port speed.
maxbw The maximum bandwidth (maxbw) option specifies the
peak rate as a percentage of the maximum port speed.
The range is 0 to 100%, and the default value is
100. When autonegotiation is off, the peak rate is the
specified percentage of the configured port speed. When
autonegotiation is on, the peak rate is the specified
percentage of the maximum port speed (the switch does
not detect the negotiated port speed).
peak_rate Specifies a peak rate in Kbps (k) bits or Mbps (m).
committed_rate Specifies a committed information rate in Kbps (k) bits or
Mbps (m).
port_list Specifies a list of slots and ports to which the parameters
apply. Specify ports in the following formats: 3-5, 2:5, 2:6-2:8.
buffer_percentage When used without a port-list, specifies the percentage of
the total buffer you are reserving for this QoS profile on all
ports for which an override has not been configured. The
range is 1 to 100; the default setting is 100.
When used with a port-list, specifies a percentage override
of the maxbuffer setting for the QoS profile specified.
The range is 1-10000; the default is 100 (i.e., no override).
Setting 100% is equivalent to unconfiguring the maxbuffer
override.
qosprofile Specifies a QoS profile name.
use-strict-priority When the global qosscheduler configuration (configure
qosscheduler command) is set to weighted-round-robin,
this option overrides the global configuration for the
specified QoS profile, so that it operates in strict-priority-
mode. This enables hybrid strict-priority and weighted-
round-robin scheduling operation.
weight-value Specifies the weight value used for queue service
weighting in the weighted-round-robin scheduler for this
QoS profile. Range is 1-15 or 1-127 depending on hardware
type. 0=strict-priority. Default is 1.
This command enables the user to input a weight
for queues in the weighted-round-robin scheduler or
weighted-deficit-round-robin scheduler. The weight of
both WRR and WDRR algorithms have been extended to
1-127.
ports Port list for maxbuffer and per-port weight override.
port_list Port list.
port_group Port group name.
all Specifies this applies to all ports on the device.

Switch Engine™ Command Reference Guide for version 32.7.1 1241

Default Commands

Default
• QoS profiles—QP1 and QP8 on SummitStack and ExtremeXOS series switches
• Minimum bandwidth—0%
• Maximum bandwidth—100%
• Maximum buffer—100%
• Maxbuffer override—100% (no override)
• Weight—1
• Priority—By default, each qosprofile is assigned a different priority level:
◦ QP1 - 1, Low (the lowest priority)
◦ QP2 - 2, LowHi
◦ QP3 - 3, Normal
◦ QP4 - 4, NormalHi
◦ QP5 - 5, Medium
◦ QP6 - 6, MediumHi
◦ QP7 - 7, High
◦ QP8 - 8, HighHi (highest priority)

Usage Guidelines
Note
You can view the effect of setting the buffer-percentage using the show ports
port-list buffer command.

Note
You can view the configured buffer-percentage value using the show
qosprofile or show qosprofile ports port-list commands, respectively.

The maximum bandwidth value can be configured as either:

• An absolute percentage of the total maximum link speed, regardless of the currently
configured or negotiated speed, OR
• An absolute peak rate in Mbps or Kbps.

QoS profiles QP1 and QP8 are preconfigured. If you want to use a QoS profile in the
range of QP2 through QP7, you must first create the QoS profile. QoS profile QP7 is
reserved on SummitStack for stack management and cannot be created or modified.

When specified without a port-list, the maxbuffer parameter can configure a reduction
in the maximum amount of packet buffer space allotted to the specified QoS profile.
If you reduce the allotment below the default value of 100%, the reduction releases
packet buffer space to the shared packet buffer. Regardless of the setting for this
parameter, the system does not drop any packets as long as reserved packet buffer

1242 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

memory for the port and QOS profile or shared packet memory for the port remains
available.

Note
The configuration defined by the maxbuffer attribute in this command can be
overridden on a per-port basis if the port is specified along with the maxbuffer
parameter.

When specified with a port-list, the maxbuffer setting overrides the system-wide
reduction of packet buffer reservation set with the configure qosprofile maxbuffer
command for the specified QoS profile. If the packet buffer reservation is reduced to 75
percent for the entire QoS profile, the specified ports are allotted 75% of the allotment
for the specified QoS profile. If for specified ports the maxbuffer is set to 200 percent,
the packet buffer reservation will be set to 200 percent of the normal packet buffer
reservation for those ports, thus overriding the maxbuffer percentage set for the QoS
profile.

Note
The packet buffer configuration feature is provided for expert users who
fully understand the impact of buffer configuration changes. Improper buffer
configuration can stop traffic flow through QoS profiles and ports for which no
direct configuration change was made.

A range of ports has its own packet buffer pool. The maxbuffer override capability
allows you to overcommit the packet buffer pool for the port range. When a packet
buffer pool is overcommitted by more than 20%, the following message appears in the
system log:
Warning: Packet memory is overcommitted by <percentage> for ports in range <port-range>

It is also possible to configure maxbuffer overrides such that the size of the shared
portion of the buffer pool is reduced to zero. If some port and QoS profile in the
port range for that buffer pool does not have sufficient reserved packet memory to
accommodate larger packets, it will be impossible for that port and QoS profile to
transmit any packets of the larger size. In this case, the following message appears in
the system log:
Warning: At least one port and QoS profile in port range <port-range> cannot transmit
packets larger than <packet-size> because of packet memory configuration.

The weight-value parameter does not apply when the switch is configured for strict
priority scheduling, which is the default configuration. To configure the type of
scheduling you want to use for the entire switch, use the configure qosscheduler
command.

The weight-value parameter configures the relative weighting for each QoS profile.
Because each QoS profile has a default weight of 1, all QoS profiles have equal
weighting. If you configure a QoS profile with a weight of 4, that specified QoS profile is
serviced 4 times as frequently as the remaining QoS profiles, which still have a weight
of 1. If you configure all QoS profiles with a weight of 16, each QoS profile is serviced
equally but for a longer period.

Switch Engine™ Command Reference Guide for version 32.7.1 1243

Example Commands

When the switch is configured for weighted-round-robin mode, the use-strict-priority

option overrides the switch configuration for the specified QoS profile on all ports.
Among QoS profiles configured with the use-strict-priority-option, QoS profile QP8 has
the highest priority and QP1 has the lowest priority. All strict-priority QoS profiles are
serviced first according to their priority level, and then all other QoS profiles are serviced
based on their configured weight.

Note
If you specify use-strict-priority, lower-priority queues and weighted-round-
robin queues are not serviced at all as long as higher-priority queues have any
remaining packets.

Example
The following example overrides the maximum buffer setting configured on QoS profile
qp1 for port1:1:
# configure qosprofile qp1 maxbuffer 75 port 1:1

History
This command was first available in ExtremeXOS 10.1.

Committed and peak rates were added in ExtremeXOS 11.0. Also in ExtremeXOS 11.0,
ports were made mandatory.

Support for all platforms was added in the respective platform introduction releases.

The use-strict-priority option was added in ExtremeXOS 12.3.

The ability to configure a maxbuffer override was added in ExtremeXOS 12.5.

The port_group variable was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all platforms with specific parameter exceptions as noted
in the Syntax Description above.

configure qosprofile weight

configure qosprofile qp8 weight weight_value

Description
This command enables the user to input a weight value for queue service weighting in
the weighted-round-robin scheduler or weighted-deficit-round-robin scheduler for this
QoS profile. The weight value of both WRR and WDRR algorithms have been extended
to 1-127 on this supported hardware (refer to the Switch Engine 32.7.1 User Guide for
supported hardware).

1244 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
weight_value Range is 1-15 or 1-127 depending on hardware type.

Default
Strict priority.

Usage Guidelines
Use this command to input a weight value for queue service weighting in the
weighted-round-robin scheduler or weighted-deficit-round-robin scheduler for this
QoS profile. The weight value of both WRR and WDRR algorithms have been extended
to 1-127 on this supported hardware (refer to the ExtremeXOS 22.6 User Guide for
supported hardware).

Example
Example output not yet available and will be provided in a future release.

History
This command was first available in ExtremeXOS 12.7.

Platform Availability
This command is available on all Universal switches supported in this document.

configure qosprofile wred

configure {qosprofile} {egress} qosprofile [wred [{color [tcp [green
| red] | non-tcp [any|red]] [{min-threshold min_thresh} {max-
threshold } {max-drop-rate max_drop_rate}]} | avg-weight avg_weight]]
ports [port_list |all]

Description
Configures WRED on the specified QoS profile for the specified port.

Syntax Description
egress This optional parameter specifies an egress QoS profile.
qosprofile Specifies a QoS profile name. Valid names are QP1 to QP8.
color Specifies the WRED color to be configured.
green Specifies that the WRED configuration applies to TCP
traffic that is marked green.

Switch Engine™ Command Reference Guide for version 32.7.1 1245

Default Commands

non-tcp any Specifies that the WRED configuration applies to any non-
TCP traffic.
red Specifies that the WRED configuration applies to TCP
traffic that is marked red.
min_thresh Specifies the minimum threshold for the specified WRED
color. The range is 1 to 100 percent.
max_threshold Specifies the maximum threshold for the specified WRED
color. The range is 1 to 100 percent.
max_drop_rate Specifies the maximum drop rate for the specified WRED
color. The range is 1 to 100 percent.
port_list Specifies a list of slots and ports to which the parameters
apply. Specify ports in the following formats: 3-5, 2:5, 2:6-2:8.
non-tcp red Specifies that the WRED configuration applies to non-TCP
traffic that is marked red.
avg_weight Specifies the weight constant for calculating the average
queue size for the specified QoS profile. The range is 1 to 15.
all Specifies that this command applies to all ports on the
device.

Default
• Minimum threshold—100%
• Maximum threshold—100%
• Maximum drop rate—100%
• Average weight—4

Usage Guidelines
The max_drop_rate, min_threshold, and max_threshold parameters apply to the
specified color. The avg_weight parameter applies to all colors on the specified QoS
profile. Increasing the avg_weight value reduces the probability that traffic is dropped.
Conversely, decreasing the avg_weight value increases the probability that traffic is
dropped.

Example
The following example configures WRED settings for port 2:1, QoS profile qp3, color
green:
configure qosprofile qp3 wred color tcp green min-threshold 80 max-threshold 95 max-drop-
rate 75 ports 2:1

The following example configures the average weight for port 2:1, QoS profile qp2:
configure qosprofile qp2 wred avg-weight 4 ports 2:1

1246 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The following example configures WRED settings for non-TCP traffic on port 4, QoS
profile qp3:
configure qosprofile qp3 wred color non-tcp any min-threshold 10 ports 4

The following example configures WRED settings using "wredGroup" as the

port_group variable:
configure qosprofile qp8 wred color tcp red min-threshold 25 max-streshold 75 max-drop-
rate 30 ports wredGroup

History
This command was first available in ExtremeXOS 12.7.

The port_group variable was added in ExtremeXOS 16.1.

Platform Availability
This command is available on the ExtremeSwitching 5520 platform.

configure qosprofile egress wred ecn

configure qosprofile egress qp_num wred ecn [on | off] ports [port_list
| all]

Description
This command turns Explicit Congestion Notification (ECN) on or off for the
corresponding QoS profile for the given port(s).

Syntax Description
qp_num QoS profile (qp1, qp2, qp3, qp3, qp4, qp5, qp6, qp7, qp8)
wred Designates weighted random early detection (WRED).
ecn Designates ECN.
on Enables ECN.
off Disables ECN.
ports Selects ports.
port_list Selects specific ports to apply the ECN setting for the
designated QoS profile.
all Selects all ports to apply the ECN setting for the
designated QoS profile.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 1247

Usage Guidelines Commands

Usage Guidelines
Weighted Random Early Detection (WRED) drops the packets, based on the average
length exceeding a specific threshold value to indicate congestion. Explicit Congestion
Notification (ECN) is an extension to WRED that marks the drop-eligible packets,
instead of dropping, using the same criteria of minimum threshold, maximum
threshold, and drop probability

Example
The following example enables ECN for QoS profile 5 on port 2:
# configure qosprofile egress qp5 wred ecn on ports 2

History
This command was first available in ExtremeXOS 22.3.

Platform Availability
This command is available on the ExtremeSwitching 5520 platform.

configure qosscheduler weighted-deficit-round-robin

configure qosscheduler [strict-priority | weighted-round-robin |
weighted-deficit-round-robin ] {ports [port_list | port_group |
all ]}

Description
This command specifies the scheduling algorithm that the switch uses to service QoS
profiles.

Syntax Description
strict-priority Specifies the switch services the higher-priority QoS
profiles first.
weighted-round-robin Specifies the switch services all QoS profiles based on the
configured weighting for each QoS profile.
weighted-deficit- Allows you to use a credit-based algorithm in order to
round-robin sample the size of the packet while scheduling various
queues.
ports Ports to display.
port_list Port list.
port_group Port group name
all Al portsl.

1248 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Strict-priority.

Usage Guidelines
When issued without a port_list or port_group, this command configures the global
scheduling algorithm that will be applied to all ports that have not been configured
with per-port scheduling. When issued with a port_list or port_group, this command
configures the scheduling algorithm for specific ports.

The scheduling algorithm for a qosprofile can be overridden either globally or on a

per-port basis with the command:
configure qosprofile qosprofile use-strict-priority

In strict-priority mode, QoS profile QP8 has the highest priority and QP1 has the lowest
priority.

Note
Queues are serviced using the configured scheduling algorithm until all of
the minBws are satisfied, then all queues are serviced using the configured
scheduling algorithm until all of the maxBws are satisfied.

Example
The following example configures the switch for weighted-round-robin servicing:
configure qosscheduler weighted-round-robin

The following example configures the switch for weighted-deficit-round-robin

servicing:
configure qosscheduler weighted-deficit-round-robin

This command specifies the scheduling algorithm the switch uses to service QoS
profiles. Weighted-deficit-round-robin mode of scheduling allows you to use a credit
based algorithm in order to sample in the size of the packet while scheduling various
queues.

History
This command was first available in ExtremeXOS 15.1.

The ports and all keywords, and port_list and port_group variables were added in
ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1249

configure radius algorithm Commands

configure radius algorithm

configure radius algorithm [standard | round-robin]

Description
This command is used to configure the algorithm used to determine the rotation of
RADIUS servers.

Syntax Description
standard Standard Extreme retransmission algorithm.
round-robin Simple Round Robin retransmission algorithm.

Default
Standard.

Usage Guidelines
Use this command to configure the algorithm to determine rotation of RADIUS servers.

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure radius dynamic-authorization server client-ip

configure radius dynamic-authorization index [nas-ip [ignore | require]
| server [host_ipaddr | host_ipV6addr | hostname] {tls {tls_port}}
client-ip [client_ipaddr | client_ipV6addr] {vr vr_name} {shared-
secret {encrypted} secret}

Description
This command configures up to eight RADIUS servers with dynamic authorization.

Note
It is recommended to enable loopback mode on the VLAN associated with
RADIUS if the RADIUS connectivity is established using a front panel port on a
SummitStack.

1250 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
dynamic-authorization Specifies RADIUS dynamic authorization.
index RADIUS server index. Range: 1–2147483641.
nas-ip Specifies configuring the Network Access Server (NAS) IP
Address requirement.
ignore Specifies to ignore the NAS-IP Address requirement.
require Specifies to require the NAS-IP Address (default).
server host_ipaddr Server IPv4 address in either IPv4 (host_ipaddr) or IPv6
host_ipV6addr (host_ipV6addr) format.
hostname The host name of the server being configured.
tls Specifies using Transmission Control Protocol (TCP).
tls_port The TLS port to use to contact the RADIUS authentication
server.
client-ip Client address in either IPv4 (client_ipaddr) or IPv6
client_ipaddr format (client_ipV6addr).
client_ipV6addr
vr vr_name Specifies the virtual router on which the client IP is located.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

shared-secret Shared secret.

secret Secret string.
encrypted Password is encrypted.

Default
The virtual router used is VR-Mgmt, the management virtual router.

Usage Guidelines
Use this command to specify RADIUS server information.

Use of the hostname parameter requires that DNS be enabled.

The RADIUS server defined by this command is used for user name authentication and
CLI command authentication.

Switch Engine™ Command Reference Guide for version 32.7.1 1251

Example Commands

Example
The following example configures a RADIUS dynamic authorization server with server
index 100 on host "radius1" using the default UDP port (1812) for use by the RADIUS
client on switch 10.10.20.30 using a virtual router interface of VR-Default:
configure radius dynamic-authorization 100 server radius1 client-ip 10.10.20.30 vr vr-
Default

History
This command was first available in ExtremeXOS 22.1.

The nas-ip option with ignore and require variables were introducted in ExtremeXOS
31.3.

The tls keyword with tls_port variable was added in ExtremeXOS 31.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure radius port bounce

configure radius port bounce [ on | off]

Description
This command configures port bouncing on a port, which temporarily disables and
re-enables a network port in order to reinitiate a DHCP request.

Syntax Description
on Specifies turning ON port bounce.
off Specifies turning OFF port bounce (Default).

Default
OFF.

Usage Guidelines
The following conditions must be met for this command to work:
• A Netlogin session must be active on the authenticator port.
• Policy must be created.
• Dynamic Authentication must be enabled.

1252 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example turns on port bouncing on a switch:
# configure radius port bounce on

History
This command was first available in ExtremeXOS 32.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure radius retries

configure radius {mgmt-access [primary | secondary] | netlogin [primary
| secondary] | index} retries retries

Description
This command is used to set the number of retries the switch will attempt. This value
may be global or on a per server basis.

Syntax Description
mgmt-access RADIUS authentication for management access.
netlogin RADIUS authentication for netlogin access.
primary Primary server.
secondary Secondary server.
index RADIUS server index.
retries RADIUS server retries.
retries RADIUS sever retries. Range 1-20.

Default
The default value is 3, with a range of 0-10.

Usage Guidelines
None.

History
This command was first available in ExtremeXOS 16.1.

Switch Engine™ Command Reference Guide for version 32.7.1 1253

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure radius server client-ip

configure radius {mgmt-access | netlogin} [primary | secondary | index]
server [host_ipaddr | host_ipV6addr | hostname] {udp_port | tls
{tls_port}} client-ip [client_ipaddr | client_ipV6addr] {vr vr_name}
{shared-secret {encrypted} secret}

Description
This command configures up to eight RADIUS authentication servers.

Note
It is recommended to enable loopback mode on the VLAN associated with
radius if the radius connectivity is established via a front panel port on a
SummitStack.

Syntax Description
mgmt-access Specifies the RADIUS authentication server for switch
management.
netlogin Specifies the RADIUS authentication server for network
login.
primary Configures the primary RADIUS authentication server.
secondary Configures the secondary RADIUS authentication server.
index RADIUS server index. Range: 1 - 2147483641.
host_ipaddr The IP address of the server being configured.
host_ipV6addr Server IPv6 address.
hostname The host name of the server being configured.
udp_port The UDP port to use to contact the RADIUS
authentication server.
tls Specifies using Transfer Layer Security (TLS).
tls_port The TLS port to use to contact the RADIUS authentication
server.
ipaddress The IP address used by the switch to identify itself when
communicating with the RADIUS authentication server.
client_ipV6addr Client IPv6 address.
vr_name Specifies the virtual router on which the client IP is
located.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

1254 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

shared-secret Shared secret

secret Secret string.

Important: Use quotes to enclose the string. Failure to do

so causes the CLI to treat the string as a comment, since
the string starts with a"#" symbol.

encrypted Password is encrypted.

Default
The following lists the default behavior of this command:
• The UDP port setting is 1812.
• The TLS port setting is 2083.
• The virtual router used is VR-Mgmt, the management virtual router.
• Switch management and network login use the same primary and secondary
RADIUS servers for authentication (only if the realm is not specified in the
command).,

Usage Guidelines
Use this command to specify RADIUS server information.

Use of the hostname parameter requires that DNS be enabled.

The RADIUS server defined by this command is used for user name authentication and
CLI command authentication.

Beginning with ExtremeXOS 11.2, you can specify one pair of RADIUS authentication
servers for switch management and another pair for network login. To specify RADIUS
authentication servers for switch management (Telnet, SSH, and console sessions), use
the mgmt-access keyword. To specify RADIUS authentication servers for network login,
use the netlogin keyword. If you do not specify a keyword, switch management and
network login use the same pair of RADIUS authentication servers.

If you are running ExtremeXOS 11.1 or earlier and upgrade to ExtremeXOS 11.2, you
do not lose your existing RADIUS server configuration. Both switch management
and network login use the RADIUS authentication server specified in the older
configuration.

Specifying mgmt-access or netlogin before the index will create a RADIUS entry with
only that realm specified, if neither are specified both realms will be enabled.

Note
You cannot use a stacking alternate IP address as the RADIUS client in primary
RADIUS server configuration.

Switch Engine™ Command Reference Guide for version 32.7.1 1255

Example Commands

Example
The following example configures the primary RADIUS server on host radius1 using the
default UDP port (1812) for use by the RADIUS client on switch 10.10.20.30 using a virtual
router interface of VR-Default:
configure radius primary server radius1 client-ip 10.10.20.30 vr vr-Default

The following example configures the primary RADIUS server for network login
authentication on host netlog1 using the default UDP port for use by the RADIUS client
on switch 10.10.20.31 using, by default, the management virtual router interface:
configure radius netlogin primary server netlog1 client-ip 10.10.20.31

History
This command was first available in ExtremeXOS 10.1.

The mgmt-access and netlogin keywords were added in ExtremeXOS 11.2.

The index, host_ipV6addr, client_ipV6addr, shared-secret, and encrypted

keywords were added in ExtremeXOS 16.1.

The tls keyword with tls_port variable was added in ExtremeXOS 31.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure radius shared-secret

configure radius [primary | secondary index] shared-secret
{encryptedencrypted_secret | secret}

Description
Configures the authentication string used to communicate with the RADIUS
authentication server.

Syntax Description
mgmt-access Specifies the switch management RADIUS authentication
server.
netlogin Specifies the network login RADIUS authentication server.
primary Configures the authentication string for the primary
RADIUS server.
secondary Configures the authentication string for the secondary
RADIUS server.
index RADIUS server index.

1256 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

encrypted Indicates that the string is already encrypted.

secret The string to be used for authentication.

Default
Unconfigured.

Usage Guidelines
The secret must be the same between the client switch and the RADIUS server.

The RADIUS server must first be configured for use with the switch as a RADIUS client.

The mgmt-access keyword specifies the RADIUS server used for switch management
authentication.

The netlogin keyword specifies the RADIUS server used for network login
authentication.

If you do not specify the mgmt-access or netlogin keywords, the secret applies to both
the primary or secondary switch management and netlogin RADIUS servers.

The encrypted keyword is primarily for the output of the show configuration
command, so the shared secret is not revealed in the command output. Do not use
it to set the shared secret.

Example
The following example configures the shared secret as "purplegreen" on the primary
RADIUS server for both switch management and network login:
configure radius primary shared-secret purplegreen

The following example configures the shared secret as "redblue" on the primary switch
management RADIUS server:
configure radius mgmt-access primary shared-secret redblue

History
This command was first available in ExtremeXOS 10.1.

The encrypted keyword was added in ExtremeXOS 11.0.

The mgmt-access and netlogin keywords were added in ExtremeXOS 11.2.

The index variable was added in ExtremeXOS 16.1.

Switch Engine™ Command Reference Guide for version 32.7.1 1257

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure radius timeout

configure radius {mgmt-access {primary | secondary} | netlogin {primary
| secondary} | index } timeout sec

Description
Configures the timeout interval for RADIUS authentication requests.

Syntax Description
mgmt- Specifies the switch management RADIUS authentication server.
access
netlogin Specifies the network login RADIUS authentication server.
primary Primary server.
secondary Secondary server.
index RADIUS server index.
seconds Specifies the number of seconds for authentication requests. Range is 1
to 240 seconds.

Default
The default is 3 seconds.

Usage Guidelines
This command configures the timeout interval for RADIUS authentication requests.
When the timeout has expired, another authentication attempt will be made. After
three failed attempts to authenticate, the alternate server will be used. This only refers
to the default configuration. After six failed attempts, local user authentication will be
used.

The mgmt-access keyword specifies the RADIUS server used for switch management
authentication.

The netlogin keyword specifies the RADIUS server used for network login
authentication.

If you do not specify the mgmt-access or netlogin keywords, the timeout interval
applies to both switch management and netlogin RADIUS servers.

1258 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example configures the timeout interval for RADIUS authentication to 10
seconds. After 30 seconds (three attempts), the alternate RADIUS server will be used.
After 60 seconds (six attempts) local user authentication is used.

Note
This example assumes the default number of retries.

configure radius timeout 10

History
This command was first available in ExtremeXOS 10.1.

The mgmt-access and netlogin keywords were added in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure radius tls ocsp

configure radius tls ocsp [ on | off]

Description
This command configures Online Certificate Status Protocol (OCSP) globally for all
RADIUS TLS servers.

Syntax Description
tls Specifies Transport Layer Security (TLS).
ocsp Specifies the OCSP attribute.
on Specifies turning ON OCSP for all RADIUS TLS servers.
off Specifies turning OFF OCSP for all RADIUS TLS servers.

Default
ON.

Usage Guidelines
This is not configurable per server.

Switch Engine™ Command Reference Guide for version 32.7.1 1259

Example Commands

Example
The following example turns off OCSP for all RADIUS TLS servers:
# configure radius tls ocsp off

History
This command was first available in ExtremeXOS 31.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure radius tls ocsp nonce

configure radius tls ocsp nonce [on | off]

Description
Enables or disables Online Certificate Status Protocol (OCSP) nonce for RADIUS TLS
servers.

Syntax Description
tls Specifies Transport Layer Security (TLS).
ocsp Specifies the OCSP attribute.
nonce Specifies to cryptographically bind an OCSP request and
an OCSP response with the extension id-pkix-ocsp-
nonce to prevent replay attacks.
on Specifies to include the id-pkix-ocsp-nonce extension in
the OCSP request and response.
off Specifies to exclude the extension (default).

Default
Off.

Usage Guidelines

Example
The following example configures nonce:
# configure radius tls ocsp nonce on

1260 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure radius tls ocsp override

configure radius tls ocsp override [url | none]

Description
This command configures one HTTP Online Certificate Status Protocol (OCSP) override
URL for RADIUS TLS servers.

Syntax Description
tls Specifies Transport Layer Security (TLS).
ocsp Specifies the OCSP attribute.
override Specifies to override the OCSP server in the
AuthorityInformationAccess section of a RADIUS TLS
server's certificate.
url Specifies the URL of the OCSP override server. Default port
is 80.
none Specifies to remove the OCSP override URL configuration
(default).

Default
None.

Usage Guidelines
Only HTTP is supported with either FQDN or IP.

Example
The following example configures an override URL of http://radiusocsp:2021:
# configure radius tls ocsp override http://radiusocsp:2021

History
This command was first available in ExtremeXOS 32.2.

Switch Engine™ Command Reference Guide for version 32.7.1 1261

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure radius tls ocsp signer

configure radius tls ocsp signer ocsp-nocheck [on | off]

Description
Enables or disables Online Certificate Status Protocol (OCSP) signer's ocsp-nocheck for
RADIUS TLS servers.

Syntax Description
tls Specifies Transport Layer Security (TLS).
ocsp Specifies the OCSP attribute.
ocsp-nocheck Specifies the extension id-pkix-ocsp-nocheck. If present
in the OCSP signer's certificate, then it is trusted for its
lifetime.
on Specifies to override the id-pkix-ocsp-nocheck extension
in the OCSP signer's certificate and forces the extension as
if it is present.
off Specifies to behave per the extension's presence in the
OCSP signer's certificate. If not present and the OCSP
signer is not root CA, then the whole OCSP will fail
(default).
signer Specifies the OCSP signer that signs the OCSP response.

Default
Off.

Usage Guidelines

Example
The following example enables OCSP signer's nocheck for a RADIUS TLS server.
# configure radius tls ocsp signer ocsp-nocheck on

History
This command was first available in ExtremeXOS 32.2.

1262 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure radius tls tcp-user-timeout

configure radius tls tcp-user-timeout [ seconds | default]

Description
This command configures TCP connection timeout globally for all TLS servers.

Syntax Description
tls Specifies Transport Layer Security (TLS).
tcp-user-timeout Specifies the TCP user timeout attribute.
seconds Specifies the timeout in seconds.
default Specifies to use the system default timeout.

Default
Use the system's TCP user timeout setting.

Usage Guidelines
This is not configurable per server.

Example
The following example sets the TCP user timout to 60 seconds.
configure radius tls tcp-user-timeout 60

History
This command was first available in ExtremeXOS 31.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure radius-accounting retries

configure radius-accounting {mgmt-access [primary | secondary] |
netlogin [primary | secondary] | index} retries retries

Switch Engine™ Command Reference Guide for version 32.7.1 1263

Description Commands

Description
This command is used to set the number of retries the switch will attempt. This value
may be global or on a per server basis.

Syntax Description
mgmt-access RADIUS authentication for management access
netlogin RADIUS authentication for netlogin access.
primary Primary server.
secondary Secondary server.
index RADIUS server index.
retries RADIUS server retries.
retries RADIUS sever retries. Range 1-20.

Default
The default value is 3, with a range of 0-10.

Usage Guidelines
None.

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure radius-accounting server client-ip

configure radius-accounting { mgmt-access | netlogin } [ primary
| secondary | index ] server [ host_ipaddr | host_ipV6addr |
hostname] {udp_port | tls {tls_port}} client-ip [ client_ipaddr |
client_ipV6addr] {vr vr_name} {shared-secret {encrypted} secret}

Description
Configures the RADIUS accounting server.

1264 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
mgmt-access Specifies the RADIUS authentication server for switch
management.
netlogin Specifies the RADIUS authentication server for network
login.
primary Configures the primary RADIUS authentication server.
secondary Configures the secondary RADIUS authentication server.
index RADIUS server index. Range: 1 - 2147483641.
host_ipaddress The IP address of the server being configured.
host_ipV6addr Server IPv6 address.
hostname The host name of the server being configured.
udp_port The UDP port to use to contact the RADIUS authentication
server.
tls Specifies using Transfer Layer Security (TLS).
tls_port The TLS port to use to contact the RADIUS accounting
server.
ipaddress The IP address used by the switch to identify itself when
communicating with the RADIUS authentication server.
client_ipV6addr Client IPv6 address.
vr_name Specifies the virtual router on which the client IP is located.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

shared-secret Shared secret

secret Secret string.
encrypted Password is encrypted.

Default
The following lists the default behavior of this command:
• The UDP port setting is 1813.
• The TLS port setting is 2083.
• The virtual router used is VR-Mgmt, the management virtual router.
• Switch management and network login use the same RADIUS accounting server.

Usage Guidelines
Use this command to specify the radius accounting server.

The accounting server and the RADIUS authentication server can be the same.

Use of the hostname parameter requires that DNS be enabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1265

Example Commands

Beginning with ExtremeXOS 11.2, you can specify one pair of RADIUS accounting
servers for switch management and another pair for network login. To specify RADIUS
accounting servers for switch management (Telnet, SSH, and console sessions), use the
mgmt-access keyword. To specify RADIUS accounting servers for network login, use the
netlogin keyword. If you do not specify a keyword, switch management and network
login use the same pair of RADIUS accounting servers.

If you are running ExtremeXOS 11.1 or earlier and upgrade to ExtremeXOS 11.2, you
do not lose your existing RADIUS accounting server configuration. Both switch
management and network login use the RADIUS accounting server specified in the
older configuration.

Example
The following example configures RADIUS accounting on host radius1 using the default
UDP port (1813) for use by the RADIUS client on switch 10.10.20.30 using a virtual router
interface of VR-Default for both management and network login:
configure radius-accounting primary server radius1 client-ip 10.10.20.30 vr vr-Default

The following example configures RADIUS accounting for network login on host
netlog1 using the default UDP port for use by the RADIUS client on switch 10.10.20.31
using the default virtual router interface:
configure radius-accounting netlogin primary server netlog1 client-ip 10.10.20.31

History
This command was first available in ExtremeXOS 10.1.

The mgmt-access and netlogin keywords were added in ExtremeXOS 11.2.

The index, host_ipV6addr, client_ipV6addr, shared-secret, and encrypted

keywords were added in ExtremeXOS 16.1.

The tls keyword with tls_port variable was added in ExtremeXOS 31.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure radius-accounting shared-secret

configure radius-accounting [primary | secondary index] shared-secret
{encrypted encrypted_secret | secret }

Description
Configures the authentication string used to communicate with the RADIUS
accounting server.

1266 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
mgmt-access Specifies the switch management RADIUS accounting
server.
netlogin Specifies the network login RADIUS accounting server.
primary Configures the authentication string for the primary
RADIUS accounting server.
secondary Configures the authentication string for the secondary
RADIUS accounting server.
encrypted Indicates that the string is already encrypted.
secret The string to be used for authentication. Maximum length
of 32 characters.

Default
Unconfigured.

Usage Guidelines
The secret must be the same between the client switch and the RADIUS accounting
server.

The mgmt-access keyword specifies the RADIUS accounting server used for switch
management.

The netlogin keyword specifies the RADIUS accounting server used for network login.

If you do not specify the mgmt-access or netlogin keywords, the secret applies to
both the primary or secondary switch management and netlogin RADIUS accounting
servers.

The encrypted keyword is primarily for the output of the show configuration
command, so the shared secret is not revealed in the command output. Do not use
it to set the shared secret.

Example
The following command configures the shared secret as “purpleaccount” on the
primary RADIUS accounting server for both management and network login:

configure radius primary shared-secret purpleaccount

The following command configures the shared secret as “greenaccount” on the

primary management RADIUS accounting server:

configure radius mgmt-access primary shared-secret greenaccount

Switch Engine™ Command Reference Guide for version 32.7.1 1267

History Commands

History
This command was first available in ExtremeXOS 10.1.

The encrypted keyword was added in ExtremeXOS 11.0.

The mgmt-access and netlogin keywords were added in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure radius-accounting timeout

configure radius-accounting {mgmt-access {primary | secondary} |
netlogin {primary | secondary} | index } timeout sec

Description
Configures the timeout interval for RADIUS-Accounting authentication requests.

Syntax Description
mgmt- Specifies the switch management RADIUS authentication server.
access
netlogin Specifies the network login RADIUS authentication server.
primary Primary server.
secondary Secondary server.
index RADIUS server index.
seconds Specifies the number of seconds for authentication requests. Range is 1
to 240 seconds.

Default
The default is 3 seconds.

Usage Guidelines
This command configures the timeout interval for RADIUS-Accounting authentication
requests. When the timeout has expired, another authentication attempt will be made.
After three failed attempts to authenticate, the alternate server will be used.

The mgmt-access keyword specifies the RADIUS accounting server used for switch
management.

The netlogin keyword specifies the RADIUS accounting server used for network login.

1268 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

If you do not specify the mgmt-access or netlogin keywords, the timeout interval
applies to both switch management and netlogin RADIUS accounting servers.

Example
This example configures the timeout interval for RADIUS-Accounting authentication to
10 seconds. After 30 seconds (three attempts), the alternate RADIUS server will be used:

Note
This example assumes the default number of retries of 3.

configure radius-accounting timeout 10

History
This command was first available in ExtremeXOS 10.1.

The mgmt-access and netlogin keywords were added in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure rip add vlan

configure rip add vlan [vlan_name | all]

Description
Configures RIP on an IP interface.

Syntax Description
vlan_name Specifies a VLAN name.
all Specifies all VLANs.

Default
N/A.

Usage Guidelines
When an IP interface is created, RIP configuration is disabled on the interface by
default. When the RIP interface is disabled, the parameters are not reset to default
automatically.

Switch Engine™ Command Reference Guide for version 32.7.1 1269

Example Commands

Example
The following command configures RIP on the VLAN finance:
# configure rip add finance

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

configure rip delete vlan

configure rip delete vlan [vlan_name | all]

Description
Disables RIP on an IP interface.

Syntax Description
vlan_name Specifies a VLAN name.
all Specifies all VLANs.

Default
N/A.

Usage Guidelines
When an IP interface is created, RIP configuration is disabled on the interface by
default. When the RIP interface is disabled by this command, the parameters are not
reset to default automatically.

Example
The following command deletes RIP on a VLAN named finance:
# configure rip delete finance

History
This command was first available in ExtremeXOS 10.1.

1270 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

configure rip garbagetime

configure rip garbagetime {seconds}

Description
Configures the RIP garbage time.

Syntax Description
seconds Specifies a time in seconds.

Default
120 seconds.

Usage Guidelines
None.

Example
The following command configures the RIP garbage time to have a 60-second delay:
# configure rip garbagetime 60

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

configure rip import-policy

configure rip import-policy [policy-name | none]

Description
Configures the import policy for RIP.

Switch Engine™ Command Reference Guide for version 32.7.1 1271

Syntax Description Commands

Syntax Description
policy-name Specifies the policy.

Default
No policy.

Usage Guidelines
An import policy is used to modify route attributes while adding RIP routes to the IP
route table. The import policy cannot be used to determine the routes to be added to
the routing table.

Use the none option to remove an import policy.

Example
The following example applies the policy campuseast to RIP routes:
# configure rip import-policy campuseast

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

configure rip routetimeout

configure rip routetimeout seconds

Description
Configures the route timeout period.

Syntax Description
seconds Specifies a time in seconds.

Default
180 seconds.

1272 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
If a router does not receive an update message from its neighbor within the route
timeout period (180 seconds by default), the router assumes the connection between it
and its neighbor is no longer available.

Example
The following example sets the route timeout period to 120 seconds:
# configure rip routetimeout 120

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

configure rip updatetime

configure rip updatetime seconds

Description
Specifies the time interval in seconds within which RIP sends update packets.

Syntax Description
seconds Specifies a time in seconds. The range is 10 to 180.

Default
30 seconds.

Usage Guidelines
The router exchanges an update message with each neighbor every 30 seconds
(default value) or if there is a change to the overall routed topology (also called
triggered updates). The timer granularity is 10 seconds. Timer minimum is 10 seconds
and maximum is 180 seconds.

Example
The following command sets the update timer to 60 seconds:
# configure rip updatetime 60

Switch Engine™ Command Reference Guide for version 32.7.1 1273

History Commands

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

configure rip vlan cost

configure rip vlan [vlan_name | all] cost cost

Description
Configures the cost (metric) of the interface.

Syntax Description
vlan_name Specifies a VLAN name.
all Specifies all VLANs.
cost Specifies a cost metric.

Default
The default setting is 1.

Usage Guidelines
The specified interface cost is added to the cost of the route received through this
interface.

Example
The following command configures the cost for the VLAN finance to a metric of 3:
# configure rip vlan finance cost 3

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

1274 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure rip vlan route-policy

configure rip vlan route-policy

configure rip vlan [vlan_name | all] route-policy [in | out] [policy-
name | none]

Description
Configures RIP to ignore certain routes received from its neighbor, or to suppress
certain routes when performing route advertisements.

Syntax Description
vlan_name Specifies a VLAN name.
all Specifies all VLANs.
policy-name Specifies a policy.
none Removes any policy from the VLAN.

Default
N/A.

Usage Guidelines
Use the in option to configure an input route policy, which determines which RIP
routes are accepted as valid routes. This policy can be combined with the trusted
neighbor policy to accept selected routes only from a set of trusted neighbors.

Use the out option to configure an output route policy, which determines which RIP
routes are advertised on the VLAN.

Example
The following command configures the VLAN backbone to accept selected routes from
the policy nosales:
# configure rip vlan backbone route-policy in nosales

The following command uses the policy nosales to determine which RIP routes are
advertised into the VLAN backbone:
# configure rip vlan backbone route-policy out nosales

History
This command was first available in ExtremeXOS 10.1.

Switch Engine™ Command Reference Guide for version 32.7.1 1275

Platform Availability Commands

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

configure rip vlan rxmode

configure rip [vlan vlan_name | all] rxmode [none | v1only | v2only |
any]

Description

Syntax Description
vlan_name Specifies to apply settings to specific VLAN name.
all Specifies all VLANs.
none Specifies to drop all received RIP packets.
v1only Specifies to accept only RIP version 1 format packets.
v2only Specifies to accept only RIP version 2 format packets.
any Specifies to accept RIP version 1 and RIP version 2 packets.

Default
N/A.

Usage Guidelines
None.

Example
The following command configures the receive mode for the VLAN finance to accept
only RIP version 1 format packets:
# configure rip finance rxmode v1only

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

1276 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure rip vlan trusted-gateway

configure rip vlan trusted-gateway

configure rip vlan [vlan_name | all] trusted-gateway [policy-name |
none]

Description
Configures a trusted neighbor policy to determine trusted RIP router neighbors for the
VLAN on the switch running RIP.

Syntax Description
vlan_name Specifies a VLAN name.
all Specifies all VLANs.
policy-name Specifies a policy.
none Removes any trusted-gateway policy from the VLAN.

Default
N/A.

Usage Guidelines
Use this command to set a policy to determine trusted neighbors. A neighbor is
defined by its IPaddress. Only the RIP control packets from trusted neighbors will be
processed.

Example
The following command configures RIP to use the policy nointernet to determine from
which RIP neighbor to receive (or reject) the routes to the VLAN backbone:
# configure rip vlan backbone trusted-gateway nointernet

History
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

Platform Availability
This command is available on all platforms with an Edge, Advanced Edge, or Core
license.

Switch Engine™ Command Reference Guide for version 32.7.1 1277

configure rip vlan txmode Commands

configure rip vlan txmode

configure rip [vlan vlan_name | all] txmode [none | v1only | v1comp |
v2only]

Description
Changes the RIP transmission mode for one or all VLANs.

Syntax Description
vlan_name Specifies to apply settings to a specific VLAN name.
all Specifies all VLANs.
none Specifies to not transmit any packets on this interface.
v1only Specifies to transmit RIP version 1 format packets to the
broadcast address.
v1comp Specifies to transmit RIP version 2 format packets to the
broadcast address.
v2only Specifies to transmit RIP version 2 format packets to the
RIP multicast address.

Default
N/A.

Usage Guidelines
None.

Example
The following command configures the transmit mode for the VLAN finance to
transmit version 2 format packets to the broadcast address:
# configure rip finance txmode v1comp

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

1278 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure ripng add

configure ripng add

configure ripng add [vlan vlan-name | tunnel tunnel-name | [vlan |
tunnel] all]

Description
Configures RIPng on an IP interface.

Syntax Description
vlan-name Specifies an IPv6 configured VLAN.
tunnel-name Specifies an IPv6 tunnel.
all Specifies all IPv6 configured VLANs or tunnels.

Default
N/A.

Usage Guidelines
For RIPng to be active on the interface, it must also be globally enabled using
the command disable ripng export [direct | ospfv3 | ospfv3-extern1 |
ospfv3-extern2 | ospfv3-inter | ospfv3-intra | static | isis | isis-
level-1| isis-level-1-external | isis-level-2| isis-level-2-external |
bgp]. If the keyword all is specified, all IPv6 configured VLANs or tunnels will be
configured for RIPng.

Example
The following command configures RIPng on the VLAN finance:

configure ripng add finance

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

Switch Engine™ Command Reference Guide for version 32.7.1 1279

configure ripng cost Commands

configure ripng cost

configure ripng [vlan vlan-name | tunnel tunnel-name] cost metric

Description
Configures the cost (metric) of the interface..

Syntax Description
vlan-name Specifies an IPv6 configured VLAN.
tunnel-name Specifies an IPv6 tunnel.
metric Specifies a cost metric. Range is 1 to 15.

Default
The default setting is 1.

Usage Guidelines
The specified interface cost is added to the cost of the route received through this
interface.

Example
The following command configures the cost for the VLAN finance to a metric of 3:

configure ripng vlan finance cost 3

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

configure ripng delete

configure ripng delete [vlan vlan-name | tunnel tunnel-name | [vlan |
tunnel] all]

Default
Removes an interface from RIPng routing.

1280 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan-name Specifies an IPv6 configured VLAN.
tunnel-name Specifies an IPv6 tunnel.
all Specifies all IPv6 configured VLANs or tunnels.

Default
N/A.

Usage Guidelines
This command removes an interface from RIPng routing. However, the RIPng-specific
interface configuration will be preserved, even if RIPng is unconfigured on the interface.
The interface configuration information is removed only when the IPv6 interface itself
gets deleted by, for example, by unconfiguring all the IPv6 addresses on the interface.

Example
The following command removes the VLAN finance from RIPng routing:

configure ripng delete finance

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

configure ripng garbagetime

configure ripng garbagetime {seconds}

Description
Configures the RIPng garbage time.

Syntax Description
seconds Specifies a time in seconds. Range is 10 to 2400 seconds.

Switch Engine™ Command Reference Guide for version 32.7.1 1281

Default Commands

Default
120 seconds.

Usage Guidelines
This command configures the time interval after which a route in the RIPng routing
database that has expired will be removed. The value is rounded off to nearest multiple
of 10.

Example
The following command configures the RIPng garbage time to have a 60-second delay:

configure ripng garbagetime 60

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

configure ripng import-policy

configure ripng import-policy [policy-name | none]

Description
Configures the import policy for RIPng.

Syntax Description
policy-name Specifies the policy.

Default
No policy.

Usage Guidelines
Use this command to configure the policy to be applied to RIPng routes installed into
the system routing table from the RIPng routing process. This policy can be used to
modify parameters associated with routes installed into the routing table. The import
policy cannot be used to determine the routes to be added to the routing table.

1282 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Use the none option to remove the import policy.

The following is a sample policy file that can be used with RIPng. It changes the metric
to 12 for any routes from the subnets 2001:db8:2ccc::/64 and 2001:db8:2ccd::/64:
entry filter_routes {
If match any{
nlri 2001:db8:2ccc:: /64;
nlri 2001:db8:2ccd:: /64;
}
then {
cost 12;
}
}

Example
The following example applies the policy campuseast to RIPng routes:

configure ripng import-policy campuseast

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

configure ripng route-policy

configure ripng [vlan vlan-name | tunnel tunnel-name] route-policy [in |
out] [policy-name | none]

Description
Configures RIPng to ignore or modify certain routes received from its neighbors, or to
suppress certain routes when performing route advertisements.

Syntax Description
vlan-name Specifies an IPv6 configured VLAN.
tunnel-name Specifies an IPv6 tunnel.
policy-name Specifies a policy.
none Removes any policy from the VLAN.

Switch Engine™ Command Reference Guide for version 32.7.1 1283

Default Commands

Default
N/A.

Usage Guidelines
Use the in option to configure an input route policy, which determines which RIPng
routes are accepted as valid routes from RIPng neighbors. This policy can be combined
with the trusted neighbor policy to accept selected routes only from a set of trusted
neighbors.

Use the out option to configure an output route policy, which determines which RIPng
routes are advertised to other RIPng neighbors.

The following is a sample policy file that could be used with RIPng. It will drop any
routes from the subnets 2001:db8:2ccc::/64 and 2001:db8:2ccd::/64:

entry filter_routes {
If match any{
nlri 2001:db8:2ccc:: /64;
nlri 2001:db8:2ccd:: /64;
}
then {
deny;
}
}

Example
The following command configures the VLAN backbone to accept routes from its
neighbor as specified by the policy nosales:

configure ripng vlan backbone route-policy in nosales

The following command uses the policy nosales to determine which RIP routes are
advertised into the VLAN backbone:

configure rip vlan backbone route-policy out nosales

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

1284 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure ripng routetimeout

configure ripng routetimeout

configure ripng routetimeout seconds

Description
Configures the route timeout period for RIPng.

Syntax Description
seconds Specifies a time in seconds. Range is 10 to 3600.

Default
180 seconds.

Usage Guidelines
If a router does not receive an update message from its neighbor within the route
timeout period (180 seconds by default), the router assumes the connection between it
and its neighbor is no longer available.

The configured value is rounded off to the nearest multiple of 10.

Example
The following example sets the route timeout period to 120 seconds:
configure ripng routetimeout 120

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

configure ripng trusted-gateway

configure ripng [vlan vlan-name | tunnel tunnel-name] trusted-gateway
[policy-name | none]

Switch Engine™ Command Reference Guide for version 32.7.1 1285

Description Commands

Description
Configures a trusted neighbor policy to determine trusted RIPng router neighbors for
the interfaces on the switch running RIPng.

Syntax Description
vlan-name Specifies an IPv6 configured VLAN.
tunnel-name Specifies an IPv6 tunnel.
policy-name Specifies a policy.
none Removes any trusted-gateway policy from the VLAN.

Default
None. Control packets from all of the neighbors are processed.

Usage Guidelines
Use this command to set a policy to determine trusted neighbors. A neighbor is
defined by its IPaddress. Only the RIPng control packets from trusted neighbors will
be processed.

The following policy designates neighbors from the fe80:202:b3ff:fe4a:6ada:: /64 subnet
and the neighbor at fe80:203::b3ff:fe4a:6ada as trusted gateways:
entry filter_gateways {
If match any{
nlri fe80:202:b3ff:fe4a:6ada:: /64;
nlri fe80:203::b3ff:fe4a:6ada:: /64;
}
then {
permit;
}
}

Example
The following command configures RIPng to use the policy nointernet to determine
from which RIPng neighbor to receive (or reject) the routes to the VLAN backbone:

configure ripng vlan backbone trusted-gateway nointernet

History
This command was first available in ExtremeXOS 11.2.

1286 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

configure ripng updatetime

configure ripng updatetime seconds

Description
Specifies the time interval in seconds within which RIPng sends update packets.

Syntax Description
seconds Specifies a time in seconds. The range is 10 to 3600.

Default
30 seconds.

Usage Guidelines
The router exchanges an update message with each neighbor every 30 seconds
(default value), or if there is a change to the overall routed topology (also called
triggered updates). The timer granularity is 10 seconds. Timer minimum is 10 second
and maximum is 3600 seconds.

Example
The following command sets the update timer to 60 seconds:

configure ripng updatetime 60

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

configure security fips-mode

configure security fips-mode [on | off]

Switch Engine™ Command Reference Guide for version 32.7.1 1287

Description Commands

Description
This command enables you to toggle between the default OpenSSL library (FIPS
compatible) and FIPS capable library.

Syntax Description
on Enables FIPS mode.
off Disable FIPS mode.

Default
Off.

Usage Guidelines
After enabling/disabling FIPS, EPM will be notified to change the bit dedicated to FIPS
Mode. As per requirement, currently SSH and SNMP will use this bit to toggle between
normal and FIPS mode.

Example
# sh security fips-mode
FIPS Mode (current) : Off
FIPS Mode (configured) : Off

# configure security fips-mode on

FIPS mode will be enabled only after rebooting the switch.
SNMPv3 users configured with either md5 authentication or DES encryption will be
discarded after reboot.
SSH existing configuration of ciphers/MACs will be lost after reboot.
Python scripting configuration is ignored when FIPS mode is 'on'.

# show security fips-mode

FIPS Mode (current) : On
FIPS Mode (configured) : On

History
This command was first available in ExtremeXOS 21.1.

Current and configured information added in ExtremeXOS 32.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure security python

configure security python [on | off]

1288 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Turns on or off external Python scripting support when FIPS mode is turned off.

Syntax Description
on Turns on external Python scripting support (default).
off Turns off external Python scripting support.

Default
By default, when FIPS mode is off, external Python scripting support is enabled.

Usage Guidelines
To enable external Python scripting support with the command, FIPS mode must
be turned off (configure security fips-mode [on | off]). Python scripting
configuration is ignored when FIPS mode is turned on.

Example
The following example turns off external Python scripting support:
# configure security python off

History
This command was first available in ExtremeXOS 32.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sflow agent ipaddress

configure sflow agent {ipaddress} ipaddress

Description
Configures the sFlow agent’s IP address.

Syntax Description
ipaddress Specifies the IP address from which sFlow data is sent on
the switch.

Switch Engine™ Command Reference Guide for version 32.7.1 1289

Default Commands

Default
The default configured IP address is 0.0.0.0, but the effective IP address is the
management port IP address.

Usage Guidelines
This command allows you to configure the IP address of the sFlow agent. Typically,
you would set this to the IP address used to identify the switch in the network
management tools that you use. The agent address is stored in the payload of the
sFlow data, and is used by the sFlow collector to identify each agent uniquely. The
default configured value is 0.0.0.0, but the switch will use the management port IP
address if it exists.

Both the commands unconfigure ports monitor vlan and unconfigure sflow
agent will reset the agent parameter to the default.

Example
The following command sets the sFlow agent’s IP address to 10.2.0.1:

configure sflow agent ipaddress 10.2.0.1

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sflow collector ipaddress

configure sflow collector {ipaddress} ipaddress {port udp-port-number}
{vr vr_name}

Description
Configures the sFlow collector IP address.

1290 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
ipaddress Specifies the IP address to send the sFlow data.
udp-port-number Specifies the UDP port to send the sFlow data.
vr_name Specifies from which virtual router to send the sFlow data.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

Default
The following values are the defaults for this command:
• UDP port number—6343
• Virtual router—VR-Mgmt (previously called VR-0)

Usage Guidelines
This command allows you to configure where to send the sFlow data. You must specify
an IP address for the sFlow data collector, and you may specify a particular UDP port,
if your collector uses a non-standard port. You may also need to specify from which
virtual router to send the data.

You can configure up to four sFlow collectors. Each unique IP address/UDP port/virtual
router combination identifies a collector.

Both the commands unconfigure ports monitor vlan and unconfigure sflow
collector will reset the collector parameters to the default.

Example
The following command specifies that sFlow data should be sent to port 6343 at IP
address 192.168.57.1 using the virtual router VR-Mgmt:
configure sflow collector ipaddress 192.168.57.1

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sflow max-cpu-sample-limit

configure sflow max-cpu-sample-limit rate

Switch Engine™ Command Reference Guide for version 32.7.1 1291

Description Commands

Description
Configures the maximum number of sFlow samples handled by the CPU per second.

Syntax Description
rate Specifies the maximum sFlow samples per second.

Default
The default value is 2000 samples per second.

Usage Guidelines
This command configures the maximum number of samples sent to the CPU per
second. If this rate is exceeded, the internal sFlow CPU throttling mechanism kicks in to
limit the load on the CPU.

Every time the limit is reached, the sample rate is halved (the value of number in
the configure sflow sample-rate number or configure sflow ports port_list
sample-ratenumber command is doubled) on the slot (SummitStack) or ports (stand-
alone switch) on which maximum number of packets were received during the last
snapshot.

This effectively halves the sampling frequency of all the ports on that slot or stand-
alone switch with a sub-sampling factor of 1. The sampling frequency of ports on that
slot or stand-alone switch with a sub-sampling factor greater than 1 will not change;
the sub-sampling factor is also halved so the that the same rate of samples are sent
from that port.

The maximum CPU sample rate is based on the total number of samples received from
all the sources. The valid range is 100 to 200000 samples per second.

Example
The following command specifies that the sFlow maximum CPU sample rate should be
set to 4000 samples per second:

configure sflow max-cpu-sample-limit 4000

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

1292 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure sflow poll-interval

configure sflow poll-interval

configure sflow poll-interval seconds

Description
Configures the sFlow counter polling interval.

Syntax Description
seconds Specifies the number of seconds between polling each
counter. The value can range from 0 to 3600 seconds.

Default
The default polling interval is 20 seconds.

Usage Guidelines
Each sFlow statistics counter is polled at regular intervals, and this data is then sent to
the sFlow collector. This command is used to set the polling interval. To manage CPU
load, polling for sFlow enabled ports are distributed over the polling interval, so that
all ports are not polled at the same instant. For example, if the polling interval is 20
seconds and there are twenty counters, data is collected successively every second.

Specifying a poll interval of 0 (zero) seconds disables polling.

Example
The following command sets the polling interval to 60 seconds:

configure sflow poll-interval 60

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sflow ports sample-rate

configure sflow ports port_list sample-rate number

Description
Configures the sFlow per-port sampling rate.

Switch Engine™ Command Reference Guide for version 32.7.1 1293

Syntax Description Commands

Syntax Description
port_list Specifies a list of ports.
number Specifies the fraction (1/number) of packets to be sampled.

Default
The default number is 8192, unless modified by the configure sflow sample-rate
command.

Usage Guidelines
This command configures the sampling rate on a particular set of ports, and overrides
the system-wide value set in the configure sflow sample-rate command. The rate
is rounded off to the next power of two, so if 400 is specified, the sample rate is
configured as 512. The valid range is 256 to 536870912.

All ports on the switch are sampled individually.

Example
The following command sets the sample rate for the ports 4:6 to 4:10 to one packet out
of every 16384:

configure sflow ports 4:6-4:10 sample-rate 16384

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sflow sample-rate

configure sflow sample-rate number

Description
Configures the sFlow default sampling rate.

Syntax Description
number Specifies the fraction (1/number) of packets to be sampled.

1294 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
The default number is 8192.

Usage Guidelines
This command configures the default sampling rate. This is the rate that newly enabled
sFlow ports will have their sample rate set to. Changing this rate will not affect currently
enabled sFlow ports. The rate is rounded off to the next power of two, so if 400 is
specified, the sample rate is configured as 512. The valid range is 256 to 536870912.

Configuring a lower number for the sample rate means that more samples will be
taken, increasing the load on the switch. Do not configure the sample rate to a number
lower than the default unless you are sure that the traffic rate on the source is low.

The minimum rate that these platforms sample is 1 out of every 256 packets. If you
configure a rate to be less than 256, the switch automatically rounds up the sample rate
to 256.

Example
The following example sets the sample rate to one packet out of every 16384:
configure sflow sample-rate 16384

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sharing add ports

configure sharing port slot slot distribution-list [port_list | add
port_list | all]

Description
Adds ports to a load-sharing, or link aggregation, group. By using link aggregation, you
use multiple ports as a single logical port. Link aggregation also provides redundancy
because traffic is redistributed to the remaining ports in the LAG if one port in the
group goes down.

Switch Engine™ Command Reference Guide for version 32.7.1 1295

Syntax Description Commands

Syntax Description
port Specifies the logical port for a load-sharing group or link
aggregation group (LAG). This number also functions as
the LAG Group ID.
port_list Specifies one or more ports or slots and ports to be
grouped in the LAG.
add Adds a port list to the existing distribution port list for the
given slot.
all All active members of the group are eligible for distribution
for packets received on the given slot. This is the existing
behavior and the default. This option effectively deletes any
existing configured port list for the slot.

Default
N/A.

Usage Guidelines
Use this command to dynamically add ports to a load-sharing group, or link
aggregation group (LAG).

Beginning with version 32.5, you can change speeds and autonegotiation
configurations of a port that is part of a LAG (or load-sharing group) without having
to unconfigure and reconfigure the LAG. If there is a port configuration mismatch
detected in the LAG, a warning message like the following may display:
WARNING: Member Port 12 has Auto Negotiation Off while Master Port has Auto Negotiation
On. It is recommended that master and member ports configuration be consistent to avoid
traffic imbalance across LAG members.

VMAN ports can belong to LAGs. If any port in the LAG is enabled for VMAN, all ports
in the group are automatically enabled to handle jumbo size frames. Also, VMAN is
automatically enabled on all ports of the untagged LAG.

To verify your configuration, use the show ports sharing command.

Note
All ports that are designated for the LAG must be removed from all VLANs prior
to configuring the LAG.

ExtremeSwitching Series Switches

The following guidelines apply to link aggregation on the ExtremeSwitching series
switches:
• One static LAG can contain up to 8 ports.
• An LACP LAG can include a maximum of 16 ports; out of these up to 8 can be
selected links and the remaining 8 will be standby links.
• A Health Check LAG can contain up to 8 ports.

1296 Switch Engine™ Command Reference Guide for version 32.7.1

Commands SummitStack only

SummitStack only
The following guidelines apply to link aggregation:
• A static LAG can include a maximum of 8 ports.
• An LACP LAG can include a maximum of 16 ports; out of these up to 8 can be
selected links and the remaining 8 will be standby links.
• A Health Check LAG can include a maximum of 8 ports.

Example
The following example adds port 3 to the LAG with the logical port 4 on a switch:
configure sharing 3 add port 4

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sharing address-based custom

configure sharing address-based custom [ipv4 [source-only | destination-
only | source-and-destination] | hash-algorithm [xor | crc-16 |
crc-32 [lower | upper]]]

Description
This command configures the part of the packet examined by the switch when
selecting the egress port for transmitting link aggregation, or load-sharing, data.

Syntax Description
ipv4 IPv4 hash configuration for custom load sharing and
L2VPN sharing.
source-only Indicates that the switch should examine the IP source
address only.
destination-only Indicates that the switch should examine the IP
destination address only.
source-and- Indicates that the switch should examine the IP source and
destination destination address.
hash-algorithm Hash algorithm for custom load sharing and L2VPN
sharing.
xor Use exclusive-OR for load sharing hash computation.

Switch Engine™ Command Reference Guide for version 32.7.1 1297

Default Commands

crc-16 Use CRC-16 for load sharing hash computation.

crc-32 Use CRC-32 for load sharing hash computation.
lower Use lower 16 bits of CRC32 for load sharing hash
computation.
upper Use upper 16 bits of CRC32 for load sharing hash
computation.

Default
Algorithm: source-and-destination.

Hash algorithm: xor.

Usage Guidelines
This command specifies the part of the packet header that the switch examines
to select the egress port for address-based load-sharing trunks. The address-based
load-sharing setting is global and applies to all load-sharing trunks, or LAGs, that are
address-based and configured with a custom algorithm. You change this setting by
issuing the command again with a different option.

The addressing information examined is based on the packet protocol as follows:

• IPv4 packets—Uses the source and destination IPv4 addresses and Layer4 port
numbers as specified with this command.
• IPv6 packets—Uses the source and destination IPv6 addresses and Layer4 port
numbers.
• MPLS packets—Uses the top, second, and reserved labels and the source and
destination IP addresses.
• Non-IP Layer 2—Uses the VLAN ID, the source and destination MAC addresses, and
the ethertype.

The xor hash algorithm guarantees that the same egress port is selected for traffic
distribution based on a pair of IP addresses, Layer4 ports, or both, regardless of which is
the source and which is the destination.

For IP-in-IP and GRE tunneled packets, the switch examines the inner header to
determine the egress port.

To verify your configuration, use the show ports sharing command.

Example
The following example configures the switch to examine the source IP address:
# configure sharing address-based custom ipv4 source-only

1298 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is supported on the ExtremeSwitching 5520 platform.

configure sharing address-based custom hash-seed

configure sharing address-based custom hash-seed [seed | switch-mac-
address]

Description
Configures the hash seed used in the CRC hashing algorithms of the “custom” load
sharing algorithm.

Syntax Description
address-based Selects address-based sharing.
custom Configuration for address-based custom load sharing and
L2VPN sharing.
hash-seed Selects configuring hash seed used with CRC hash
algorithms.
seed Sets the hash seed value. Prior to ExtremeXOS22.5, the
default value was 0x7F2193EA.
switch-mac-address Use the last four bytes of the switch's MAC address to
create a unique seed value (Default).

Default
The default is switch-mac-address.

Usage Guidelines
The default configuration of the hash seed is switch-mac-address, which uses the last
four bytes of the switch’s MAC address as the hash seed to provide a unique seed value
on all Extreme Networks switches in the network. Such a configuration prevents hash
polarization in MLAG network configurations by default.

Prior to supporting configuring the hash seed (ExtremeXOS 30.1), the default value of
the hash seed was 0x7F2193EA. You can restore the legacy default behavior for the hash
seed by explicitly configuring this legacy value.

To verify your hash seed configuration, use the show ports port_list sharing
distribution configuration or show {port port_number} sharing {detail}
commands.

Switch Engine™ Command Reference Guide for version 32.7.1 1299

Example Commands

Example
The following example sets the hash seed value to "123456789":
configure sharing address-based custom hash-seed 123456789

History
This command was first available in ExtremeXOS 30.1.

Platform Availability
This command is supported on the ExtremeSwitching 5520 platform.

configure sharing algorithm

configure sharing master_port algorithm [address-based [L2 | L3 | L3_L4
| custom] | port-based]

Description
Modifies the distribution algorithm of an existing LAG.

Syntax Description
master_port Specifies the master logical port for the load-sharing group
or LAG.
algorithm Specifies modifying the distribution algorithm of an
existing LAG.
address-based Specifies link aggregation by address-based algorithm.
L2 Specifies address-based link aggregation by Layer 2. This is
the default.
L3 Specifies address-based link aggregation by Layer 3.
L3_L4 Specifies address-based link aggregation by Layer 3 IP plus
Layer 4 port.
custom Selects the custom link aggregation algorithm configured
with the following command: configure sharing
address-based custom [ipv4 [L3-and-L4 | source-
only | destination-only | source-and-destination]
| hash-algorithm [xor | crc-16]].
The configuration of the custom option applies to all LAGs
on the switch.
port-based Selects port-based load sharing groups.

Default
Address-based link aggregation by Layer 2 is the default.

1300 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This command allows you to modify the distribution algorithm of an existing LAG,
created using the command enable sharing grouping on page 2405.

If you select the custom option, you configure the customer link aggregation algorithm
with the following command: configure sharing address-based custom [ipv4
[L3-and-L4 | source-only | destination-only | source-and-destination] |
hash-algorithm [xor | crc-16]]

Since the custom and port-based algorithms may not be used at the same time,
changing the algorithm on multiple groups between the custom and port-based
algorithms requires changing the algorithm on these groups to either L2, L3, or L3_L4
as an intermediate step.

Example
The following example sets the distribution algorithm for the LAG on port 24 to
address-based link aggregation by Layer 3 IP plus Layer 4 port:
# configure sharing 24 algorithm address-based L3_L4

History
This command was first available in ExtremeXOS 22.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sharing delete ports

configure sharing port slot slot distribution-list [port_list | delete
port_list | all]

Description
Deletes ports from a link aggregation, or load-sharing, group.

Syntax Description
port Specifies the logical port for a load-sharing group or a LAG.
This number also functions as the LAG Group ID.
port_list Specifies one or more ports or slots and ports to be
grouped in the LAG.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 1301

Usage Guidelines Commands

Usage Guidelines
Use this command to dynamically delete ports from a load-sharing group, or
link aggregation group (LAG). This command applies to static and dynamic link
aggregation.

Example
The following example deletes port 3:12 from the LAG with the logical port, or LAG
Group ID, 3:9:

configure sharing 3:9 delete port 3:12

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sharing distribution-mode

configure sharing master_port distribution-mode [all | local-slot |
port-lists]

Description
This command provides two different configuration options for specifying subsets of
active member ports as eligible for distribution. Both of these options specify a subset
of the active member ports on a per slot basis. The specific choice of configuration
is described in the CLI as a “distribution-mode”. The choice of distribution mode is
configurable per LAG.

Syntax Description
all All active members of the group are eligible for distribution
on all slots in the switch. This is the existing behavior and
the default.
local-slot If there are one or more active members of the group
on the slot where traffic is received, distribution will be
restricted to these “local-slot” members.
port-lists If there are one or more active members of the group in
the configured distribution port list for the slot on which
traffic is received, distribution will be restricted to these
configured ports.

1302 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
All.

Usage Guidelines
The “local-slot” distribution mode restricts distribution of unicast packets to the active
LAG members on the same slot where the packet was received. If no active LAG
members are present on the slot where the packet was received, all active LAG
member ports are included in the distribution algorithm. The “local-slot” distribution
mode may be specified during LAG creation with the “enable sharing” CLI command.
It may also be configured dynamically with the “configure sharing” command. This
distribution mode is self-configuring in the sense that no configuration is required
other than the specification of the “local-slot” distribution mode. Addition or deletion of
LAG member ports via the “configure sharing <master_port> [add | delete] <port_list>”
command is automatically handled. The “local-slot” distribution mode is useful for
reducing the fabric bandwidth load of a switch.

Example
# show sharing distribution configuration
Config Distribution Distribution
Master Mode Lists
================================================================================
1:1 Port Lists Slot 1: 1:1-10, 1:15
Slot 5: 1:11-22
1:25 Local Slot Slot 1: 1:25
Slot 5: 1:26
5:1 Port Lists
5:10 All Slot 1: 5:11
Slot 5: 5:10

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on SummitStack switches.

configure sharing health-check member-port add tcp-tracking

configure sharing health-check member-port port add tcp-tracking IP
Address {tcp-port TC Port frequency sec misses count}

Description
Configures monitoring for each member port of a health check LAG.

Switch Engine™ Command Reference Guide for version 32.7.1 1303

Syntax Description Commands

Syntax Description
port Specifies the member port.
IP Address Specifies the IP address to monitor.
TCP Port Specifies the TCP port to watch. The default is port 80.
sec Specifies the frequency in seconds at which tracking takes
place. The default is 10 seconds.
count Specifies the number of misses before a connection loss is
reported. The default is 3 misses.

Default
N/A.

Usage Guidelines
To configure a health check LAG, you first create a health check type of LAG using
the enable sharing grouping command. Then use this command to configure the
monitoring for each member port. You can configure each member port to track a
particular IP address, but only one IP address per member port.

To display the monitoring configuration for a health check LAG, use the show sharing
health-check command.

To display the link aggregation configured on a switch, use the show ports sharing
command.

Example
The following commands configure four different member ports:

# configure sharing health-check member-port 10 add track-tcp 10.1.1.1 tcp-port 23

# configure sharing health-check member-port 11 add track-tcp 10.1.1.2 tcp-port 23
# configure sharing health-check member-port 12 add track-tcp 10.1.1.3
# configure sharing health-check member-port 13 add track-tcp 10.1.1.4

When the TCP port, seconds, or counts are not specified, they default to the values
described in the Syntax Description.

History
This command was first available in ExtremeXOS 12.1.3.

Platform Availability
This command is available on all Universal switches supported in this document.

1304 Switch Engine™ Command Reference Guide for version 32.7.1

 configure sharing health-check member-port delete
Commands tcp-tracking

configure sharing health-check member-port delete tcp-tracking

configure sharing health-check member-port port delete tcp-tracking IP
Address {tcp-port TC Port}

Description
Unconfigures monitoring for each member port of a health check LAG.

Syntax Description
port Specifies the member port.
IP Address Specifies the IP address.
TCP Port Specifies the TCP port.

Default
N/A.

Usage Guidelines
Use this command to remove the monitoring configuration on the ports of a health
check link aggregation group. Each port must be unconfigured separately, specifying
the IP address and TCP port.

Example
The following command removes the configuration setting on port 12 that monitors IP
address 10.1.1.3:

# configure sharing health-check member-port 12 delete track-tcp 10.1.1.3

History
This command was first available in ExtremeXOS 12.1.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sharing health-check member-port tcp-tracking

configure sharing health-check member-port port [disable | enable] tcp-
tracking

Switch Engine™ Command Reference Guide for version 32.7.1 1305

Description Commands

Description
Enables or disables configured monitoring on a member port of a health check LAG.

Syntax Description
port Specifies the member port.

Default
N/A.

Usage Guidelines
This disables/enables monitoring on a particular member port. When monitoring is
disabled, the member port is added back to the LAG if it has not already been added.
This allows a member port to be added back to LAG even though connectivity to the
host is down.

Example
The following command disables port 12:

configure sharing health-check member-port 12 disable tcp-tracking

History
This command was first available in ExtremeXOS 12.1.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sharing lacp activity-mode

configure sharing port lacp activity-mode [active | passive]

Description
Configures whether the switch sends LACPDUs periodically (active) or only in response
to LACPDUs sent from the partner on the link (passive).

1306 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
port Specifies the master logical port for the LAG you are
setting the activity mode for.
active Enter this value to have the switch periodically sent
LACPDUs for this LAG.
passive Enter this value to have the switch only respond to
LACPDUs for this LAG.

Default
Active.

Usage Guidelines
You must enable sharing and create the LAG prior to assigning this LACP activity mode.

Note
One side of the link must be in active mode in order to pass traffic. If you
configure your side in the passive mode, ensure that the partner link is in LACP
active mode.

To verify the LACP activity mode, use the show lacp lag group-id detail command.

If you attempt to enter a port number that is different that a LAG group ID, the system
returns the following error message:
ERROR: LAG group Id does not exist

Note
In ExtremeXOS version 11.3, the activity mode cannot be changed from active.

Example
The following command changes the activity mode to passive for the specified LAG
group ID:

configure sharing 5:1 lacp activity-mode passive

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1307

configure sharing lacp defaulted-state-action Commands

configure sharing lacp defaulted-state-action

configure sharing port lacp defaulted-state-action [add | delete]

Description
Configures a defaulted LAG port to be removed from the aggregator.

Syntax Description
port Specifies the master logical port for the LAG you are setting the
default action for.
add Enter this value to have the switch add defaulted ports to the
aggregator for this LAG.
delete Enter this value to have the switch delete defaulted ports from the
aggregator for this LAG.

Default
Delete.

Usage Guidelines
You must enable sharing and create the LAG prior to configuring this LACP parameter.

You can configure whether you want a defaulted LAG port removed from the
aggregator or added back into the aggregator. If you configure the LAG to remove
ports that move into the default state, those ports are removed from the aggregator
and the port state is set to unselected.

Note
In ExtremeXOS version 11.3, defaulted ports in the LAG are always removed
from the aggregator; this is not configurable.

If you configure the LAG to add the defaulted port into the aggregator, the system
takes inventory of the number of ports currently in the aggregator:
• If there are fewer ports in the aggregator than the maximum number allowed,
the system adds the defaulted port to the aggregator (port set to selected and
collecting-distributing).
• If the aggregator has the maximum ports, the system adds the defaulted port to the
standby list (port set to standby).

Note
If the defaulted port is assigned to standby, that port automatically has a
lower priority than any other port in the LAG (including those already in
standby).

1308 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

To verify the LACP default action, use the show lacp lag group-id detail
command.

If you attempt to enter a port number that is different that a LAG group ID, the system
returns the following error message:
ERROR: LAG group Id does not exist

Note
To force the LACP trunk to behave like a static sharing trunk, use this
command to add ports to the aggregator.

Example
The following command deletes defaulted ports from the aggregator for the specified
LAG group ID:
configure sharing 5:1 lacp defaulted-state-action delete

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sharing lacp fallback

configure sharing port lacp fallback [enable | disable]

Description
This command provides the ability to configure fallback. If fallback is enabled and LACP
PDUs are not received on LACP-configured ports within the timeout period, the port
with the lowest priority value will be added to the aggregator. The port stays in this
state until fallback is disabled or until LACP PDUs are exchanged between the switch
and its link partner, causing LAG reconfiguration.

Syntax Description
port LAG group ID.
fallback Allow a single member port with lowest value priority to
be added to the aggregator is LACP PDUs are not received
within timeout.
enable Enable fallback. Port priority and fallback timeout control
port aggregator membership.
disable Disable fallback. LACP PDUs or defaulted-state-action
control port aggregator membership.

Switch Engine™ Command Reference Guide for version 32.7.1 1309

Default Commands

Default
Disabled.

Example

* # show lacp lag 17 detail

Lag Actor Actor Partner Partner Partner Agg Actor
Sys-Pri Key MAC Sys-Pri Key Count MAC
--------------------------------------------------------------------------------
17 0 0x03f9 00:00:00:00:00:00 0 0x0000 1 00:04:96:6d:55:13
Enabled : Yes
LAG State : Up
Unack count : 0
Wait-for-count : 0
Current timeout : Long
Activity mode : Active
Defaulted Action : Delete
Fallback : Enabled
Fallback timeout : 40 seconds
Receive state : Enabled
Transmit state : Enabled
Minimum active : 1
Selected count : 1
Standby count : 0
LAG Id flag : Yes
S.pri:0 , S.id:00:04:96:6d:55:13, K:0x03f9
T.pri:0 , T.id:00:00:00:00:00:00, L:0x0000

Port list:
Member Port Rx Sel Mux Actor Partner
Port Priority State Logic State Flags Port
--------------------------------------------------------------------------------
17 10 Initialize Unselected Detached A-G----- 0
18 5 Initialize Fallback Collect-Dist A-GSCD-- 1018
19 5 Idle Unselected Detached -------- 0
================================================================================
Actor Flags: A-Activity, T-Timeout, G-Aggregation, S-Synchronization
C-Collecting, D-Distributing, F-Defaulted, E-Expired

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sharing lacp fallback timeout

configure sharing port lacp fallback timeout seconds

Description
This command configures the LACP fallback timeout value in seconds.

1310 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
lacp LACP (Link Aggregation Control Protocol).
fallback Allow single member port with lowest value priority to be
added to the aggregator if LACP PDUs are not received
within timeout.
timeout Timeout used to determine how long to wait for LACP
PDUs before entering fallback.
seconds Fallback timeout in seconds. Range 0-100.

Default
60 seconds.

Example

* # show lacp lag 17 detail

Lag Actor Actor Partner Partner Partner Agg Actor
Sys-Pri Key MAC Sys-Pri Key Count MAC
--------------------------------------------------------------------------------
17 0 0x03f9 00:00:00:00:00:00 0 0x0000 1 00:04:96:6d:55:13
Enabled : Yes
LAG State : Up
Unack count : 0
Wait-for-count : 0
Current timeout : Long
Activity mode : Active
Defaulted Action : Delete
Fallback : Enabled
Fallback timeout : 40 seconds
Receive state : Enabled
Transmit state : Enabled
Minimum active : 1
Selected count : 1
Standby count : 0
LAG Id flag : Yes
S.pri:0 , S.id:00:04:96:6d:55:13, K:0x03f9
T.pri:0 , T.id:00:00:00:00:00:00, L:0x0000

Port list:
Member Port Rx Sel Mux Actor Partner
Port Priority State Logic State Flags Port
--------------------------------------------------------------------------------
17 10 Initialize Unselected Detached A-G----- 0
18 5 Initialize Fallback Collect-Dist A-GSCD-- 1018
19 5 Idle Unselected Detached -------- 0
================================================================================
Actor Flags: A-Activity, T-Timeout, G-Aggregation, S-Synchronization
C-Collecting, D-Distributing, F-Defaulted, E-Expired

History
This command was first available in ExtremeXOS 21.1.

Switch Engine™ Command Reference Guide for version 32.7.1 1311

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure sharing lacp system-priority

configure sharing port lacp system-priority priority

Description
Configures the system priority used by LACP for each LAG to establish the station on
which end assumes priority in determining those LAG ports moved to the collecting/
distributing state of the protocol. That end of the LAG with the lowest system priority
is the one that assumes control of the determination. This is optional; if you do not
configure this parameter, LACP uses system MAC values to determine priority. If you
choose to configure this parameter, enter a value between 1 and 65535.

Syntax Description
port Specifies the master logical port for the LAG you are
setting the priority for.
priority Enter the value you want for the priority of the system for
the LACP. The range is 0 to 65535; there is no default.

Default
N/A.

Usage Guidelines
The LACP uses the system MAC values to assign priority to one of the systems, and that
system then determines which LAG ports move into the collecting/distributing state
and exchange traffic. That end of the LAG with the lowest system priority is the one that
assumes control of the determination. If you wish to override the default LACP system
priority for a specific LAG, use this command to assign that LAG a specific LACP priority.
Enter a value between 0 and 65535.

You must enable sharing and create the LAG prior to assigning this LACP priority.

To verify the LACP system priority, use the show lacp command.

To change the system priority you previously assigned to a specific LAG, issue the
configure sharing lacp system-priority command using the new priority you
want. To remove the assigned system priority entirely and use the LACP priorities, issue
the configure sharing lacp system-priority command using a value of 0.

1312 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command assigns LAG 10 an LACP system priority of 3:
configure sharing 10 lacp system-priority 3

History
This command was first available in ExtremeXOS 11.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sharing lacp timeout

configure sharing port lacp timeout [long | short]

Description
Configures the timeout used by each LAG to stop transmitting once LACPDUs are no
longer received from the partner link. You can configure this timeout value to be either
90 seconds, long, or 3 seconds, short.

Syntax Description
port Specifies the master logical port for the LAG you are
setting the timeout value for.
long Enter this value to use 90 seconds as the timeout value.
short Enter this value to use 3 seconds as the timeout value.

Default
Long.

Usage Guidelines
You must enable sharing and create the LAG prior to assigning this LACP timeout
value.

To verify the LACP timeout value, use the show lacp lag group-id detail command.

If you attempt to enter a port number that is different that a LAG group ID, the system
returns the following error message:

Switch Engine™ Command Reference Guide for version 32.7.1 1313

Example Commands

ERROR: LAG group Id does not exist

Note
In ExtremeXOS version 11.3, the timeout value is set to long and cannot be
changed.

Example
The following command changes the timeout value for the specified LAG group ID to
short:
configure sharing 5:1 lacp timeout short

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sharing minimum-active

configure sharing port minimum-active min_links_active

Description
This command allows you to configure a value for the minimum number of active links
to keep the entire LAG up.

Syntax Description
sharing Load sharing.
port Master port.
minimum-active Minimum active links for group to remain in service.
min_links_active Number of active links. Default is 1. Range is 1 – 8.

Default
1

Usage Guidelines
Use this command to configure the value for the minimum number of active links to
keep the LAG up.

1314 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example display output from the show port port sharing command
using minimum active links:
# sh ports 14 sharing
Load Sharing Monitor
Config Current Agg Min Ld Share Ld Share Agg Link Link Up
Master Master Control Active Algorithm Group Mbr State Transitions
==============================================================================
14 Static 2 L2 14 - R 0
L2 15 Y A
1
L2 16 - R 0
==============================================================================
Link State: A-Active, D-Disabled, R-Ready, NP-Port not present, L-Loopback
Minimum Active: (<) Group is down. # active links less than configured minimum
Load Sharing Algorithm: (L2) Layer 2 address based, (L3) Layer 3 address based
(L3_L4) Layer 3 address and Layer 4 port based
(custom) User-selected address-based configuration
Custom Algorithm Configuration: ipv4 L3-and-L4, xor
Number of load sharing trunks: 2 (1 displayed)

History
This command was first available in ExtremeXOS 15.7.

Platform Availability
All ExtremeXOS-based platforms that support static LAG and LACP are supported.

configure sharing port-based key

configure sharing [ load_sharing_key | default] ports port_list

Description
Sets the load_sharing_key for all ports in the port_list.

Syntax Description
load_sharing_key Specifies the load sharing key. Valid load sharing keys are in
the range [0-15].
default Unconfigures and resets the load sharing keys for ports in
the port_list to default values.
ports Specifies the logical port for a load-sharing group.
port_list Specifies one or more ports or slots and ports to be
grouped in the LAG.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 1315

Usage Guidelines Commands

Usage Guidelines
This command sets the load_sharing_key for all ports in the port_list. default
unconfigures and resets the load sharing keys for ports in port_list to default values.

Configured load sharing keys are displayed in the output of the show configuration
hal command. Both configured and default load sharing keys are displayed in the
output of the "show sharing port-based keys" command.

Example
The following example causes all packets received on ports in slot 1 to choose the
lowest port number in all aggregators for distribution.:
configure sharing port-based key 0 ports 1

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure slot description

configure slot slot description [ slot_description | none ]

Description
Adds or removes a descriptive name to a slot.

Syntax Description
slot Specifies a specific port extender by slot number.
slot Specifies a specific port extender by slot number.
description Specifies naming the BPE at the designated slot.
slot_description Name for the BPE at the designated slot (max. of 64
characters long).
none Specifies removing the current name assigned to the BPE
at the designated slot.

Default
N/A.

1316 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
To remove a name from a slot, use the none option.

The slot name can be up to 64 characters long.

To view a slot's name, use any of the following commands:

• show slot {slot {detail} | detail }
• show vpex bpe
• show vpex bpe {slot slot_num} {statistics} {detail}
• show vpex bpe {slot slot_num} {environment}

Example
The following example applies the name "Accounting Dept" to the BPE at slot 100:
configure slot 100 description Accounting Dept

History
This command was first available in ExtremeXOS 22.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure slot module

configure slot slot module module_type

Description
Configures a slot for a particular type of node.

Syntax Description
slot Specifies the slot number.
module_type The particular switch in the SummitStack.

Usage Guidelines
The configure slot module command displays different switch parameters
depending on the type of switch you are configuring and the version of ExtremeXOS
running on the switch.

Upon powering up the stack, ExtremeXOS automatically determines the system power
budget and protects the switch from any potential overpower configurations. If power
is available, ExtremeXOS powers on and initializes the nodes in the stack. When

Switch Engine™ Command Reference Guide for version 32.7.1 1317

Example Commands

ExtremeXOS detects that a node will cause an overpower condition, the node remains
powered down, and is not initialized. An entry is made to the system log indicating the
condition.

The module type must be a switch that supports SummitStack.

Example
The following command configures slot 2 in a stack for a ExtremeSwitching 5520-24T
switch:
# configure slot 2 module 5520-24T

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure slot restart-limit

configure slot slot_number restart-limit num_restarts

Description
Configures the number of times a slot can be restarted on a failure before it is shut
down.

Syntax Description
slot_number Specifies the slot number.
num_restarts Specifies the number of times the slot can be restarted.
The range is from 0 to 10,000.

Default
The default is 5.

Usage Guidelines
This command allows you to configure the number of times a slot can be restarted
on a failure before it is shut down. If the number of failures exceeds the restart-limit,
the module goes into a “Failed” state. If that occurs, use the disable slot and enable
slot commands to restart the module.

1318 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command configures slot 2 on the switch to be restarted up to 3 times
upon a failure:
configure slot 2 restart-limit 3

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available only on SummitStack.

configure slpp guard ethertype

configure slpp guard ethertype hex

Description
Configures the Ethertype that the Simple Loop Protection Protocol (SLPP) Guard
feature uses to identify SLPP PDUs.

Syntax Description
slpp Specifies configuring SLPP.
guard Specifies disabling a port as soon as an SLPP PDU is
received.
ethertype Specifies selecting the Ethertype used by PDUs of the
SLPP protocol.
hex Specifies the Ethertype value in hexadecimal
[0x0600-0xffff]. The default is 0x8102.

Default
By default, the Ehtertype is 0x8102.

Usage Guidelines
SLPP is an application that detects loops in a Split Multi-link Trunking (SMLT) network.
SLPP Guard is a complementary feature that helps prevent loops in networks by
administratively disabling an edge port if a switch receive an SLPP PDU from an SMLT
network.

This command configures the Ethernet type field of the packet that SLPP Guard uses
to identify SLPP PDUs.

Switch Engine™ Command Reference Guide for version 32.7.1 1319

Example Commands

Example
The following example configures the SLPP Guard Ethertype as 0x8110:
# configure slpp guard ethertype 0x8110

History
This command was available in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure slpp guard recovery-timeout

configure slpp guard [ports [port_list | all] recovery-timeout [seconds
| none]

Description
Configures the recovery timeout period for the Simple Loop Protection Protocol (SLPP)
Guard feature.

Syntax Description
slpp Specifies configuring SLPP.
guard Specifies disabling a port as soon as an SLPP PDU is
received.
ports Specifies ports on which to configure the recovery timeout
period.
port_list Selects which ports to configure the recovery timeout
period for (list separated by a comma or -).
all Specifies configuring all ports with the designated recovery
timeout period.
recovery-timeout Specifies configuring the timeout period after which ports
are re-enabled.
seconds Designates the recovery timeout period in seconds after
which the ports are re-enabled. Range is 10–65,535. Default
is 60 seconds.
none

Default
By default, the recovery timeout period is 60 seconds.

1320 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
SLPP is an application that detects loops in a Split Multi-link Trunking (SMLT) network.
SLPP Guard is a complementary feature that helps prevent loops in networks by
administratively disabling an edge port if a switch receives an SLPP PDU from an SMLT
network.

On a port with SLPP Guard enabled, if an SLPP PDU is received, the port is immediately
disabled. After the configured timeout value set by this command expires (associated
with each port), the port is automatically re-enabled.

Example
The following example configures the recovery timeout period to 600 seconds for port
9:
# configure slpp guard ports 9 recovery-timeout 600

History
This command was available in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmp access-profile

configure snmp access-profile [ access_profile {readonly | readwrite} |
[[add rule ] [first | [[before | after] previous_rule]]] | delete
rule | none ]

Description
Configures SNMP to use an ACL policy or ACL rule for access control.

Syntax Description
access_profile Specifies an ACL policy.
readonly Specifies that access granted by the specified policy is read
only.
readwrite Specifies that access granted by the specified policy is
read/write.
add Specifies that an ACL rule is to be added to the SNMP
application.
rule Specifies an ACL rule.
first Specifies that the new rule is to be added before all other
rules.

Switch Engine™ Command Reference Guide for version 32.7.1 1321

Default Commands

before Specifies that the new rule is to be added before a previous

rule.
after Specifies that the new rule is to be added after a previous
rule.
previous_rule Specifies an existing rule in the application.
delete Specifies that the named rule is to be deleted.
none Specifies that all the rules or a policy file is to be deleted.

Default
SNMP access is enabled by default, with no ACL policies.

Usage Guidelines
You must be logged in as administrator to configure SNMP parameters. You can restrict
SNMP access in the following ways:
• Implement an ACL policy. You create an ACL policy file that permits or denies a
specific list of IP addresses and subnet masks for SNMP. You must create the ACL
policy file before you can use this command. If the ACL policy file does not exist
on the switch, the switch returns an error message indicating that the file does not
exist.

In the ACL policy file for SNMP, the source-address field is the only supported match
condition. Any other match conditions are ignored.

Use the none option to remove a previously configured ACL policy.

• Add an ACL rule to the SNMP application through this command. Once an ACL is
associated with SNMP, all the packets that reach an SNMP module are evaluated
with this ACL and appropriate action (permit or deny) is taken, as is done using
policy files.

The permit or deny counters are also updated accordingly, regardless of whether
the ACL is configured to add counters. To display counter statistics, use the show
access-list counters process snmp command.

Only the following match conditions and actions are copied to the client memory.
Others that may be in the rule are not copied.

Match conditions:
• Source-address—IPv4 and IPv6
• Actions:
◦ Permit
◦ Deny

When adding a new rule, use the first, before, and after previous_rule parameters to
position it within the existing rules.

1322 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Creating an ACL Policy File

If the SNMP traffic does not match any of the rules, the default behavior is deny.

Creating an ACL Policy File

To create an ACL policy file, use the edit policy command. For more information
about creating and implementing ACL policy files, see the Policy Manager and ACLs
chapters in the Switch Engine 32.7.1 User Guide.

If you attempt to implement a policy that does not exist, an error message similar to
the following appears:
Error: Policy /config/MyAccessProfile.pol does not exist on file system

If this occurs, make sure the policy you want to implement exists. To confirm the
existence of the policies, use the ls command. If the policy does not exist, create the
ACL policy file.

Viewing SNMP Information

To display the current management configuration, including SNMP access related
information, whether SNMP access is enabled or disabled, and whether any ACL or
rules are configured for SNMP, use the following command: show management

Example
The following example applies the ACL policy file MyAccessProfile_2 to SNMP:
configure snmp access-profile MyAccessProfile_2

The following example applies the ACL rule DenyAccess to SNMP as the first rule in the
list:
configure snmp access-profile add DenyAccess first

The following example deletes the ACL rule DenyAccess from the SNMP application:
configure snmp access-profile delete DenyAccess

To delete the use of all the ACL rules or a policy file by SNMP, use the following
command:
configure snmp access-profile none

History
This command was first available in ExtremeXOS 11.6.

Support for individual ACL rules was added in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1323

configure snmp add community Commands

configure snmp add community

configure snmp add community [readonly | readwrite] alphanumeric_string
[encrypted enc_community_name | community name | hex
hex_community_name ] store-encrypted

Description
Adds a SNMP read or read/write community string.

Syntax Description
readonly Specifies read-only access to the system.
readwrite Specifies read and write access to the system.
encrypted Community name is encrypted.
hex Provide value in hexadecimal.
hex_community_name Community name in hexadecimal.
store-encrypted Community name will be stored as encrypted, instead
plain text.
alphanumeric_string Specifies an SNMP community string name. See “Usage
Guidelines” for more information.

Default
N/A

Usage Guidelines
Community strings provide a simple method of authentication between a switch and
a remote network manager. Read community strings provide read-only access to
the switch. The default read-only community string is public. Read-write community
strings provide read and write access to the switch. The default read/write community
string is private. Sixteen read-only and sixteen read/write community strings can be
configured on the switch, including the defaults.

An authorized trap receiver must be configured to use the correct community strings
on the switch for the trap receiver to receive switch-generated traps. In some cases,
it may be useful to allow multiple community strings so that all switches and trap
receivers are not forced to use identical community strings. The configure snmp add
community command allows you to add multiple community strings in addition to the
default community string.

An SNMP community string can contain up to 32 characters.

We recommend that you delete the defaults of the community strings. To delete the
value of the default read/write and read-only community strings, use the configure
snmp delete community command.

1324 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command adds a read/write community string with the value extreme:

configure snmp add community readonly hex 65:01

History
This command was first available in ExtremeXOS 10.1.

The hex keyword and hex_community_name variable were added in ExtremeXOS 15.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmp add trapreceiver

configure snmp add trapreceiver [ip_address | ipv6_address] community
[[hex hex_community_name] | community_name] {port port_number} {from
[src_ip_address | src_ipv6_address]} {vr vr_name} {mode trap_mode}

Description
Adds the IP address of a trap receiver to the trap receiver list and specifies which
SNMPv1/v2c traps are to be sent.

Syntax Description
ip_address Specifies an SNMP trap receiver IPv4 address.
ipv6_address Specifies an SNMP trap receiver IPv6 address
hex_community_name Specifies that the trap receiver is to be supplied as a colon
separated string of hex octets.
community_name Specifies the community string of the trap receiver to be
supplied in ASCII format.
port_number Specifies a UDP port to which the trap should be sent.
Default is 162.
src_ip_address Specifies the IPv4 address of a VLAN to be used as the
source address for the trap.
src_ipv6_address Specifies the IPv6 address of a VLAN to be used as the
source address for the trap.
vr_name Specifies the name of the virtual router.
trap_mode Specifies the mode of the traps:enhanced—Contains extra
varbinds at the end.standard—Does not contain extra
varbinds.

Switch Engine™ Command Reference Guide for version 32.7.1 1325

Default Commands

Default
Trap receivers are in enhanced mode by default, and the version is SNMPv2c by default.

Usage Guidelines
The IP address can be unicast, multicast, or broadcast.

An authorized trap receiver can be one or more network management stations on

your network. Authorized trap receivers must be configured on the switch for the trap
receiver to receive switch-generated traps. The switch sends SNMP traps to all trap
receivers configured to receive the specific trap group.

To view the SNMP trap receivers configured on the switch, use the show management
command. The show management command displays information about the switch
including the destination and community of the SNMP trap receivers configured on the
switch.

Example
The following command adds the IP address 10.101.0.100 as a trap receiver with
community string purple:

configure snmp add trapreceiver 10.101.0.100 community purple

The following command adds the IP address 10.101.0.105 as a trap receiver with
community string green, using port 3003:

configure snmp add trapreceiver 10.101.0.105 community green port 3003

The following command adds the IP address 10.101.0.105 as a trap receiver with
community string blue, and IP address 10.101.0.25 as the source:

configure snmp add trapreceiver 10.101.0.105 community blue from 10.101.0.25

History
This command was first available in ExtremeXOS 10.1.

The virtual router parameter was added in ExtremeXOS 12.3.

IPv6 support was added in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

1326 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure snmp delete community

configure snmp delete community

configure snmp delete community [readonly | readwrite] [all |
community_name |alphanumeric_string | hex hex_community_name |
encrypted enc_community_name ]

Description
Deletes a SNMP read or read/write community string.

Syntax Description
readonly Specifies read-only access to the system.
readwrite Specifies read and write access to the system.
all Specifies all of the SNMP community stings.
alphanumeric_string Specifies an SNMP community string name. See “Usage
Guidelines” for more information.
hex Provide value in hexadecimal.
hex_community_name Community name in hexadecimal.

Default
The default read-only community string is public. The default read/write community
string is private.

Usage Guidelines
You must have at least one community string for SNMP access. If you delete all of the
community strings on your system, you will no longer have SNMP access, even if you
have SNMP enabled.

The community strings allow a simple method of authentication between the switch
and the remote network manager. There are two types of community strings on the
switch. Read community strings provide read-only access to the switch. The default
read-only community string is public. read/write community strings provide read and
write access to the switch. The default read/write community string is private. Sixteen
read-only and sixteen read-write community strings can be configured on the switch,
including the defaults. The community string for all authorized trap receivers must be
configured on the switch for the trap receiver to receive switch-generated traps. SNMP
community strings can contain up to 32 characters.

For increased security, we recommend that you change the defaults of the read/write
and read-only community strings.

Use the configure snmp add commands to configure an authorized SNMP

management station.

Switch Engine™ Command Reference Guide for version 32.7.1 1327

Example Commands

Example
The following command deletes a read/write community string named extreme:

configure snmp delete community readonly hex 65:01

History
This command was first available in ExtremeXOS 10.1.

The hex keyword and hex_community_name variable were added in ExtremeXOS 15.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmp delete trapreceiver

configure snmp delete trapreceiver [[ip_address | ipv6_address]
{port_number} | all]

Description
Deletes a specified trap receiver or all authorized trap receivers.

Syntax Description
ip_address Specifies an SNMP trap receiver IPv4 address.
ipv6_address Specifies an SNMP trap receiver IPv6 address.
port_number Specifies the port associated with the receiver.
all Specifies all SNMP trap receiver IP addresses.

Default
The default port number is 162.

Usage Guidelines
Use this command to delete a trap receiver of the specified IPv4 or IPv6 address, or all
authorized trap receivers.

This command deletes only the first SNMPv1/v2c trap receiver whose IP address and
port number match the specified value.

1328 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command deletes the trap receiver 10.101.0.100 from the trap receiver list:

configure snmp delete trapreceiver 10.101.0.100

The following command deletes entries in the trap receiver list for 10.101.0.100, port
9990:

configure snmp delete trapreceiver 10.101.0.100 9990

Any entries for this IP address with a different community string will not be affected.

History
This command was first available in ExtremeXOS 10.1.

IPv6 support was added in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmp ifmibifalias size

config snmp ifmib ifalias size [default | extended ]

Description
Controls the accessible string size for the SNMP ifAlias object.

Syntax Description
default Specifies read-only access to the system.
extended Specifies read and write access to the system.

Default
N/A.

Usage Guidelines
Use this command to control the accessible string size for the SNMP ifAlias object.

If you choose the extended size option, the following warning will be displayed:
Warning: Changing the size to [extended] requires the use of increased
255 chars long ifAlias object of ifXtable from IF-MIB(RFC 2233)

Switch Engine™ Command Reference Guide for version 32.7.1 1329

Example Commands

You can always configure a 255 character long string regardless the configured value of
ifAlias size. Its value only affects the SNMP behavior.

Example
The following example shows how to configure the accessible string size for the SNMP
ifAlias to the default value:

config snmp ifmib ifalias size[default

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmp sysContact

configure snmp syscontact sysContact

Description
Configures the name of the system contact.

Syntax Description
sysContact An alphanumeric string that specifies a system contact
name.

Default
N/A.

Usage Guidelines
The system contact is a text field that enables you to enter the name of the person(s)
responsible for managing the switch. A maximum of 255 characters is allowed. The
allowed character set is A-Z, a-z, 0-9, +-@_.,:;()/ ”.

To view the name of the system contact listed on the switch, use the show switch
command. The show switch command displays switch statistics including the name of
the system contact.

1330 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example defines FredJ as the system contact:
configure snmp syscontact FredJ

The following output from the show switch command displays FredJ as the system
contact:

SysName: engineeringlab
SysLocation: englab
SysContact: FredJ

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmp sysLocation

configure snmp syslocation sysLocation

Description
Configures the location of the switch.

Syntax Description
sysLocation An alphanumeric string that specifies the switch location.

Default
N/A.

Usage Guidelines
Use this command to indicate the location of the switch. A maximum of 255 characters
is allowed. The allowed character set is A-Z, a-z, 0-9, +-@_.,:;()/ ”.

To view the location of the switch on the switch, use the show switch command. The
show switch command displays switch statistics including the location of the switch.

Example
The following example configures a switch location name on the system:
configure snmp syslocation englab

Switch Engine™ Command Reference Guide for version 32.7.1 1331

History Commands

The following output from the show switch command displays englab as the location
of the switch:

SysName: engineeringlab
SysLocation: englab
SysContact: FredJ

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmp sysName

configure snmp sysname sysName

Description
Configures the name of the switch.

Syntax Description
sysName An alphanumeric string that specifies a device name.

Default
The default sysName is the model name of the device.

Usage Guidelines
You can use this command to change the name of the switch. A maximum of 255
characters is allowed. The allowed character set is A-Z, a-z, 0-9, +-@_.,:;()/ ”.

The sysName appears in the switch prompt. On a SummitStack, the sysName appears
in the prompt of all active nodes in the stack when there is a master node present in
the stack.

To view the name of the system listed on the switch, use the show switch command.
The show switch command displays switch statistics including the name of the
system.

1332 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example names the switch:
configure snmp sysname engineeringlab

The following output from the show switch command displays engineeringlab as the
name of the switch:

SysName: engineeringlab
SysLocation: englab
SysContact: FredJ

History
This command was first available in ExtremeXOS 10.1.

Beginning in ExtremeXOS 15.7, the maximum number of characters has been changed
to 255.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmp traps batch-delay bfd

configure snmp traps batch-delay bfd none | delay

Description
This command allows you to configure the time during which the set of affected
sessions will be collected and a single trap will be set for contiguous session IDs. This
means that there is a small delay between event occurrence and trap generation. You
have the option to disable this optimization delay using the none option.

Syntax Description
snmp Configure SNMP specific settings.
traps Configure SNMP Trap generation settings.
batch-delay Maximum delay before trap generation in order to
combine multiple traps into a single trap.
none Disables trap optimization which results in generation of
one trap for status change of each session.
delay Choose delay to balance between number of traps and
delay in trap generation. Range is 50 to 65535 ms.

Default
1000 ms.

Switch Engine™ Command Reference Guide for version 32.7.1 1333

Usage Guidelines Commands

Usage Guidelines
Use this command to configure the time window during which the set of affected
sessions is collected and single trap is set for contiguous sessions IDs.

Example
The following command configures the BFD batch-delay:
# configure snmp traps batch-delay bfd 1000

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 add access

configure snmpv3 add access [[hex hex_group_name] | group_name] {sec-
model [snmpv1 | snmpv2c | usm]} {sec-level [noauth | authnopriv
| priv]} {read-view [[hex hex_read_view_name] | read_view_name]}
{write-view [[hex hex_write_view_name]] | write_view_name]} {notify-
view [[hex hex_notify_view_nam]] | notify_view_name]} {volatile}

Description
Creates (and modifies) a group and its access rights.

Syntax Description
hex_group_name Specifies the group name to add or modify. The value is to
be supplied as a colon separated string of hex octets.
group_name Specifies the group name to add or modify. The value is to
be supplied in ASCII format.
sec-model Specifies the security model to use.
snmpv1 Specifies the SNMPv1 security model.
snmpv2c Specifies the SNMPv2c security model.
usm Specifies the SNMPv3 User-based Security Model (USM).
sec-level Specifies the security level for the group.
noauth Specifies no authentication (and implies no privacy) for the
security level.
authnopriv Specifies authentication and no privacy for the security
level.
priv Specifies authentication and privacy for the security level.

1334 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

read-view Specifies the read view name:hex_read_view_name—

Specifies a hex value supplied as a colon separated string
of hex octetsread_view_name—Specifies an ASCII value.
write-view Specifies the write view name:hex_write_view_name—
Specifies a hex value supplied as a colon separated string
of hex octetswrite_view_name—Specifies an ASCII value.
notify-view Specifies the notify view name:hex_notify_view_name—
Specifies a hex value supplied as a colon separated string
of hex octetsnotify_view_name—Specifies an ASCII value.
volatile Specifies volatile storage.

Default
The default values are:
• sec-model—USM
• sec-level—noauth
• read view name—defaultUserView
• write view name— “”
• notify view name—defaultNotifyView
• non-volatile storage

Usage Guidelines
Use this command to configure access rights for a group. All access groups are created
with a unique default context, “”, as that is the only supported context.

Use more than one character when creating unique community strings and access
group names.

A number of default groups are already defined. These groups are: admin, initial,
v1v2c_ro, v1v2c_rw.
• The default groups defined are v1v2c_ro for security name v1v2c_ro, v1v2c_rw for
security name v1v2c_rw, admin for security name admin, and initial for security
names initial, initialmd5, initialsha, initialmd5Priv and initialshaPriv.
• The default access defined are admin, initial, v1v2c_ro, v1v2c_rw, and
v1v2cNotifyGroup.

Example
In the following command, access for the group defaultROGroup is created with all the
default values: security model usm, security level noauth, read view defaultUserView, no
write view, notify view defaultNotifyView, and storage nonvolatile.

configure snmpv3 add access defaultROGroup

Switch Engine™ Command Reference Guide for version 32.7.1 1335

History Commands

In the following command, access for the group defaultROGroup is created with the
values: security model USM, security level authnopriv, read view defaultAdminView,
write view defaultAdminView, notify view defaultAdminView, and storage nonvolatile.

configure snmpv3 add access defaultROGroup sec-model usm sec-level authnopriv read-view
defaultAdminView write-view defaultAdminView notify-view defaultAdminView

History
This command was first available in ExtremeXOS 10.1.

The hex_read_view_name, hex_write_view_name, and hex_notify_view_name

parameters were added in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 add community

configure snmpv3 add community [[hex hex_community_index] |
community_index] [encrypted name community_name | name [[hex
hex_community_name] | community_name] {store-encrypted} ] user
[[hex hex_user_name] | user_name] {tag [[hex transport_tag] |
transport_tag]} {volatile}

Description
Adds an SNMPv3 community entry.

Syntax Description
hex_community_index Specifies the row index in the snmpCommunity table as
a hex value supplied as a colon separated string of hex
octets.
community_index Specifies the row index in the snmpCommunity Table as an
ASCII value.
hex_community_name Specifies the community name as a hex value supplied as a
colon separated string of hex octets.
community_name Specifies the community name as an ASCII value.
hex_user_name Specifies the USM user name as a hex value supplied as a
colon separated string of hex octets.
user_name Specifies the USM user name as an ASCII value.

1336 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

tag Specifies the tag used to locate transport endpoints in

SnmpTargetAddrTable. When this community entry is used
to authenticate v1/v2c messages, this tag is used to verify
the authenticity of the remote entity.hex_transport_tag—
Specifies a hex value supplied as a colon separated string
of hex octetstransport_tag—Specifies an ASCII value
volatile Specifies volatile storage.

Default
N/A.

Usage Guidelines
Use this command to create or modify an SMMPv3 community in the community MIB.

Community name as a blank string is not accepted.

Example
switch # configure snmp add community readonly extreme store-encrypted
switch # show snmpv3 community
Community Index : extreme
Community Name : hys{fnj (encrypted)
Security Name : v1v2c_ro
Context EngineID : 80:00:07:7c:03:00:04:96:27:b6:63
Context Name :
Transport Tag :
Storage Type : NonVolatile
Row Status : Active
switch # configure snmp add community readwrite extreme123
switch # show snmpv3 community
Community Index : extreme
Community Name : hys{fnj (encrypted)
Security Name : v1v2c_ro
Context EngineID : 80:00:07:7c:03:00:04:96:27:b6:63
Context Name :
Transport Tag :
Storage Type : NonVolatile
Row Status : Active
Community Index : extreme123
Community Name : extreme123
Security Name : v1v2c_rw
Context EngineID : 80:00:07:7c:03:00:04:96:27:b6:63
Context Name :
Transport Tag :
Storage Type : NonVolatile
Row Status : Active
switch # show configuration "snmp"
#
# Module snmpMaster configuration.
#
configure snmpv3 add community extreme encrypted name hys{fnj user v1v2c_ro
configure snmpv3 add community extreme123 name extreme123 user v1v2c_rw
The following command creates an entry with the community index comm_index, community
name comm_public, and user (security) name v1v2c_user:
configure snmpv3 add community comm_index name comm_public user v1v2c_user

Switch Engine™ Command Reference Guide for version 32.7.1 1337

History Commands

History
This command was first available in ExtremeXOS. 10.1.

The hex_community_index, hex_community_name, hex_user_name, and

hex_transport_tag parameters were added in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 add filter

configure snmpv3 add filter [[hex hex_profile_name] | profile_name]
subtree object_identifier {/subtree_mask} type [included | excluded]
{volatile}

Description
Adds a filter to a filter profile.

Syntax Description
hex_profile_name Specifies the filter profile that the current filter is added to.
The value is to be supplied as a colon separated string of
hex octets.
profile_name Specifies the filter profile that the current filter is added to
in ASCII format.
object identifier Specifies a MIB subtree.
subtree_mask Specifies a hex octet string used to mask the subtree. For
example, f7a indicates 1.1.1.1.0.1.1.1.1.0.1.0.
included Specifies that the MIB subtree defined by object identifier/
mask is to be included.
excluded Specifies that the MIB subtree defined by object identifier/
mask is to be excluded.
volatile Specifies volatile storage.

Default
The default values are:
• mask value—empty string (all 1s).
• type—included.
• storage—non-volatile.

1338 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use this command to create a filter entry in the snmpNotifyFilterTable. Each filter
includes or excludes a portion of the MIB. Multiple filter entries comprise a filter profile
that can eventually be associated with a target address. Other commands are used to
associate a filter profile with a parameter name, and the parameter name with a target
address.

This command can be used multiple times to configure the exact filter profile desired.

Example
The following command adds a filter to the filter profile prof1 that includes the MIB
subtree 1.3.6.1.4.1/f0:

configure snmpv3 add filter prof1 subtree 1.3.6.1.4.1/f0 type included

History
This command was first available in ExtremeXOS 10.1.

The hex_profile_name parameter was added in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 add filter-profile

configure snmpv3 add filter-profile [[hex hex_profile_name] |
profile_name] param [[hex hex_param_name]] | param_name] {volatile}

Description
Associates a filter profile with a parameter name.

Syntax Description
hex_profile_name Specifies the filter profile name. The value is to be supplied
as a colon separated string of hex octets.
profile_name Specifies the filter profile name in ASCII format.
hex_param_name Specifies a parameter name to associate with the filter
profile. The value to follow is to be supplies as a colon
separated string of hex octets.
param_name Specifies a parameter name to associate with the filter
profile in ASCII format.
volatile Specifies volatile storage.

Switch Engine™ Command Reference Guide for version 32.7.1 1339

Default Commands

Default
The default storage type is non-volatile.

Usage Guidelines
Use this command to add an entry to the snmpNotifyFilterProfileTable. This table
associates a filter profile with a parameter name. The parameter name is associated
with target addresses, and the filter profile is associated with a series of filters, so, in
effect, you are associating a series of filters with a target address.

Example
The following command associates the filter profile prof1 with the parameter name P1:

configure snmpv3 add filter-profile prof1 param P1

History
This command was first available in ExtremeXOS 10.1.

The hex_profile_name and hex_param_name parameters were added in ExtremeXOS

11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 add group user

configure snmpv3 add group [[hex hex_group_name] | group_name] user
[[hex hex_user_name] | user_name] {sec-model [snmpv1| snmpv2c | usm]}
{volatile}

Description
Adds a user name (security name) to a group.

Syntax Description
hex_group_name Specifies the group name to add or modify. The value is to
be supplied as a colon separated string of hex octets.
group_name Specifies the group name to add or modify in ASCII format.
hex_user_name Specifies the user name to add or modify. The value to
follow is to be supplies as a colon separated string of hex
octets.
user_name Specifies the user name to add or modify in ASCII format.

1340 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

sec-model Specifies the security model to use.

snmpv1 Specifies the SNMPv1 security model.
snmpv2c Specifies the SNMPv2c security model.
usm Specifies the SNMPv3 User-based Security Model (USM).
volatile Specifies volatile storage.

Default
The default values are:
• sec-model—USM.
• non-volatile storage.

Usage Guidelines
Use this command to associate a user name with a group.

As per the SNMPv3 RFC, a security name is model independent while a username is
model dependent. For simplicity, both are assumed to be same here. User names and
security names are handled the same. In other words, if a user is created with the user
name username, the security name value is the same, username.

Every group is uniquely identified by a security name and security model. So the same
security name can be associated to a group name but with different security models.

Example
The following command associates the user userV1 to the group defaultRoGroup with
SNMPv1 security:

configure snmpv3 add group defaultRoGroup user userV1 sec-model snmpv1

The following command associates the user userv3 with security model USM and
storage type volatile to the access group defaultRoGroup:

configure snmpv3 add group defaultRoGroup user userV3 volatile

History
This command was first available in ExtremeXOS 10.1.

The hex_group_name and hex_user_name parameters were added in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1341

configure snmpv3 add mib-view Commands

configure snmpv3 add mib-view

configure snmpv3 add mib-view [[hex hex_view_name] | view_name]
subtree object_identifier {subtree_mask} {type [included | excluded]}
{volatile}

Description
Adds (and modifies) a MIB view.

Syntax Description
hex_view_name Specifies the MIB view name to add or modify. The value is
to be supplies as a colon separated string of hex octets.
view_name Specifies the MIB view name to add or modify in ASCII
format.
object_identifier Specifies a MIB subtree.
subtree_mask Specifies a hex octet string used to mask the subtree. For
example, f7a indicates 1.1.1.1.0.1.1.1.1.0.1.0.
included Specifies that the MIB subtree defined by subtree/mask is
to be included.
excluded Specifies that the MIB subtree defined by subtree/mask is
to be excluded.
volatile Specifies volatile storage.

Default
The default mask value is an empty string (all 1s). The other default values are included
and non-volatile.

Usage Guidelines
Use this command to create a MIB view into a subtree of the MIB. If the view already
exists, this command modifies the view to additionally include or exclude the specified
subtree.

In addition to the created MIB views, there are three default views. They are:
defaultUserView, defaultAdminView, and defaultNotifyView.

Example
The following command creates the MIB view allMIB with the subtree 1.3 included as
non-volatile:

configure snmpv3 add mib-view allMIB subtree 1.3

1342 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The following command creates the view extremeMib with the subtree 1.3.6.1.4.1.1916
included as non-volatile:

configure snmpv3 add mib-view extremeMib subtree 1.3.6.1.4.1.1916

The following command creates a view vrrpTrapNewMaster which excludes VRRP

notification .1 and the entry is volatile:

configure snmpv3 add mib-view vrrpTrapNewMaster 1.3.6.1.2.1.68.0.1/ff8 type excluded

volatile

History
This command was first available in ExtremeXOS 10.1.

The hex_view_name parameter was added in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 add notify

configure snmpv3 add notify [[hex hex_notify_name] | notify_name] tag
[[hex hex_tag] | tag] {type [trap | inform]}{volatile}

Description
Adds an entry to the snmpNotifyTable.

Syntax Description
hex_notify_name Specifies the notify name to add. The value is to be
supplied as a colon separated string of hex octets.
notify_name Specifies the notify name to add in ASCII format.
hex_tag Specifies a string identifier for the notifications to be sent
to the target. The value is supplied as a colon separated
string of octets.
tag Specifies a string identifier for the notifications to be sent
to the target in ASCII format.
trap Specifies an unconfirmed notification.
inform Specifies a confirmed notification.
volatile Specifies volatile storage. By specifying volatile storage, the
configuration is not saved across a switch reboot.

Switch Engine™ Command Reference Guide for version 32.7.1 1343

Default Commands

Default
The default storage type is non-volatile.

The default type is trap.

Usage Guidelines
Use this command to add an entry to the snmpNotifyTable. When a notification is to
be sent, this table is examined. For the target addresses that have been associated with
the tags present in the table, notifications are sent based on the filters also associated
with the target addresses.

Example
The following command sends notifications to addresses associated with the tag type1:

configure snmpv3 add notify N1 tag type1

History
This command was first available in ExtremeXOS 10.1.

The hex_notify_name and hex_tag parameters were added in ExtremeXOS 11.0.

The INFORM option was added in ExtremeXOS 12.5.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 add target-addr

configure snmpv3 add target-addr [[hex hex_addr_name] | addr_name]
param [[hex hex_param_name] |param_name ] ipaddress [ ip_address |
ip_and_tmask ] | [ ipv6_address | ipv6_and_tmask ]] {transport-port
port_number} {from [src_ip_address | src_ipv6_address]} {vr vr_name}
{tag-list [tag_list | hex hex_tag_list]} {volatile}

Description
Adds and configures an SNMPv3 target address and associates filtering, security, and
notifications with that address.

1344 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
hex_addr_name Specifies a string identifier for the target address. The value
is to be supplied as a colon separated string of hex octets.
addr_name Specifies a string identifier for the target address in ASCII
format.
hex_param_name Specifies the parameter name associated with the target.
The value is to be supplied as a colon separated string of
hex octets.
param_name Specifies the parameter name associated with the target in
ASCII format.
ip_address Specifies an SNMPv3 target IPv4 address.
ipv6_address Specifies an SNMPv3 target IPv6 address.
port_number Specifies a UDP port. Default is 162.
src_ip_address Specifies the IPv4 address of a VLAN to be used as the
source address for the trap.
src_ipv6_address Specifies the IPv6 address of a VLAN to be used as the
source address for the trap.
vr_name Specifies the name of the virtual router.
tag-list Specifies a list of comma separated string identifiers for the
notifications to be sent to the target.
hex_tag_list Tag list in RFC 3413 format (in hexadecimal).
volatile Specifies volatile storage. By specifying volatile storage, the
configuration is not saved across a switch reboot.

Default
The default values are:
• transport-port—port 162.
• non-volatile storage.

If you do not specify tag-list the single tag defaultNotify, a pre-defined value in the
snmpNotifyTable is used.

Usage Guidelines
Use this command to create an entry in the SNMPv3 snmpTargetAddressTable.
The param parameter associates the target address with an entry in the
snmpTargetParamsTable, which specifies security and storage parameters for
messages to the target address, and an entry in the snmpNotifyFilterProfileTable, which
specifies filter profiles to use for notifications to the target address. The filter profiles are
associated with the filters in the snmpNotifyFilterTable.

The list of tag-lists must match one or more of the tags in the snmpNotifyTable for the
trap to be sent out.

Switch Engine™ Command Reference Guide for version 32.7.1 1345

Example Commands

Example
The following command specifies a target address of 10.203.0.22 with the name A1, and
associates it with the security parameters and target address parameter P1:

configure snmpv3 add target-addr A1 param P1 ipaddress 10.203.0.22

The following command specifies a target address of 10.203.0.22 with the name A1, and
associates it with the security parameters and target address parameter P1, and the
notification tags type1 and type2:

configure snmpv3 add target-addr A1 param P1 ipaddress 10.203.0.22 from 10.203.0.23 tag-
list type1,type2

History
This command was first available in ExtremeXOS 10.1.

The virtual router, IP address and hexadecimal mask parameters were added in
ExtremeXOS 12.3.

IPv6 support was added in ExtremeXOS 12.4.

The IPv4-with-mask and IPv6-with-mask keywords were added in ExtremeXOS 15.3.2.

The hex keyword and hex_tag_list variable were added in ExtremeXOS 15.6.

The IPv4-with-mask and IPv6-with-mask keywords were removed in version 32.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 add target-params

configure snmpv3 add target-params [[hex hex_param_name] |
param_name ]user [[hex hex_user_name] | user_name] mp-model [snmpv1
|snmpv2c | snmpv3] sec-model [snmpv1 | snmpv2c | usm] {sec-level
[noauth | authnopriv | priv]} {volatile}

Description
Adds and configures SNMPv3 target parameters.

1346 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
hex_param_name Specifies the parameter name associated with the target.
The value is to be supplied as a colon separated string of
hex octets.
param_name Specifies the parameter name associated with the target in
ASCII format.
hex_user_name Specifies a user name. The value is to be supplied as a
colon separated string of hex octets.
user_name Specifies a user name in ASCII format.
mp-model Specifies a message processing model; choose from
SNMPv1, SNMPv2, or SNMPv3.
sec-model Specifies the security model to use.
snmpv1 Specifies the SNMPv1 security model.
snmpv2c Specifies the SNMPv2c security model.
usm Specifies the SNMPv3 User-based Security Model (USM).
sec-level Specifies the security level for the group.
noauth Specifies no authentication (and implies no privacy) for the
security level.
authnopriv Specifies authentication and no privacy for the security
level.
priv Specifies authentication and privacy for the security level.
volatile Specifies volatile storage. By specifying volatile storage, the
configuration is not saved across a switch reboot.

Default
The default values are:
• sec-level—noauth.
• non-volatile storage.

Usage Guidelines
Use this command to create an entry in the SNMPv3 snmpTargetParamsTable. This
table specifies the message processing model, security level, security model, and the
storage parameters for messages to any target addresses associated with a particular
parameter name.

To associate a target address with a parameter name, see the command configure
snmpv3 add target-addr.

Switch Engine™ Command Reference Guide for version 32.7.1 1347

Example Commands

Example
The following command specifies a target parameters entry named P1, a user name of
guest, message processing and security model of SNMPv2c, and a security level of no
authentication:

configure snmpv3 add target-params P1 user guest mp-model snmpv2c sec-model snmpv2c sec-
level noauth

History
This command was first available in ExtremeXOS 10.1.

The hex_param_name and hex_user_name parameters were added in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 add user

configure snmpv3 add user [ hex hex_user_name | user_name ]
{engine-id engine_id} {authentication [md5 | sha] {localized-key
auth_localized_key | hex hex_auth_password | auth_password} {privacy
{des |aes {128 |192 | 256}} {localized-key priv_localized_key | hex
hex_priv_password | priv_password} }} {volatile}

Description
Adds (and modifies) an SNMPv3 user.

Syntax Description
hex_user_name Specifies the user name to add or modify. The value is to be
supplied as a colon separated string of hex octets.
user_name Specifies the user name to add or modify in ASCII format.
engine-id SNMP engine id. If not specified, the user is created with
the local engine id.
engine_id Engine id (in hexadecimal)"; type="ostring_t
authentication Specifies the authentication password or hex string to use
for generating the authentication key for this user.
md5 Specifies RSA Data Security, Inc. MD5 Message-Digest
Algorithm authentication.
sha Specifies SHA authentication.
localized-key Following value is a MD5 or SHA digest of the engine-id
and user's password.

1348 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

auth_localized_key Authentication localized key (in

hexadecimal) ) ;type="ostring_t"
privacy Specifies the privacy password or hex string to use for
generating the privacy key for this user.
des Specifies the use of the 56-bit DES algorithm for
encryption. This is the default.
aes Specifies the use of the AES algorithm for encryption.
128 Specifies the use of the 128-bit AES algorithm for
encryption.
192 Specifies the use of the 192-bit AES algorithm for
encryption.
256 Specifies the use of the 256-bit AES algorithm for
encryption.
priv_localized_key Privacy localized key (in hexadecimal)"; type="ostring_t"
volatile Specifies volatile storage. By specifying volatile storage, the
configuration is not saved across a switch reboot.

Default
The default values are:
• authentication—no authentication.
• privacy—no privacy.
• non-volatile storage.

Usage Guidelines
Use this command to create or modify an SNMPv3 user configuration.

The initial password for admin is password.

If hex is specified, supply a 16 octet hex string for RSA Data Security, Inc. MD5 Message-
Digest Algorithm, or a 20 octet hex string for SHA.

You must specify authentication if you want to specify privacy. There is no support for
privacy without authentication.

Note
AES 192 and AES 256 bit encryptions are proprietary implementations and may
not work with some SNMP managers.
SNMPv3 password and localized-key are saved to the configuration file using
AES256-CBC encryption.

Switch Engine™ Command Reference Guide for version 32.7.1 1349

Example Commands

Example
The following command configures the user guest on the local SNMP Engine with
security level noauth (no authentication and no privacy):

configure snmpv3 add user guest

The following command configures the user authMD5 to use RSA Data Security, Inc.
MD5 Message-Digest Algorithm authentication with the password palertyu:

configure snmpv3 add user authMD5 authentication md5 palertyu

The following command configures the user authShapriv to use SHA authentication
with the hex key shown below, the privacy password palertyu, and volatile storage:

configure snmpv3 add user authShapriv authentication sha hex

01:03:04:05:01:05:02:ff:ef:cd:12:99:34:23:ed:ad:ff:ea:cb:11 privacy palertyu volatile

History
This command was first available in ExtremeXOS 10.1.

The hex_user_name parameter was added in ExtremeXOS 11.0.

Support for 3DES and AES was added in ExtremeXOS 12.3.

Support for 3DES was removed in version 32.6.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 add user clone-from

configure snmpv3 add user [[hex hex_user_name] | user_name] {engine-
id engine_id}clone-from [[hex hex_user_name] | user_name] {engine-id
clone_from_engine_id}

Description
Creates a new user by cloning from an existing SNMPv3 user.

Syntax Description
hex_user_name Specifies the user name to add or to clone from. The value
is to be supplies as a colon separated string of hex octets.
user_name Specifies the user name to add or to clone from in ASCII
format.
engine-id SNMP engine ID

1350 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

engine_id Engine ID of the user to be added in hexadecimal format.

Default: local engine ID)"; type="ostring_t
clone_from_engine_id Engine ID of the user to be cloned in hexadecimal (Default:
local engine ID)"; type="ostring_t

Default
N/A.

Usage Guidelines
Use this command to create a new user by cloning an existing one. After you have
successfully cloned the new user, you can modify its parameters using the following
command:
configure snmpv3 add user [[hex hex_user_name] |user_name]
{authentication [md5 | sha] [hexhex_auth_password |auth_password]}
{privacy {des | aes {128 | 192 | 256}} [[hexhex_priv_password] |
priv_password]} }{volatile}

Example
The following command creates a user cloneMD5 with same properties as the default
user initalmd5. All authorization and privacy keys will initially be the same as with the
default user initialmd5.

configure snmpv3 add user cloneMD5 clone-from initialmd5

The following command adds a remote user named nmsuser2 belonging to the
SNMP engine with engine-id 11:22:33 by cloning another remote user named nmsuser1
belonging to the SNMP engine with engine id AA:BB::CC:
conf snmpv3 add user nmsuser2 engine-id 11:22:33 clone-from nmsuser1 engine-id AA:BB:CC

History
This command was first available in ExtremeXOS 10.1.

The hex_user_name parameter was added in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 delete access

configure snmpv3 delete access [all-non-defaults | {[[hex
hex_group_name] | group_name] {sec-model [snmpv1 | snmpv2c | usm]
sec-level [noauth | authnopriv | priv]}}]

Switch Engine™ Command Reference Guide for version 32.7.1 1351

Description Commands

Description
Deletes access rights for a group.

Syntax Description
all-non-defaults Specifies that all non-default (non-permanent) security
groups are to be deleted.
hex_group_name Specifies the group name to be deleted. The value is to be
supplies as a colon separated string of hex octets.
group_name Specifies the group name to be deleted in ASCII format.
sec-model Specifies the security model to use.
snmpv1 Specifies the SNMPv1 security model.
snmpv2c Specifies the SNMPv2c security model.
usm Specifies the SNMPv3 User-based Security Model (USM).
sec-level Specifies the security level for the group.
noauth Specifies no authentication (and implies no privacy) for the
security level.
authnopriv Specifies authentication and no privacy for the security
level.
priv Specifies authentication and privacy for the security level.

Default
The default values are:
• sec-model—USM.
• sec-level—noauth.

Usage Guidelines
Use this command to remove access rights for a group. Use the all-non-defaults
keyword to delete all the security groups, except for the default groups. The default
groups are: admin, initial, v1v2c_ro, v1v2c_rw.

Deleting an access will not implicitly remove the related group to user association
from the VACMSecurityToGroupTable. To remove the association, use the following
command:
configure snmpv3 delete group {[[hex hex_group_name] |group_name]} user
[all-non-defaults | {[[hexhex_user_name] |user_name] {sec-model [snmpv1|
snmpv2c|usm]}}]

1352 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command deletes all entries with the group name userGroup:

configure snmpv3 delete access userGroup

The following command deletes the group userGroup with the security model snmpv1
and security level of authentication and no privacy (authnopriv):

configure snmpv3 delete access userGroup sec-model snmpv1 sec-level authnopriv

History
This command was first available in ExtremeXOS 10.1.

The hex_group_name parameter was added in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 delete community

configure snmpv3 delete community [all | {[[hex hex_community_index] |
community_index} | {name [[hex hex_community_name] | community_name}]

Description
Deletes an SNMPv3 community entry.

Syntax Description
all Specifies that all community entries are to be removed.
hex_community_index Specifies the row index in the snmpCommunityTable. The
value is to be supplied as a colon separated string of hex
octets.
community_index Specifies the row index in the snmpCommunityTable in
ASCII format.
hex_community_name Specifies the community name. The value is to be supplied
as a colon separated string of hex octets.
community_name Specifies the community name in ASCII format.

Default
The default entries are public and private.

Switch Engine™ Command Reference Guide for version 32.7.1 1353

Usage Guidelines Commands

Usage Guidelines
Use this command to delete an SMMPv3 community in the community MIB.

Example
The following command deletes an entry with the community index comm_index:

configure snmpv3 delete community comm_index

The following command creates an entry with the community name (hex) of
EA:12:CD:CF:AB:11:3C:

configure snmpv3 delete community name hex EA:12:CD:CF:AB:11:3C

History
This command was first available in ExtremeXOS 10.1.

The hex_community_index and hex_community_name parameters were added in

ExtremeXOS 11.0.

The all-non-defaults keyword was replaced with the all keyword in ExtremeXOS
22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 delete filter

configure snmpv3 delete filter [all | [[hex hex_profile_name] |
profile_name] {subtree object_identifier}]]

Description
Deletes a filter from a filter profile.

Syntax Description
all Specifies all filters.
hex_profile_name Specifies the filter profile of the filter to delete. The value is
to be supplied as a colon separated string of hex octets.
profile_name Specifies the filter profile of the filter to delete in ASCII
format.
object_identifier Specifies the MIB subtree of the filter to delete.

1354 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
Use this command to delete a filter entry from the snmpNotifyFilterTable. Specify all
to remove all entries. Specify a profile name to delete all entries for that profile name.
Specify a profile name and a subtree to delete just those entries for that filter profile
and subtree.

Example
The following command deletes the filters from the filter profile prof1 that reference the
MIB subtree 1.3.6.1.4.1:

configure snmpv3 delete filter prof1 subtree 1.3.6.1.4.1

History
This command was first available in ExtremeXOS 10.1.

The hex_profile_name parameter was added in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 delete filter-profile

configure snmpv3 delete filter-profile [all |[hex hex_profile_name |
profile_name] {param [hex hex_param_name | param_name}]]

Description
Removes the association of a filter profile with a parameter name.

Syntax Description
all Specifies all filter profiles.
hex_profile_name Specifies the filter profile name to delete. The value is to be
supplied as a colon separated string of hex octets.
profile_name Specifies the filter profile name to delete in ASCII format.
hex_param_name Specifies to delete the filter profile with the specified profile
name and parameter name. The value is to be supplied as
a colon separated string of hex octets.
param_name Specifies to delete the filter profile with the specified profile
name and parameter name in ASCII format.

Switch Engine™ Command Reference Guide for version 32.7.1 1355

Default Commands

Default
The default storage type is non-volatile.

Usage Guidelines
Use this command to delete entries from the snmpNotifyFilterProfileTable. This table
associates a filter profile with a parameter name. Specify all to remove all entries.
Specify a profile name to delete all entries for that profile name. Specify a profile name
and a parameter name to delete just those entries for that filter profile and parameter
name.

Example
The following example deletes the filter profile prof1 with the parameter name P1:
configure snmpv3 delete filter-profile prof1 param P1

History
This command was first available in ExtremeXOS 10.1.

The hex_profile_name and hex_param_name parameters were added in ExtremeXOS

11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 delete group user

configure snmpv3 delete group {[[hex hex_group_name] | group_name]} user
[all-non-defaults | {[[hex hex_user_name] | user_name] {sec-model
[snmpv1|snmpv2c|usm]}}]

Description
Deletes a user name (security name) from a group.

Syntax Description
hex_group_name Specifies the group name to delete or modify. The value is
to be supplied as a colon separated string of hex octets.
group_name Specifies the group name to delete or modify in ASCII
format.
all-non-defaults Specifies that all non-default (non-permanent) users are to
be deleted from the group.
hex_user_name Specifies the user name to delete or modify. The value is to
be supplied as a colon separated string of hex octets.

1356 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

user_name Specifies the user name to delete or modify in ASCII

format.
sec-model Specifies the security model to use.
snmpv1 Specifies the SNMPv1 security model.
snmpv2c Specifies the SNMPv2c security model.
usm Specifies the SNMPv3 User-based Security Model (USM).

Default
The default value for sec-model is USM.

Usage Guidelines
Use this command to remove the associate of a user name with a group.

As per the SNMPv3 RFC, a security name is model independent while a username is
model dependent. For simplicity, both are assumed to be same here. User names and
security names are handled the same. In other words, if a user is created with the user
name username, the security name value is the same, username.

Every group is uniquely identified by a security name and security model. So the same
security name can be associated to a group name but with different security models.

The default groups are: admin, initial, v1v2c_ro, v1v2c_rw.

The default users are: admin, initial, initialmd5, initialsha, initialmd5Priv, initialshaPriv.

Example
The following command deletes the user guest from the group UserGroup for the
security model snmpv2c:

configure snmpv3 delete group UserGroup user guest sec-model snmpv2c

The following command deletes the user guest from the group userGroup with the
security model USM:

configure snmpv3 delete group userGroup user guest

History
This command was first available in ExtremeXOS 10.1.

The hex_group_name and the hex_user_name parameters were added in ExtremeXOS

11.0.

Switch Engine™ Command Reference Guide for version 32.7.1 1357

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 delete mib-view

configure snmpv3 delete mib-view [all-non-defaults | {[[hex
hex_view_name] | view_name] {subtree object_identifier}}]

Description
Deletes a MIB view.

Syntax Description
all-non-defaults Specifies that all non-default (non-permanent) MIB views
are to be deleted.
hex_view_name Specifies the MIB view to delete. The value is to be supplied
as a colon separated string of hex octets.
view_name Specifies the MIB view name to delete in ASCII format.
object_identifier Specifies a MIB subtree.

Default
N/A.

Usage Guidelines
Use this command to delete a MIB view. Views which are being used by security groups
cannot be deleted. Use the all-non-defaults keyword to delete all the MIB views (not
being used by security groups) except for the default views. The default views are:
defaultUserView, defaultAdminView, and defaultNotifyView.

Use the configure snmpv3 add mib-view command to remove a MIB view from its
security group, by specifying a different view.

Example
The following command deletes all views (only the permanent views will not be
deleted):

configure snmpv3 delete mib-view all-non-defaults

The following command deletes all subtrees with the view name AdminView:

configure snmpv3 delete mib-view AdminView

1358 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The following command deletes the view AdminView with subtree 1.3.6.1.2.1.2

configure snmpv3 delete mib-view AdminView subtree 1.3.6.1.2.1.2

History
This command was first available in ExtremeXOS 10.1.

The hex_view_name parameter was added in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 delete notify

configure snmpv3 delete notify [{[[hex hex_notify_name] | notify_name]}
| all-non-defaults]

Description
Deletes an entry from the snmpNotifyTable.

Syntax Description
hex_notify_name Specifies the notify name to add. The value is to be
supplied as a colon separated string of hex octets.
notify_name Specifies the notify name to add in ASCII format.
all-non-defaults Specifies that all non-default (non-permanent)
notifications are to be deleted.

Default
N/A.

Usage Guidelines
Use this command to delete an entry from the snmpNotifyTable. When a notification is
to be sent, this table is examined. For the target addresses that have been associated
with the tags present in the table, notifications will be sent, based on the filters also
associated with the target addresses.

Example
The following command removes the N1 entry from the table:

configure snmpv3 delete notify N1

Switch Engine™ Command Reference Guide for version 32.7.1 1359

History Commands

History
This command was first available in ExtremeXOS 10.1.

The hex_notify_name parameter was added in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 delete target-addr

configure snmpv3 delete target-addr [{[[hex hex_addr_name] | addr_name]}
| all]

Description
Deletes SNMPv3 target addresses.

Syntax Description
hex_addr_name Specifies an identifier for the target address. The value is to
be supplied as a colon separated string of hex octets.
addr_name Specifies a string identifier for the target address.
all Specifies all target addresses.

Default
N/A.

Usage Guidelines
Use this command to delete an entry in the SNMPv3 snmpTargetAddressTable.

Example
The following command deletes target address named A1:

configure snmpv3 delete target-addr A1

History
This command was first available in ExtremeXOS 10.1.

The hex_addr_name parameter was added in ExtremeXOS 11.0.

1360 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 delete target-params

configure snmpv3 delete target-params [{[[hex hex_param_name] |
param_name]} | all]

Description
Deletes SNMPv3 target parameters.

Syntax Description
hex_param_name Specifies the parameter name associated with the target.
The value is to be supplied as a colon separated string of
hex octets.
param_name Specifies the parameter name associated with the target in
ASCII format.

Default
N/A.

Usage Guidelines
Use this command to delete an entry in the SNMPv3 snmpTargetParamsTable. This
table specifies the message processing model, security level, security model, and the
storage parameters for messages to any target addresses associated with a particular
parameter name.

Example
The following command deletes a target parameters entry named P1:

configure snmpv3 delete target-params P1

History
This command was first available in ExtremeXOS 10.1.

The hex_param_name parameter was added in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1361

configure snmpv3 delete user Commands

configure snmpv3 delete user

configure snmpv3 delete user [all | [[hex hex_user_name] | user_name]
{engine-id engine_id}]

Description
Deletes an existing SNMPv3 user.

Syntax Description
all Specifies that all users are to be deleted.
hex_user_name Specifies the user name to delete. The value is to be
supplied as a colon separated string of hex octets.
user_name Specifies the user name to delete.
engine-id SNMP engine ID
engine-id Engine ID in hexadecimal (Default: local engine ID)";
type="ostring_t

Default
N/A.

Usage Guidelines
Use this command to delete an existing user.

Deleting users does not implicitly remove the related group-to-user association
from the VACMSecurityToGroupTable. To remove the association, use the following
command:
configure snmpv3 delete group {[[hex hex_group_name] | group_name]}
user [all-non-defaults | {[[hex hex_user_name] | user_name] {sec-model
[snmpv1|snmpv2c|usm]}}]

Example
The following command deletes all users:
configure snmpv3 delete user all

The following command deletes the user "guest":

configure snmpv3 delete user guest

The following command deletes a remote user named "ambiguoususer" with engine id
11:22:33:
configure snmpv3 delete user ambiguoususer engine-id 11:22:33

1362 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 10.1.

The hex_user_name parameter was added in ExtremeXOS 11.0.

The engine_id keyword was added in ExtremeXOS 15.4.

The all-non-default keyword was replaced with the all keyword in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 engine-boots

configure snmpv3 engine-boots (1-2147483647)

Description
Configures the SNMPv3 Engine Boots value.

Syntax Description
(1-2147483647) Specifies the value of engine boots.

Default
N/A.

Usage Guidelines
Use this command if the Engine Boots value needs to be explicitly configured. Engine
Boots and Engine Time will be reset to one (1) if the Engine ID is changed. Engine Boots
can be set to any desired value, but will latch on its maximum, 2147483647.

Example
The following command configures Engine Boots to 4096:

configure snmpv3 engine-boots 4096

History
This command was first available in ExtremeXOS 10.1.

Switch Engine™ Command Reference Guide for version 32.7.1 1363

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 engine-id

configure snmpv3 engine-id hex_engine_id

Decription
Configures the SNMPv3 snmpEngineID.

Syntax Description
hex_engine_id Specifies the colon delimited hex octet that serves as part
of the snmpEngineID (5-32 octets).

Default
The default snmpEngineID is the device MAC address.

Usage Guidelines
Use this command if the snmpEngineID needs to be explicitly configured. The first four
octets of the ID are fixed to 80:00:07:7C,which represents Extreme Networks Vendor ID.
Once the snmpEngineID is changed, default users are reverted back to their original
passwords/keys, while non-default users are removed from the device.

Example
The following command configures the snmpEngineID to be 80:00:07:7C:00:0a:1c:3e:11:

configure snmpv3 engine-id 00:0a:1c:3e:11

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 target-addr retry

configure snmpv3 target-addr [[hex hex_addr_name] | addr_name] retry
retry_count

1364 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures SNMPv3 INFORM notification retries.

Syntax Description
hex_addr_name Specifies a address name in hexadecimal format.
addr_name Specifies the address name in ASCII format.
retry_count Specifies the maximum number of times to resend an
SNMPv3 inform.

Default
The retry default is 3.

Usage Guidelines
Use this command to configure the number of times an SNMPv3 INFORM message is
to be resent to the (notification responder) manager when a response has not been
received.

Example
The following command configures a retry count of 5 for the target address A1:

configure snmpv3 target-addr A1 retry 5

History
This command was first available in ExtremeXOS 12.5.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure snmpv3 target-addr timeout

configure snmpv3 target-addr [[hex hex_addr_name] | addr_name] timeout
timeout_val

Description
Configures the SNMPv3 INFORM notification timeout.

Switch Engine™ Command Reference Guide for version 32.7.1 1365

Syntax Description Commands

Syntax Description
hex_addr_name Specifies the address name in hexadecimal format.
addr_name Specifies the address name in ASCII format.
timeout_val Specifies the number of seconds.

Default
The timeout value default is 15 seconds.

Usage Guidelines
Use this command to configure how many seconds to wait for a response before
resending an SNMPv3 INFORM.

Example
The following command configures a timeout value of 20 seconds for the target
address A1:

configure snmpv3 target-addr A1 timeout 20

History
This command was first available in ExtremeXOS 12.5.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sntp-client
configure sntp-client [primary | secondary] host-name-or-ip {vr vr_name}

Description
Configures an NTP server for the switch to obtain time information.

Syntax Description
primary Specifies a primary server name.
secondary Specifies a secondary server name.
host-name-or-ip Specifies a host name or IPv4 address or IPv6 address.

1366 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

vr Specifies use of a virtual router.NOTE: User-created VRs

are supported only on the platforms listed for this feature
in the Switch Engine 32.7.1 Feature License Requirements
document.
vr_name Specifies the name of a virtual router.

Default
N/A.

Usage Guidelines
Queries are first sent to the primary server. If the primary server does not respond
within 1 second, or if it is not synchronized, the switch queries the second server. If the
switch cannot obtain the time, it restarts the query process. Otherwise, the switch waits
for the sntp-client update interval before querying again.

Example
The following example configures a primary NTP server:
configure sntp-client primary 10.1.2.2

The following example configures the primary NTP server to use the management
virtual router VR-Mgmt:
configure sntp-client primary 10.1.2.2 vr VR-Mgmt

History
This command was first available in ExtremeXOS 10.1.

The vr vr_name option was added in ExtremeXOS 11.0.

Platform Availability
This command is available on ExtremeSwitching 5420, 5520, 5720 series switches.

configure sntp-client update-interval

configure sntp-client update-interval update-interval

Description
Configures the interval between polls for time information from SNTP servers.

Syntax Description
update-interval Specifies an interval in seconds.

Switch Engine™ Command Reference Guide for version 32.7.1 1367

Default Commands

Default
64 seconds.

Usage Guidelines
None.

Example
The following command configures the interval timer:

configure sntp-client update-interval 30

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 access-profile

configure ssh2 access-profile [ access_profile | [[add rule] [first |
[[before | after] previous_rule]]] | delete rule | none]

Description
Configures SSH2 to use an ACL policy or ACL rule for access control.

Syntax Description
access_profile Specifies an ACL policy.
add Specifies that an ACL rule is to be added to the SSH2 port.
rule Specifies an ACL rule.
first Specifies that the new rule is to be added before all other
rules.
before Specifies that the new rule is to be added before a previous
rule.
after Specifies that the new rule is to be added after a previous
rule.
previous_rule Specifies an existing rule in the application.
delete Specifies that one particular rule is to be deleted.
none Specifies that all the rules or a policy file is to be deleted.

1368 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
You must be logged in as administrator to configure SSH2 parameters.
• Implement an ACL policy file that permits or denies a specific list of IP addresses
and subnet masks for the SSH2 port. You must create the ACL policy file before you
can use this command. If the ACL policy file does not exist on the switch, the switch
returns an error message indicating that the file does not exist.

In the ACL policy file for SSH2, the “source-address” field is the only supported match
condition. Any other match conditions are ignored.

Use the none option to remove a previously configured ACL.

Policy files can also be configured using the enable ssh2 command.
• Add an ACL rule to the SSH2 application through this command. Once an ACL is
associated with SSH2, all the packets that reach an SSH2 module are evaluated with
this ACL and appropriate action (permit or deny) is taken, as is done using policy
files.

The permit or deny counters are also updated accordingly regardless of whether
the ACL is configured to add counters. To display counter statistics, use the show
access-list counters process command.

Only the following match conditions and actions are copied to the client memory.
Others that may be in the rule are not copied.

Match conditions:
◦ Source-address—IPv4 and IPv6
◦ Actions—Permit or Deny

When adding a new rule, use the first, before, and after previous_rule parameters to
position it within the existing rules.

If the SSH2 traffic does not match any of the rules, the default behavior is deny. To
permit SSH2 traffic that does not match any of the rules, add a permit all rule at the
end of the rule list.

Creating an ACL Policy File

To create an ACL policy file, use the edit policy command. For more information
about creating and implementing ACL policy files, see Policy Manager and ACLs in the
Switch Engine 32.7.1 User Guide.

If you attempt to implement a policy that does not exist on the switch, an error
message similar to the following appears:
Error: Policy /config/MyAccessProfile.pol does not exist on file system

Switch Engine™ Command Reference Guide for version 32.7.1 1369

Example Commands

If this occurs, make sure the policy you want to implement exists on the switch. To
confirm the policies on the switch, use the ls command. If the policy does not exist,
create the ACL policy file.

Example
The following example applies the ACL MyAccessProfile_2 to SSH2:
configure ssh2 access-profile MyAccessProfile_2

The following example copies the ACL rule, DenyAccess to the SSH2 application in first
place:
configure ssh2 access-profile add DenyAccess first

The following example removes the association of a single rule from the SSH2
application:
configure ssh2 access-profile delete DenyAccess

The following example removes the association of all ACL policies and rules from the
SSH2 application:
configure ssh2 access-profile none

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 dh-group

configure ssh2 dh-group minimum [1 | 14 | 16 | 18]

Description
Configures the minimal supported Diffie-Hellman group.

Syntax Description
dh-group Configures the Diffie-Hellman group. Used for
cryptographic key exchange. Higher groups are stronger.
minimum Configures minimal supported Diffie-Hellman group to
avoid using weaker groups.
1 Supports Diffie-Hellman group 1 (1,024 bit), 14 (2,048 bit), 16
(4,096 bit), and 18 (8,192 bit).
14 Supports group 14 (2,048 bit), 16 (4,096 bit), and 18 (8,192
bit). Default.

1370 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

16 Supports Diffie-Hellman group 16 (4,096 bits) and 18 (8,192

bits).
18 Supports only Diffie-Hellman group 18 (8,192 bits).

Default
The minimal supported Diffie-Hellman group is 14. This means that Diffie-Hellman
groups 14, 16, and 18 are supported by default.

Usage Guidelines
Openssh-7.5p1 supports Diffie-Hellman group 1, 14, 16, and 18 as part of the key
exchange algorithms. By default, Diffie-Hellman group 14, 16, and 18 are supported.

To revert back to using Diffie-Hellman group 1 (in addition to Diffie-Hellman group 14,
16, and 18), set the minimal support group to Diffie-Hellman group1.

The server picks the first entry from the client proposal and matches it with its own
proposal. If there is no match, the server picks the next entry from the client proposal
and so on. If no match is found, the connection is rejected.

Example
The following example configures Diffie-Hellman group 16 as the minimum supported
Diffie-Hellman group.
configure ssh2 dh-group minimum 16

History
This command was first available in ExtremeXOS 22.1.

Support for Diffie-Hellman groups 16 and 18 was added in ExtremeXOS 22.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 disable cipher mac

configure ssh2 disable [cipher [cipher |all] |mac [ mac |all]]

Description
Disables ciphers/Message Authentication Codes (MACs) for use with SSHv2.

Switch Engine™ Command Reference Guide for version 32.7.1 1371

Syntax Description Commands

Syntax Description
cipher Specifies cipher to disable for the encrypting session.
cipher Specific cipher name to disable.
all Specifies all ciphers/MACs available in current mode.
mac Specifies MACs to disable for the encrypting session.
mac Specific MAC name to disable.

Default
None.

Example
The following example disables cipher "aes256-ctr":
configure ssh2 disable cipher "aes256-ctr"

History
This command was first available in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 disable pk-alg

configure ssh2 disable {pk-alg [pkalg_name | all]}

Description
Disables DSA/RSA X509v3 public key algorithms.

Syntax Description
pk-alg Specifies disabling DSA/RSA X509v3 public key algorithms.
pkalg_name Specifies which algorithm to disable: "ssh-dss" "ssh-rsa"
"x509v3-sign-dss" "x509v3-sign-rsa"
all Specifies disabling all public key algorithms available.

Default
By default all the algorithms are enabled.

1372 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example disables the ssh-dss algorithm:
configure ssh2 disable pk-alg ssh-dss

History
This command was first available in ExtremeXOS 22.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 enable cipher mac

configure ssh2 enable [cipher [cipher |all] |mac [ mac |all]]

Description
Configures the required ciphers/Message Authentication Codes (MACs) with SSHv2.

Syntax Description
cipher Specifies cipher to use for encrypting the session.
cipher Cipher name for encrypting session.
all Specifies all ciphers/MACs available in current mode.
mac Specifies MACs to use for encrypting the session.
mac MAC name for encrypting session.

Default
In Default mode, the following ciphers/MACs are disabled by default:
• Ciphers: 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, [email protected]
• MACs: hmac-md5, hmac-md5-96, [email protected], hmac-md5-96-
[email protected], hmac-sha1-96, [email protected]

In Default mode, the following ciphers/MACs are enabled by default:

• Ciphers: aes128-ctr, aes192-ctr, aes256-ctr, [email protected]
• MACs: [email protected], [email protected], hmac-
[email protected], hmac-sha1, hmac-sha2-256, hmac-sha2-512.

Note
The following ciphers and MAC are no longer supported: arcfour, arcfour128,
arcfour256, blowfish-cbc, cast128-cbc, hmac-ripemd160.

Switch Engine™ Command Reference Guide for version 32.7.1 1373

Example Commands

Example
The following example enables cipher "aes256-ctr" for the encrypting the session:
# configure ssh2 enable cipher "aes256-ctr"

History
This command was first available in ExtremeXOS 22.1.

Unsupported ciphers/macs removed due to SSH2 upgrade in ExtremeXOS 30.7.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 enable pk-alg

configure ssh2 enable {pk-alg [pkalg_name | all]}

Description
Enables DSA/RSA X509v3 public key algorithms.

Syntax Description
pk-alg Specifies enabling DSA/RSA X509v3 public key algorithms.
pkalg_name Specifies which algorithm to enable: "ssh-dss" "ssh-rsa"
"x509v3-sign-dss" "x509v3-sign-rsa"
all Specifies enabling all public key algorithms available.

Default
ssh-dss is disabled by default.

ssh-rsa, x509v3-sign-rsa, x509v3-sign-dss are enabled by default.

Usage Guidelines
This public key algorithm configuration is used for the user key only—not for the host
key. For a user key, ssh-dss algorithm is supported, but disabled by default. However, for
host key, ssh-dss algorithm is not supported for both server and client. For backward
compatibility it is supported in the server only during a switch image upgrade if this
algorithm is present in earlier release.

1374 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example enables the ssh-dss algorithm:
configure ssh2 enables pk-alg ssh-dss

History
This command was first available in ExtremeXOS 22.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 idletimeout

configure ssh2 idletimeout [none | minutes]

Description
This command configures idle-timeout for SSH/SFTP connections.

Syntax Description
none Idle timeout disabled.
minutes Timeout value in minutes. Range is 1 to 240.

Default
60 minutes.

Usage Guidelines
If you enable the idle timer using the enable idletimeout command, the SSH2
connection times out after 20 minutes of inactivity by default. If you disable the idle
timer using the disable idletimeout command, the SSH2 connection times out after
60 minutes of inactivity by default. This timeout value can be modified using the
command “configure ssh2 idletimeout <minutes> wherein <minutes> can be from 1
to 240 ”. This ssh idle timer is applicable for SFTP connections as well.

Example
Configured ssh idle timeout is displayed in “show management” output:
# show management
CLI idle timeout : Enabled (2 minutes)
CLI max number of login attempts : 3
CLI max number of sessions : 8
CLI paging : Enabled (this session only)
CLI space-completion : Disabled (this session only)

Switch Engine™ Command Reference Guide for version 32.7.1 1375

History Commands

CLI configuration logging : Disabled

CLI journal size : 100
CLI password prompting only : Disabled
CLI scripting : Disabled (this session only)
CLI scripting error mode : Ignore-Error (this session only)
CLI persistent mode : Persistent (this session only)
CLI prompting : Enabled (this session only)
CLI screen size : 32 Lines 112 Columns (this session only)
CLI refresh : Enabled
Telnet access : Enabled (tcp port 23 vr all)
: Access Profile : not set
SSH access : Enabled (Key valid, tcp port 22 vr all)
: Access Profile : not set
SSH2 idle timeout : 20 minutes
Web access : Enabled (tcp port 80)
: Access Profile : not set
Total Read Only Communities : 1
Total Read Write Communities : 1
RMON : Disabled
SNMP access : Enabled
: Access Profile : not set
SNMP Notifications : Enabled
SNMP Notification Receivers : None
SNMP stats: InPkts 0 OutPkts 0 Errors 0 AuthErrors 0
Gets 0 GetNexts 0 Sets 0 Drops 0
SNMP traps: Sent 0 AuthTraps Enabled
SNMP inform: Sent 0 Retries 0 Failed 0

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 key

configure ssh2 key {pregenerated}

Description
Generates the Secure Shell 2 (SSH2) host key. This command is used to regenerate a
host key, if there is already one existing.

Syntax Description
pregenerated indicates that the SSH2 host key is already available with
the user.

Default
The switch generates a key for each SSH2 session.

1376 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Secure Shell 2 (SSH2) is a feature of ExtremeXOS that allows you to encrypt session data
between a network administrator using SSH2 client software and the switch or to send
encrypted data from the switch to an SSH2 client on a remote system. Configuration,
policy, image, and public key files may also be transferred to the switch using the
Secure Copy Program (SCP2).

To enable SSH2, use the enable ssh2 command.

A host key must be generated before the switch can accept incoming ssh connections.
This can be done by the switch using the commands "enable ssh2" (if ssh is not enabled
previously) or "configure ssh2 key pregenerated" (if you wish to use a pregenerated key
as the host key).

If you elect to have the key generated, the key generation process can take up to one
minute, and cannot be canceled after it has started. For the switch to use the newly
generated key the exsshd process needs to be restarted using the command restart
process [class cname | name {msm slot}] with "exsshd" as the name.

To use a key that has been previously created, use the pregenerated keyword. Use
the show ssh2 private-key command to list and copy the previously generated key.
Then use the configure ssh2 key {pregenerated} command where “pregenerated”
represents the key that you paste.

Note
In ExtremeXOS 22.5 and later, ssh-dss (DSA) host key is not supported in both
server and client. For backward compatibility, it is supported in server only
during a switch image upgrade if this algorithm is present in earlier release.

The key generation process generates the SSH2 private host key. The SSH2 public host
key is derived from the private host key, and is automatically transmitted to the SSH2
client at the beginning of an SSH2 session.

To view the status of SSH2 on the switch, use the show management command. The
show management command displays information about the switch including the
enable/disable state for SSH2 sessions, whether a valid key is present, and the TCP port
and virtual router that is being used.

Example
The following command generates an authentication key for the SSH2 session:
configure ssh2 key

The command responds with the following messages:

WARNING: Generating new server host key This will take approximately 10
minutes and cannot be canceled. Continue? (y/n)

If you respond yes, the command begins the process.

Switch Engine™ Command Reference Guide for version 32.7.1 1377

History Commands

To configure an SSH2 session using a previously generated key, use the following
command:
configure ssh2 key pregenerated <pre-generated key>

Enter the previously-generated key (you can copy and paste it from the saved
configuration file; a part of the key pattern is similar to 2d:2d:2d:2d:20:42:45:47:).

History
This command was first available in the ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 key algorithm

configure ssh2 key algorithm [ ssh-rsa | rsa-sha2-256 | rsa-sha2-512]

Description
Generates the Secure Shell 2 (SSH2) server host key.

Syntax Description
algorithm Specifies the algorithm of an SSH server key.
ssh-rsa Specifies the ssh-rsa key type with signature algorithm
SHA1. (Default, not recommended).
rsa-sha2-256 Specifies the ssh-rsa key type with signature algorithm
SHA2-256.
rsa-sha2-512 Specifies the ssh-rsa key type with signature algorithm
SHA2-512.

Default
ssh-rsa, not recommended.

Usage Guidelines
Secure Shell 2 (SSH2) is a feature of ExtremeXOS that allows you to encrypt session data
between a network administrator using SSH2 client software and the switch or to send
encrypted data from the switch to an SSH2 client on a remote system. Configuration,
policy, image, and public key files may also be transferred to the switch using the
Secure Copy Program (SCP2).

To enable SSH2, use the enable ssh2 command.

1378 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

A host key must be generated before the switch can accept incoming ssh connections.
This can be done by the switch using the commands "enable ssh2" (if ssh is not enabled
previously) or "configure ssh2 key pregenerated" (if you wish to use a pregenerated key
as the host key).

Example
The following command configures key algorithm rsa-sha2-512:
# configure ssh2 key algorithm rsa-sha2-512
New key algorithm will be usable after disable and enable SSH or 'restart process exsshd'.
Warning: Legacy clients that do not support this algorithm will not connect with the
switch's SSH server.

The following command configures key algorithm to ssh-rsa (not recommended):

# configure ssh2 ke algorithm ssh-rsa
New key algorithm will be usable after disable and enable SSH or 'restart process exsshd'.
Warning: Algorithm ssh-rsa uses SHA1, which is no longer recommended.

History
This command was first available in version 32.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 login-grace-timeout

configure ssh2 login-grace-timeout seconds

Description
For the SSH server, configures a timeout period for a login attempt.

Syntax Description
ssh2 Designates changing SSHv2 configuration.
login-grace-timeout Designates having the SSHv2 server disconnects after this
time if the user has not completed login attempt.
seconds Sets the time in seconds for the disconnect timeout
period. The default is 120 seconds, and the range is 60–120
seconds.

Default
By default, the timeout period is 120 seconds.

Switch Engine™ Command Reference Guide for version 32.7.1 1379

Usage Guidelines Commands

Usage Guidelines
To view the current timeout period setting , use the command show ssh2.

Example
The following example sets the timeout period ot 100 seconds:
# configure ssh2 login-grace-timeout 100

History
This command was first available in ExtremeXOS 30.7.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 rekey

configure ssh2 rekey [time-interval [time_interval |none] |data-limit
[data_size |default]]

Description
Sets SSHv2 session rekeying interval by specifying a time interval value and/or amount
of transferred data.

Syntax Description
ssh2 Specifies setting SSHv2 behavior.
rekey Specifies rekey request interval for SSH connection.
time-interval Sets rekey time interval.
time_interval Specifies rekey time interval value in minutes. Valid range 1
to 1,440.
none Specifies no time limit for rekey interval (default).
data-limit Specifies rekey interval in terms of amount of data
transferred.
data_size Sets data transfer limit in MB. Valid range is 1 to 4,096 MB.
default Sets the data limit to the default specified by the cipher.
Values range between 1GB and 4GB. This is the default
setting.

Default
If nothing is specified, the rekey time interval is set to none, and the data limit is
specified by the cipher in use.

1380 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
You can set both a time limit and a data limit for the rekey interval. Your selections for
rekeying appear in the output of the show ssh2 command.

Example
The following example sets the SSHv2 rekey time interval to one hour (60 mins):
configure ssh2 rekey time-interval 60

History
This command was first available in ExtremeXOS 22.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 secure-mode

configure ssh2 secure-mode [on | off]

Description
This command (secure-mode on) disables the weak ciphers and macs in SSH server
and client.

Syntax Description
on Enable all supported algorithms.
off Enable only compliance algorithms.

Default
Off.

Usage Guidelines
After enabling secure-mode:
• For communication, SSH server uses a new secure-mode list made each for ciphers
and macs.
• For SSH client, EPM is notified to change the bit dedicated to SSH secure-mode,
which hides the weak ciphers and macs from SSH client CLI commands.

Switch Engine™ Command Reference Guide for version 32.7.1 1381

Example Commands

Example
configure ssh2 secure-mode on

show management
CLI idle timeout : Disabled
CLI max number of login attempts: 3
CLI max number of sessions : 8
CLI paging : Enabled (this session only)
CLI space-completion : Disabled (this session only)
CLI configuration logging : Enabled
CLI password prompting only : Disabled
CLI RADIUS cmd authorize tokens : 2
CLI scripting : Disabled (this session only)
CLI scripting error mode : Ignore-Error (this session only)
CLI persistent mode : Persistent (this session only)
CLI prompting : Enabled (this session only)
CLI screen size : 24 Lines 80 Columns (this session only)
CLI refresh : Enabled
Telnet access : Enabled (tcp port 23 vr all)
: Access Profile : not set
SSH access : Enabled (Key valid, tcp port 22 vr all)
: Secure-Mode : On
: Access Profile : not set
SSH2 idle time : 60 minutes
Web access : Enabled (tcp port 80)
: Access Profile : not set
Total Read Only Communities : 1
Total Read Write Communities : 1
RMON : Disabled
SNMP access : Enabled
: Access Profile : not set
SNMP Notifications : Enabled
SNMP Notification Receivers : None
SNMP stats: InPkts 0 OutPkts 0 Errors 0 AuthErrors
0
Gets 0 GetNexts 0 Sets 0 Drops 0
SNMP traps: Sent 0 AuthTraps Enabled
SNMP inform: Sent 0 Retries 0 Failed 0

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 x509v3 ocsp

configure ssh2 x509v3 ocsp [on | off]

Description
Enables or disables Online Certificate Status Protocol (OCSP) check for SSH2 x509v3
authentication.

1382 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
x509v3 Specifies x509v3 certificate-based authentication.
ocsp Specifies configuring OCSP for real-time certificate
revocation status checking.
on Enables OCSP (default).
off Disables OCSP.

Default
By default, OCSP is enabled.

Usage Guidelines
While you can disable OCSP, it is not recommended because no certificate revocation
status check is performed.

Example
The following example enables OCSP check for SSH2 x509v3 servers.
# configure ssh2 x509v3 ocsp on

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 x509v3 ocsp nonce

configure ssh2 x509v3 ocsp nonce [on | off]

Description
Enables or disables the Online Certificate Status Protocol (OCSP) nonce for SSH2
x509v3 authentication.

Syntax Description
x509v3 Specifies x509v3 certificate-based authentication.
ocsp Specifies configuring OCSP for real-time certificate
revocation status checking.

Switch Engine™ Command Reference Guide for version 32.7.1 1383

Default Commands

nonce Specifies to cryptographically bind an OCSP request and

an OCSP response with the extension id-pkix-ocsp-
nonce to prevent replay attacks.
on Specifies to include the id-pkix-ocsp-nonce extension in
the OCSP request and response.
off Specifies to exclude the extension (default).

Default
Off.

Usage Guidelines

Example
The following example configures nonce:
# configure ssh2 x509v3 ocsp nonce on

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 x509v3 ocsp override

configure ssh2 x509v3 ocsp override [url | none]

Description
This command configures one HTTP Online Certificate Status Protocol (OCSP) override
URL for an SSH2 x509v3 authentication.

Syntax Description
x509v3 Specifies x509v3 certificate-based authentication.
ocsp Specifies the OCSP attribute.
override Specifies to override the OCSP server in the
AuthorityInformationAccess section of a syslog server's
certificate.

1384 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

url Specifies the URL of the OCSP override server. Default port
is 80.
none Specifies to remove the OCSP override URL configuration
(default).

Default
None.

Usage Guidelines
Only HTTP is supported with either FQDN or IP.

Example
The following example configures an override URL of http://sshocsp:2023:
# configure ssh2 x509v3 ocsp override http://sshocsp:2023

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 x509v3 ocsp signer

configure ssh2 x509v3 ocsp signer ocsp-nocheck [on | off]

Description
Enables or disables Online Certificate Status Protocol (OCSP) signer's ocsp-nocheck for
SSH2 x509v3 authentication.

Syntax Description
x509v3 Specifies x509v3 certificate-based authentication.
ocsp Specifies configuring OCSP for real-time certificate
revocation status checking.
ocsp-nocheck Specifies the extension id-pkix-ocsp-nocheck. If present
in the OCSP signer's certificate, then it is trusted for its
lifetime.
on Specifies to override the id-pkix-ocsp-nocheck extension
in the OCSP signer's certificate and forces the extension as
if it is present.

Switch Engine™ Command Reference Guide for version 32.7.1 1385

Default Commands

off Specifies to behave per the extension's presence in the

OCSP signer's certificate. If not present and the OCSP
signer is not root CA, then the whole OCSP will fail
(default).
signer Specifies the OCSP signer that signs the OCSP response.

Default
Off.

Usage Guidelines

Example
The following example enables OCSP signer's ocsp-nocheck for a SSH2 x509v3 server.
# configure ssh2 x509v3 ocsp signer ocsp-nocheck on

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 x509v3 radius-password-auth

configure ssh2 x509v3 radius-password-auth [on | off]

Description
Enables or disables password authentication using RADIUS for SSH2 x509v3
publication-key authentication.

Syntax Description
x509v3 Specifies x509v3 public-key authentication.
radius-password-auth Specifies to obtain the password from the user and
authenticate it using RADIUS server for X509v3 public-key
authentication.
on Specifies to enable password authentication using RADIUS
for X509v3 public-key authentication.
off Specifies to disable password authentication using RADIUS
for X509v3 public-key authentication. (Default).

1386 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Off.

Usage Guidelines

Example
The following example enables password authentication using RADIUS for X509v3
public-key authentication.
# configure ssh2 x509v3 radius-password-auth on
Note: When turned on, user provides password for RADIUS authentication.

If RADIUS is not configured, local authentication is used.

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 x509v3 username overwrite

configure ssh2 x509v3 username overwrite [on | off]

Description
Enables or disables authentication username configuration to use the Principal Name
in the certificate as the username.

Syntax Description
x509v3 Specifies x509v3 public-key authentication.
username Specifies X509v3 authentication username configuration.
overwrite Specifies that when radius-password-auth is turned
on, to use the Principal Name in the certificate as the
username.
on Specifies to enable X509v3 authentication username
configuration.
off Specifies to disable X509v3 authentication username
configuration. (Default).

Default
Off.

Switch Engine™ Command Reference Guide for version 32.7.1 1387

Usage Guidelines Commands

Usage Guidelines

Example
The following example enable using the Principal Name in the certificate as the
username.
# configure ssh2 x509v3 username overwrite on

Note: This command is applicable only if X509v3 'radius-password-auth' command is turned

on.

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 x509v3 username strip-domain

configure ssh2 x509v3 username strip-domain [on | off]

Description
Enables or disables authentication username configuration to strip the domain name
for SSH2 x509v3 publication-key authentication.

Syntax Description
x509v3 Specifies x509v3 public-key authentication.
username Specifies X509v3 authentication username configuration.
strip-domain Specifies that when radius-password-auth and
username overwrite are turned on, to strip the domain
name from the username.
on Specifies to enable X509v3 authentication username
configuration.
off Specifies to disable X509v3 authentication username
configuration. (Default).

Default
Off.

1388 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines

Example
The following example enables X509v3 authentication username configuration to strip
the domain name from the username:
# configure ssh2 x509v3 username strip-domain on

Note: This command is applicable only if X509v3 'radius-password-auth' and username

'overwrite' commands are turned on.

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssh2 x509v3 username use-domain

configure ssh2 x509v3 username use-domain [domain_name | none]

Description
Enables or disables authentication username configuration with a domain name using
RADIUS for SSH2 x509v3 publication-key authentication.

Syntax Description
x509v3 Specifies x509v3 public-key authentication.
username Specifies X509v3 authentication username configuration.
use-domain Specifies that when radius-password-auth, username
overwrite, and strip-domain are turned on, to use the
configured domain name as the username.
domain_name Specifies the domain name to be added to the username.
none Specifies to remove the use-domain configuration.
(Default).

Default
None.

Switch Engine™ Command Reference Guide for version 32.7.1 1389

Usage Guidelines Commands

Usage Guidelines

Example
The following example enable authentication username configuration with a domain
name of 'abcdef.com':
# configure ssh2 x509v3 username use-domain abcdef.com

Note: This command is applicable only if X509v3 'radius-password-auth', username

'overwrite' and 'strip-domain' commands are turned on.

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sshd2 user-key add user

configure sshd2 user-key key_name add user user_name

Description
Associates a user to a key.

Syntax Description
key_name Specifies the name of the public key.
user_name Specifies the name of the user.

Default
N/A.

Usage Guidelines
This command associates (or binds) a user to a key. Pressing TAB at the end of the
command lists existing account names.

Example
The following example binds the key id_dsa_2048 to user admin:
configure sshd2 user-key id_dsa_2048 add user admin

1390 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sshd2 user-key delete user

configure sshd2 user-key key_name delete user user_name

Description
Disassociates a user to a key.

Syntax Description
key_name Specifies the name of the public key.
user_name Specifies the name of the user.

Default
N/A.

Usage Guidelines
This command disassociates (or unbinds) a user to a key. Pressing TAB at the end of the
command shows a list of users attached to the key.

Example
The following example unbinds the key id_dsa_2048 from user admin:
configure sshd2 user-key id_dsa_2048 delete user admin

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssl certificate hash-algorithm

configure ssl certificate hash-algorithm hash_algorithm

Switch Engine™ Command Reference Guide for version 32.7.1 1391

Description Commands

Description
This command configures the hash algorithm.

Syntax Description
ssl SSL.
certificate Certificate.
hash-algorithm Hash algorithm to use (Default SHA-512).
hash_algorithm Name of hash algorithm to use (Default SHA-512).

Default
SHA-512 algorithm.

Usage Guidelines
Use this command to configure the hash algorithm. Once configured, this configured
algorithm will be used for the next certificate creation. Previously MD5 was the only
hashing algorithm available. As of ExtremeXOS 16.1, the default has been changed to
more secure SHA-512 algorithm. If you prefer the older version, you can configure to the
least secure MD5 hashing algorithm.

Example
The following example displays the show ssl output with the SHA-512 algorithm
configured:
5420F-48P-4XE.5 # show ssl
HTTPS Por-t Number: 443 (Enabled)
Signature Algorithm configured: SHA-512 with RSA Encryption
Private Key matches the Certificate's public key.
RSA Key Length: 1024
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=IN, O=ext, CN=ext
Validity
Not Before: Dec 7 21:52:53 2014 GMT
Not After : Dec 7 21:52:53 2015 GMT
Subject: C=IN, O=ext, CN=ext

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

1392 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure ssl certificate pregenerated

configure ssl certificate pregenerated

configure ssl certificate pregenerated{ {csr-cert}pregenerated {ocsp {on
| off}}}

Description
Obtains the pre-generated certificate from the user.

Syntax Description
ssl SSL.
certificate Certificate.
csr-cert Specifies the SSL/TLS certificate signed through CSR
generated by switch. Trust chain verification performed
during configuration. Only use this option for CSR-signed
certificates.
pregenerated Specifies already having a certificate or private key in
Privacy Enhanced Mail (PEM) format.
ocsp Specifies Online Certificate Status Protocol (OCSP). This
option is only available if you have selected CSR-signed
certificates.
on Enables OCSP for SSL/TLS certificate signed through CSR
generated by the switch.
off Disables OCSP for SSL/TLS certificate signed through CSR
generated by the switch (default).

Default
For CSR-signed certificates, OCSP is off by default.

Usage Guidelines
You must upload or generate a certificate for SSL server use. With this command, you
copy and paste the certificate into the command line followed by a blank line to end
the command. The following security algorithms are supported:
• RSA for public key cryptography (generation of certificate and public-private key
pair, certificate signing). RSA key size between 2,048 and 4,096 bits.
• Symmetric ciphers (for data encryption): RC4, DES, and 3DES.
• Message Authentication Code (MAC) algorithms: RSA Data Security, Inc. MD5
Message-Digest Algorithm and SHA.

This command is also used when downloading or uploading the configuration. Do not
modify the certificate stored in the uploaded configuration file because the certificate
is signed using the issuer's private key.

Switch Engine™ Command Reference Guide for version 32.7.1 1393

Example Commands

The certificate and private key file should be in PEM format and generated using RSA as
the cryptography algorithm.

Only use the csr-cert option for CSR-signed certificates.

When a certificate is imported using this csr-cert option, mandatory trust chain
verification and optional revocation check is performed. For a successful import, both
verifications should pass. ExtremeXOS supports the revocation checking using the
OCSP library. During the import of the switch certificate, if it is with csr-cert option,
then if the trust chain verification passes, then the revocation status of the switch
certificate and a maximum of 5 intermediate CA certificates (total of 6 certificates).
When OCSP on is chosen, a revocation check is performed. The certificate is accepted
only when revocation status is good for all certificates (switch and a maximum of 5
intermediate CA). If the revocation status is anything other than good (including unable
to connect, no response, revoked, unknown) for any of the above certificates, then that
certificate import is rejected. It can be imported though, by selecting OCSP as off.

Example
The following command obtains the pre-generated certificate from the user:
configure ssl certificate pregenerated

Next, you open the certificate, and then copy and paste the certificate into the console/
Telnet session, followed by a blank line to end the command.

History
This command was first available in the ExtremeXOS 11.2 and supported with the SSH
module.

As of ExtremeXOS 21.1, the SSH XMOD is part of the base image and not available as a
separate XMOD module.

Ability to configure CSR-signed certificates was added in ExtremeXOS 31.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssl certificate privkeylen

configure ssl certificate privkeylen length country code organization
org_name common-name name

Description
Creates a self-signed certificate and private key that can be saved in the EEPROM.

1394 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
length Specifies the private key length in bytes. Valid values are between
2,048 and 4,096.
code Specifies the country code in 2-character form.
org_name Specifies the organization name. The organization name can be up to
64 characters long.
name Specifies the common name. The common name can be up to 64
characters long.

Default
N/A.

Usage Guidelines
This command creates a self signed certificate and private key that can be saved in the
EEPROM. The certificate generated is in the PEM format.

Any existing certificate and private key is overwritten.

The size of the certificate depends on the RSA key length (privkeylen) and the length of
the other parameters (country, organization name, and so forth) supplied by the user.
For an RSA key length of 4,096, the certificate length is approximately 2 Kb, and the
private key length is approximately 3 Kb.

Example
The following example creates an SSL certificate in the USA for a website called bigcats:
configure ssl certificate privkeylen 2048 country US organization IEEE common-name bigcats

History
This command was first available in the ExtremeXOS 11.2 and supported with the SSH
module.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssl csr

configure ssl csr privkeylen length country code organization org_name
common-name name

Description
Generates certificate signing request (CSR) and private key.

Switch Engine™ Command Reference Guide for version 32.7.1 1395

Syntax Description Commands

Syntax Description
ssl Specifies SSL (Secure Sockets Layer).
csr Specifies creating a CSR (certificate signing request).
privkeylen Specifies setting the private key length.
length Specifies the value for the private key length in bytes
(2,048–4,096).
country Specifies setting the country code.
code Specifies the two-character value for the country code.
organization Specifies setting the organization name.
org_name Specifies the value for the organization name (maximum
of 64 characters).
common-name Specifies setting the common name.
name Specifies setting the value for the common name
(maximum of 60 characters).

Default
N/A.

Usage Guidelines
Note
There can only be one CSR per switch.

After entering values for the private key length, country code, organization, and
common name, you are prompted to enter information for the Distinguished Name
(DN): state, locality, organization unit, and email address.

Note
Due to changes in the Distinguished Name (DN), you are prompted to provide
country, organization, and common name to ensure backward compatibility.

Example
The following example creates a CSR with a private key length of 2,048, country is USA,
organization is "EXTR", and the common name is "test":

# configure ssl csr privkeylen 2048 country US organization EXTR common-name test
You are about to be asked to enter information that will be incorporated into your
certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
For some fields there will be a default value in [].
If you enter '.' the field will be left blank.
-----
State or Province Name (full name) []: North Carolina
Locality Name (eg, city) [Default City]: Raleigh
Organizational Unit Name (eg, section) []: RDU

1396 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

Email Address []: [email protected]

.................................................+++
.................+++
CSR and Key Pair generated.
-----BEGIN CERTIFICATE REQUEST-----
MIIC3TCCAcUCAQIwgZcxCzAJBgNVBAYTAlVTMQ0wCwYDVQQKDARFWFRSMREwDwYD
VQQDDAhjc3JfdGVzdDEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcM
B1JhbGVpZ2gxDDAKBgNVBAsMA1JEVTEtMCsGCSqGSIb3DQEJARYebHBldHR5am9o
bkBleHRyZW1lbmV0d29ya3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAm43c60n1XXkk1MMvK+ovX8fAhWRu8j7TAKGrSENqEhmS0BI05bjZLsj/
1oulgsPXQAl7W401OOMt5w9zcMCNmSf47PJwpQZpo4msAW8uSp7IMM9Ctv0a8oLr
kArzh3F+Gp0cAe7LycOthiXINKKWmzWpNwHmGbrwAhbd3grShurvUU7n0b+lXcle
YH5J/HnGq+j6Lb+iNF2RbCactChF0aeT7DKXZaIt8s+p9ib3XQXUNvGoP+4M/Eoq
dHfOwpvBJeL3EyhjkEmz456nwdtsY8deNi/ssW+VJJWpGPONNLo+l1wD7BksCPtJ
Pf20atDCFj6bFAo6N9gbdkh1dI3euwIDAQABoAAwDQYJKoZIhvcNAQENBQADggEB
AIkoEBWhrPmL4tf0KSgKeadfODJ6Nipkcyof9YZ9AceJhtgMmBFmMfcUrE+3e28j
asXQpEc5hLkc8fyRMNjDHuuz2d6uWju+K/TqVNTo94bvbvySFsdBKjLcOADlRP0m
CIMCCiAiaFhtmLE5Sg6BoYctJ2jRNJ4UQOejeclcG80+qaXu6u7xAg5emGMtJizE
bvePhgSdhYTCFGnqFrg3pZXHHTvRB7t54oYGG7yYdFb3jyW8CzckxnkiTV87fxHP
ojUeAwXet1AfI8coflDfmf6gKnBLMzzr5DMDmqdJgE2HgLLZCLv+JZbjbmowLrDL
DhG3F97QQkwROTpJfmrSsaU=
-----END CERTIFICATE REQUEST-----

Warning: SSL Certificate and Key will not match now.

Please load new CA signed certificate.
New Key will be usable after restart of thttpd process.
Storing the private key. This may take some time.
.Done

History
This command was first available in ExtremeXOS 22.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure ssl privkey pregenerated

configure ssl privkey pregenerated

Description
Obtains the pre-generated private key from the user.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 1397

Usage Guidelines Commands

Usage Guidelines
This command is also used when downloading or uploading the configuration. The
private key is stored in the EEPROM, and the certificate is stored in the configuration
file.

With this command, you copy and paste the private key into the command line
followed by a blank line to end the command. The following security algorithms are
supported:
• RSA for public key cryptography (generation of certificate and public-private key
pair, certificate signing). RSA key size between 1024 and 4096 bits.
• Symmetric ciphers (for data encryption): RC4, DES, and 3DES.
• Message Authentication Code (MAC) algorithms: RSA Data Security, Inc. MD5
Message-Digest Algorithm and SHA.

The certificate and private key file should be in PEM format and generated using RSA as
the cryptography algorithm.

Example
The following command obtains the pre-generated private key from the user:
configure ssl privkey pregenerated

Next, you the open the certificate and then copy and paste the certificate into the
console/Telnet session, followed by [Enter] to end the command.

History
This command was first available in the ExtremeXOS 11.2 and supported with the SSH
module.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stack-ports debounce time

configure stack-ports {port-list} debounce time [default | time]

Description
Configures debounce time feature on stacking ports.

1398 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
port-list Specifies one or more stacking ports.
default Configure the default value.
milliseconds Time in milliseconds. Range is 0 (no debouncing) to 5000.

Default
Default debounce time value is 0.

Usage Guidelines
Debounce timer can be configured to override the false link flaps i.e. link flaps that
happens in a milliseconds interval.

Example
configure stack-ports 1:1 1:2 debounce time 150

History
This command was first available in ExtremeXOS 15.3.4.

Platform Availability
The command is available on all stackable switches.

configure stacking alternate-ip-address

configure stacking alternate-ip-address [ipaddress netmask | ipNetmask]
gateway automatic configure stacking [node-address node-address
| slot slot_number] alternate-ip-address [ipaddress netmask |
ipNetmask] gateway

Description
Configures an alternate management IP address, subnetwork, and gateway.

Syntax Description
node-address Specifies the MAC address of a node in the stack. To view
the MAC addresses for all nodes in a stack, enter the show
stacking command. A node address or slot number is
required unless the automatic keyword is specified.
slot_number Specifies the slot number of the target node. To view the slot
numbers, enter the show stacking command.

Switch Engine™ Command Reference Guide for version 32.7.1 1399

Default Commands

ipaddress netmask Specifies the unique address that exists on the Management
VLAN subnet as configured on the initial master node
together with the subnetwork mask specified for the
Management subnetwork.
Example: 66.77.88.1 255.255.255.0.
ipNetmask Specifies the unique address that exists on the Management
VLAN subnet as configured on the initial master node,
followed by a slash (/) character, followed by a decimal
number that represents the number of leading one bits in the
subnetwork address. An example is 66.77.88.1/24.
gateway The address of an IP router. A default route is set up to reach
this gateway.

Default
No alternate IP address is configured.

Usage Guidelines
If a Management subnetwork is configured and the alternate IP subnetwork does not
exactly match the configured Management subnetwork, the information configured by
one of the commands specified above is not used. The previously configured alternate
IP address is removed if it was installed and subsequently a Management subnetwork
is configured that does not exactly match the alternate IP subnetwork. In either case,
an error message is logged. The alternate IP address is used if there is no configured
Management subnetwork.

To use the command with the node address, the node must be in the stack topology;
and to use the command with the slot number, the node must be in the active
topology. This form of the command operates only on one node at a time. There are
no checks to verify that the address is the one configured in the management VLAN
subnet.

The command that does not require a node address or slot number specifies the
automatic keyword. Usage of this form of the command causes an alternate IP address
to be assigned to every node in the stack topology. The first address is the address
specified in the [ipaddress netmask | ipNetmask] parameter. The next address is
the IP address plus one, and so on. Since there is a specified subnet mask, the address
is checked to insure that the block of IP addresses fits within the specified subnet given
the number of nodes in the stack topology. The range of addresses is tested to insure
that each one is a valid IP unicast address. If the test fails, no node is configured and
an error message is printed. Assignment is in the order in which nodes would currently
appear in the show stacking display.

The configuration takes effect after the command is successfully executed.

The alternate IP address, subnetwork, and gateway are only used when the node is
operating in stacking mode.

1400 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
To configure an alternate IP address for every node in the stack with a single command:

configure stacking alternate-ip-address 10.120.1.10/24 10.120.1.1 automatic

To configure an alternate IP address on a single node in the stack topology:

configure stacking node-address 00:04:96:26:6b:ed alternate-ip-address 10.120.1.1/24
10.120.1.1

You may configure an alternate IP address using a slot number for a node that is
currently occupying the related slot:

configure stacking slot 4 alternate-ip-address 10.120.1.13/24 10.120.1.1

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available with all licenses and platforms that support the
SummitStack feature. For information about which licenses and platforms support
the SummitStack feature, see the Switch Engine 32.7.1 Feature License Requirements
document.

configure stacking easy-setup

configure stacking easy-setup

Description
This command provides an easy way to initially configure the stacking parameters of all
nodes in a new stack.

Syntax Description
This command does not have additional syntax.

Default
N/A.

Usage Guidelines
This command performs the following functions:
• Informs you of the stacking parameters that will be set.
• Informs you of the number of nodes that will be configured.

Switch Engine™ Command Reference Guide for version 32.7.1 1401

Example Commands

• Informs you whether minimal or no redundancy will be configured, and which slot
will contain the master node.
• Informs you of the slot number that will be assigned to the node on which your
management session is being run.
• If applicable, warns you that the current configuration file changes will be lost and
you need to save the files.
• If the stack topology is a daisy chain, warns you that you should wire the stack as a
ring before running this command.
• Requires you to confirm before the operation takes place. If you proceed, the
command does the following:
◦ Enables stacking on all nodes.
◦ Configures the stacking MAC address using the factory address of the current
node.
◦ Configures a slot number for each node.
◦ Configures redundancy to minimal in a ring topology or none in a daisy chain
topology.
◦ Configures the stacking protocol.
◦ Reboots the stack topology.
• Selects the enhanced stacking protocol.

Stacking is enabled as if the enable stacking {node-address node-address}

command was issued.

The stack mac-address is configured as if the configure stacking mac-address was

issued on the current node.

Stack slot numbers are assigned as if the configure stacking slot-number

automatic command was issued on the current node.

On a daisy chain topology, the master-capability is configured as if the configure

stacking redundancy none command was issued. On a ring topology, the master-
capability is configured as if the configure stacking redundancy minimal command
was issued.

If you choose not to proceed with the setup, the following message is displayed:
Cancelled easy stack setup configuration.

Example
If you have an 8-node stack in a ring topology and have powered on all the nodes,
the show stacking command shows the stack topology as a ring with all intended
nodes present. If you have not changed any ExtremeXOS configuration, the command
displays as follows:

* Switch.30 # configure stacking easy-setup

For every node in the 8-node stack, this command will:
- enable stacking
- configure a stack MAC address

1402 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

- choose and configure a slot number (this node will be assigned to slot 1)
- configure redundancy to minimal (slot 1 will be the Master node)
Upon completion, the stack will automatically be rebooted into the new configuration.
Warning: If stacking is already configured, this command will alter that configuration.
Warning: There are unsaved configuration changes. You may wish to save them before
proceeding.
Do you wish to proceed? (y/N) y
Stacking configuration is complete. Rebooting...

If the 8-node stack topology is a daisy chain, and the user is logged into a node in the
middle of the chain, the command output might appear as follows:

* Switch.30 # configure stacking easy-setup

For every node in the 8-node stack, this command will:
- enable stacking
- configure a stack MAC address
- choose and configure a slot number (this node will be assigned to slot 5)
- configure redundancy to none (slot 1 will be the master node)
Upon completion, the stack will automatically be rebooted into the new configuration.
Warning: If stacking is already configured, this command will alter that configuration.
Warning: This stack is a daisy chain. It is highly recommended that the stack
be connected as a ring before running this command.
Do you wish to proceed? (y/N) Yes
Stacking configuration is complete. Rebooting...

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available with all licenses and platforms that support the
SummitStack feature. For information about which licenses and platforms support
the SummitStack feature, see the Switch Engine 32.7.1 Feature License Requirements
document.

configure stacking license-level

configure stacking {node-address node-address | slot slot-number}
license-level license_restriction

Description
Allows you to restrict the license level at which the node operates.

Switch Engine™ Command Reference Guide for version 32.7.1 1403

Syntax Description Commands

Syntax Description
node-address Specifies the MAC address of a node in the stack. To view
the MAC addresses for all nodes in a stack, enter the show
stacking command.
slot-number Specifies the slot number of the target node. To view the slot
numbers, enter the show stacking command.
license_restriction Specifies the restricted license level:
• For ExtremeSwitching 5420 and 5520 series switches, the
choices are Base or Premier.

Default
No license level restriction is configured.

Usage Guidelines
This command causes a node to operate at a lower license level than the level that was
purchased for the node.

Running this command does not change the installed license level. For example, if a
stackable is configured with the Advanced Edge license and you configure a license
level restriction of Edge, the unit is restricted to features available in the Edge license.
However, you can remove the restriction and operate at the Advanced Edge level.

If the installed license level of the target node is lower than the level you are attempting
to configure, the following message appears:
Warning: Switch will not operate at a license level beyond that which
was purchased.

If the node-address or slot parameter is not specified, the command takes effect on
every node in the stack topology.

This command takes effect after you restart the node. The following message appears
after the command is executed:
This command will take effect at the next reboot of the specified
node(s).

If you restart the node without configuring a license level restriction, the node operates
at the purchased license level. To see the purchased license level of a node, run show
licenses after logging in to the node.

The show licenses command displays the current license level in use as the Effective
License Level:
Slot-2 Stack.1 # show licenses
Enabled License Level:
Advanced Edge
Enabled Feature Packs:
None

1404 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Effective License Level:

Edge

The show stacking configuration and show stacking {node-address node-

address | slotslot-number} detail commands allow you to see the configured
license level restriction and the restriction currently in use.

The Effective License Level appears only when stacking is enabled. The command is
node-specific. The effective license level is the level at which the node is restricted to
operate, and is not necessarily the level at which the entire stack is operating. This is
because it is possible to have the restriction differ on each node, in which case one or
more nodes may have failed because of the differing levels.

Example
To configure the stacking level Edge on all nodes in a stack:
# configure stacking license-level edge

To configure stacking level Edge for a node:

# configure stacking node-address 00:04:96:26:6b:ed license-level edge

To configure the stacking level Advanced Edge for an active node that currently
occupies slot 4:
# configure stacking slot 4 license-level advanced-edge

History
This command was first available in ExtremeXOS 12.0.

The license_restriction variable was added, and the options Edge, Advanced Edge,
and Core were removed in ExtremeXOS 31.1.

Platform Availability
This command is available with all licenses and platforms that support the
SummitStack feature. For information about which licenses and platforms support
the SummitStack feature, see the Switch Engine 32.7.1 Feature License Requirements
document.

configure stacking mac-address

configure stacking {node-address node-address | slot slot-number} mac-
address

Description
Selects a node in the stack whose factory assigned MAC address is to be used to form
the stack MAC address.

Switch Engine™ Command Reference Guide for version 32.7.1 1405

Syntax Description Commands

The formed address is then configured on every node in the stack topology.

Syntax Description
node-address Specifies the MAC address of a node in the stack. To view the MAC
addresses for all nodes in a stack, enter the show stacking command.
slot-number Specifies the slot number of an active node whose factory MAC
address is to be used to form the stack MAC address. To view the slot
numbers, enter the show stacking command.

Default
No stack MAC selection is configured.

Usage Guidelines
You must select a node whose factory assigned MAC address can be used to form a
MAC address that represents the stack as a whole. The system forms the stack MAC
address by setting the Universal / Local bit in the specified MAC address. This means
that the stack MAC address is a locally administered address, and not the universal
MAC address assigned to the selected node.

If you do not specify any node, the stack MAC address is formed from the factory
assigned MAC address of the node from which you are running the command.

This command takes effect only after you restart the node. The following message
appears after you run the command:
This command will take effect at the next reboot of the specified
node(s).

If a stack node that has just joined the active topology detects that its stack MAC
address is not configured or is different than the stack MAC address in use, it logs the
following message at the Error log level:
The stack MAC address is not correctly configured on this node. The
stack can not operate properly in this condition. Please correct and
reboot.

If you have not configured (or inconsistently configured) the stack MAC address you
might encounter difficulty in diagnosing the resulting problems. Whenever the master
node (including itself) detects that one or more nodes in its active topology do not have
the correct or any stack MAC address configured, it displays the following message
to the console every five minutes until you configure a MAC address and restart the
node(s):
The stack MAC address is either not configured or its configuration is
not consistent within the stack. The stack can not operate properly in
this condition. Please correct and reboot.

1406 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
To select the node to which you have logged in to supply the MAC address for stack
MAC address formation:

configure stacking mac-address

To select a node other than the one to which you are logged in to supply the MAC
address for stack MAC address formation:

configure stacking node-address 00:04:96:26:6b:ed mac-address

To select an active node to supply the MAC address for stack MAC address formation:

configure stacking slot 4 mac-address

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available with all licenses and platforms that support the
SummitStack feature. For information about which licenses and platforms support
the SummitStack feature, see the Switch Engine 32.7.1 Feature License Requirements
document.

configure stacking master-capability

configure stacking [node-address node_address | slot slot_number]
master-capability [on | off]

Description
The command configures a node to be allowed to operate as either a backup or master,
or prevents a node from operating as either.

The command controls the setting on the specified node only. To set the master
capability for all nodes on a stack, you can use the command configure stacking
redundancy [none | minimal | maximal].

Syntax Description
node_address Specifies the MAC address of a node in the stack. To view the
MAC addresses for all nodes in a stack, enter the show stacking
command.
slot_number Specifies the slot number of the target active node. To view the
slot numbers, enter the show stacking command.

Switch Engine™ Command Reference Guide for version 32.7.1 1407

Default Commands

Default
Master-capability is On.

Usage Guidelines
At least one node in the stack topology must be master-capable.

If you attempt to disable the master-capability of the only master capable node in a
stack topology, the attempt is denied and following message appears:
Error: At least one node must have Master-capability configured "on".

This command is used to set up master-capability manually. It can also be used

to adjust the result achieved when the configure stacking redundancy [none |
minimal | maximal] command is used.

The setting takes effect the next time the node reboots. When this command is
executed successfully, the following message appears:
This command will take effect at the next reboot of the specified
node(s).

Example
To turn on the master capability for a node:

configure stacking node-address 00:04:96:26:6b:ed master-capability on

To turn on the master capability of an active node currently occupying slot 4:

configure stacking slot 4 master-capability on

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available with all licenses and platforms that support the
SummitStack feature. For information about which licenses and platforms support
the SummitStack feature, see the Switch Engine 32.7.1 Feature License Requirements
document.

configure stacking node-address

configure stacking node-address node_address slot-number slot_number

Description
Configures a slot number on one or all nodes in the stack topology.

1408 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
node_address Specifies the MAC address of a node in the stack. To view the
MAC addresses for all nodes in a stack, enter the show stacking
command.
slot_number Specifies a number between 1 and 8 that is to be assigned as the
slot number of the target node.

Default
The default slot-number for a node in stacking mode is 1.

Usage Guidelines
The configuration is stored on the affected node(s) immediately but does not take
effect until the next reboot of the node(s). The configuration applies only when the
node is running in stacking mode. To see the configured and active slot numbers of all
nodes, use the show stacking configuration command.

If a node-address and a slot number are specified, then the node is configured with the
specified slot number. There is no check for a duplicate slot number at this time; the
number is simply assigned as requested.

To see the resulting slot number assignment, run the show stacking configuration
command.

Note
Failure to configure a node does not prevent configuration of the slot numbers
on the other nodes, and does not affect the slot number assigned to each
node.

When this command is executed successfully, the following message appears:

This command will take effect at the next reboot of the specified
node(s).

Example
To configure slot number 4 for the node with MAC address 00:04:96:26:6b:ed:

configure stacking node-address 00:04:96:26:6b:ed slot-number 4

History
This command was first available in ExtremeXOS 12.0.

Switch Engine™ Command Reference Guide for version 32.7.1 1409

Platform Availability Commands

Platform Availability
This command is available with all licenses and platforms that support the
SummitStack feature. For information about which licenses and platforms support
the SummitStack feature, see the Switch Engine 32.7.1 Feature License Requirements
document.

configure stacking priority

configure stacking {node-address node-address | slot slot_number}
priority [node_pri | automatic]

Description
Configures a priority value to be used to influence master and backup election.

Syntax Description
node-address Specifies the MAC address of a node in the stack. To view the
MAC addresses for all nodes in a stack, enter the show stacking
command.
slot_number Specifies the slot number of the target node. To view the slot
numbers, enter the show stacking command.
node_pri Specifies the priority as a value between 1 and 100.

Default
Automatic priority.

Usage Guidelines
The node role election priority is a value that is internally calculated by ExtremeXOS for
each node. This calculated value helps determine which nodes are elected as master
and backup. For more information, see “Configuring the Master, Backup, and Standby
Roles” in the Switch Engine 32.7.1 User Guide.

This command allows you to configure a priority value that affects the outcome of this
calculation. You can configure the priority on any node in a stack topology. You can
specify an integer node-pri value between 1 and 100. The larger the value, the greater
the node role election priority.

If no node address or slot is specified, the command takes effect on all nodes at
the next node role election cycle. Priority configuration has no operational effect on
switches that are not in stacking mode.

If configured on every node, automatic priority commands ExtremeXOS to determine

the node role election priority of each active node. Currently, the automatic priority
algorithm chooses the master-capable node with the lowest slot number as master

1410 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

and the node with the second lowest slot number as backup. Extreme networks may
alter this behavior in later releases.

If you have configured a node with automatic priority and if you have configured
another node to use a node-pri value, the node with automatic priority uses zero as
the node-priority value during the node role election.

Example
To allow ExtremeXOS to determine node role election priority:
configure stacking priority automatic

To configure the node priority for the stackable in slot 4:

configure stacking slot 4 priority 50

To configure the automatic priority algorithm for the stackable with node address
00:04:96:26:6b:ed:
configure stacking node-address 00:04:96:26:6b:ed priority automatic

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available with all licenses and platforms that support the
SummitStack feature. For information about which licenses and platforms support
the SummitStack feature, see the Switch Engine 32.7.1 Feature License Requirements
document.

configure stacking redundancy

configure stacking redundancy [none | minimal | maximal]

Description
This command sets a master-capability value for every node in the stack topology.

Syntax Description
none Only one node has master-capability turned on and all other nodes
have master-capability turned off.
minimal Two nodes have master-capability turned on and all other nodes
have master-capability turned off.
maximal All nodes have master-capability turned on.

Switch Engine™ Command Reference Guide for version 32.7.1 1411

Default Commands

Default
Default value in an unconfigured stack is maximal.

Usage Guidelines
If there are more than eight nodes in the stack topology, the following message
appears and the command is not executed:
ERROR: This command can only be used when the stack has eight nodes or
less.

Since only eight nodes can be operational in an active topology at a time, you
must disconnect the remaining nodes before configuring master-capability with this
command.

If you are using the none or minimal redundancy configuration:

• The configured values of slot-number and priority decide the nodes on which the
master-capability should be turned on.
• If the priority values are configured on the nodes, the highest priority node(s) are
chosen.
• If the priority values of all nodes are set to automatic or to the same priority value,
the node(s) with the lowest slot number(s) are chosen. Extreme Networks may
change automatic priority behavior in a future release.

If there is a slot number tie or if the slot numbers were never configured, the following
message appears and the command is not executed:
ERROR: Unique slot numbers must be configured before using this command.

The setting takes effect at the next restart of the node. The following message appears
after the command is successfully executed:
This command will take effect at the next reboot of the specified
node(s).

Redundancy configuration has no operational effect on a node that is not in stacking

mode.

Example
To turn on master-capability on all nodes:

configure stacking redundancy maximal

To turn on master-capability on only one node:

configure stacking redundancy none

To turn on master-capability on two nodes:

configure stacking redundancy minimal

1412 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available with all licenses and platforms that support the
SummitStack feature. For information about which licenses and platforms support
the SummitStack feature, see the Switch Engine 32.7.1 Feature License Requirements
document.

configure stacking slot-number automatic

configure stacking slot-number automatic

Description
Configures a slot number on all nodes in the stack topology, selecting the number
automatically.

Syntax Description
automatic Configures slot numbers on every node in the stack, selecting
the number automatically. If there are more than eight nodes in
the stack topology, the assignment is only performed on the first
eight nodes.
Automatic slot number assignment causes assignment of slot
numbers starting from 1 and increasing up to 8. The nodes in the
stack topology are assigned the numbers in the order in which
they would appear currently in the show stacking command
output. In a ring, slot number 1 is assigned to the current node,
slot number 2 is assigned to the node connected to the current
node's stack port 2, and so forth. In a daisy chain, slot 1 is assigned
to the node at the end of the chain that begins with the node
connected to the current node's stack port 1.

Default
The default slot-number for a node in stacking mode is 1.

Usage Guidelines
The configuration is stored on the affected node(s) immediately but does not take
effect until the next reboot of the node(s). The configuration applies only when the
node is running in stacking mode. To see the configured and active slot numbers of all
nodes, use the show stacking configuration command.

Switch Engine™ Command Reference Guide for version 32.7.1 1413

Example Commands

To see the resulting slot number assignment, run the show stacking configuration
command.

Note
Failure to configure a node does not prevent configuration of the slot numbers
on the other nodes, and does not affect the slot number assigned to each
node.

If you enter the command with the automatic option, the following confirmation
message appears:
Reassignment of slot numbers may make the stack incompatible with the
current configuration file. Do you wish to continue? (y/n)

When this command is executed successfully, the following message appears:

This command will take effect at the next reboot of the specified
node(s).

Example
To configure all slot-numbers for a stack:

configure stacking slot-number automatic

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available with all licenses and platforms that support the
SummitStack feature. For information about which licenses and platforms support
the SummitStack feature, see the Switch Engine 32.7.1 Feature License Requirements
document.

configure stacking-support auto-discovery

configure stacking-support auto-discovery [disable | enable]

Description
Enables or disables stacking auto-discovery.

Syntax Description
stacking-support Configures stacking support.
auto-discovery Configures auto-discovery for stacking.

1414 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

disable Disables stacking auto-discovery.

enable Enables stacking auto-discovery. (Default)

Default
Stacking auto-discovery is enabled by default.

Usage Guidelines
For ExtremeSwitching 5420 and 5520 series switches, stacking auto-discovery allows
the switch to detect the type of cable inserted into the stack ports and automatically
update the stack port speed while the switch is booting up.

To view stacking auto-discovery status, use the command show stacking-support.

Example
The following example disables stacking auto-discovery:
# configure stacking-support auto-discovery disable

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on ExtremeSwitching 5420 and 5520 series switches.

configure stacking-support stack-ports

configure stacking-support stack-port [stack-ports | all] selection
[native {V40 | V80 | V160 | V200 | V320 | V400 {alternative-
configuration | help}} | alternate]

Description
Selects the switch ports and speed for stack communications.

Syntax Description
stack-ports Specifies the stacking port range to be configured. Valid stacking
port entries are 1, 2, 1-2, and all.
native Selects the specified stacking port, which is the native, dedicated
port that only supports stacking.
V40 Specifies that the native stacking port can operate at 10 Gbps.
V80 Specifies that the native stacking port can operate at 20 Gbps.

Switch Engine™ Command Reference Guide for version 32.7.1 1415

Default Commands

V160 Specifies that the native stacking ports operate at 40 Gbps.

V200 Specifies that the native stacking ports operate at 50 Gbps
V320 Specifies that the native stacking ports operate at 80 Gbps.
V400 Specifies that the native stacking ports on the option card operate
at 100 Gbps (Not available on Universal platforms).
alternative- Selects the V400 alternate configuration stacking mode for
configuration (ExtremeSwitchin 5720 series switches).
help Provides more details regarding the alternate configuration
stacking mode
alternate Selects the alternate (Ethernet) stacking port associated with the
specified stacking port. The alternate port numbers are listed in
the following table.

Default
Switches with native stack ports default to "Native".

Usage Guidelines
The configuration entered with this command applies to only the local node and does
not become active until after the following events:
• The stacking-support option is enabled (if applicable).
• The switch restarts.

Each speed configuration requires a specific cabling configuration. For more

information, see Hardware Installation Guide for your switch model.

"V400" is the default mode that sets the stack ports to 106G. "V400 alternative-
configuration" is required when using specific fiber cables. This mode sets the stack
ports to 100G, enables pre-emphasis, and FEC (clause_91). Cables requiring alternative-
configuration include:
• QSFP28 SR4
• QSFP28 LR4
• QSFP28 CWDM4
• QSFP28 PSM4
• QxQ AOC cable - 5m
• QxQ AOC cable - 7m
• QxQ AOC cable - 10m
• QxQ AOC cable - 20m

For a complete list of supported cables, see Extreme Optics Compatibility.

The stacking-support option configures the switch to use stacking protocols. This
option is automatically enabled on most platforms, but some platforms require
you to manually enable the stacking-support option. The following table lists
the ExtremeSwitching series switches and option card configurations that support

1416 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Stacking Port Selection Control, and it lists which platforms require manual Stacking-
Support Option Control.

Table 17: ExtremeSwitching Series Switch Support for Alternate Stack Ports
Switch Model Number Switc Alternate Alternate Stacking- Stacking
h Port for Port for Support Port
Optio Stack Port Stack Port Option Selection
n Card Control Control
5520-24T 5520- 35 36 Yes Yes
5520-24W VIM-4
X
5520-24X
5520-48T 5520- 59 60 Yes Yes
5520-48W VIM-4
X
5520-12MW-36W
5520-48SE

When the alternate stack port is selected for a native stack port and the switch is
restarted, the native stack port remains visible in the CLI and can be configured.
However, any configuration applied to the replaced stack port is ignored and does not
affect switch operation.

An alternate stack port runs the stacking protocol and cannot operate on a link
connected to a data port that is not configured as a stack port. Both ends of a
stack link must be configured to use the stacking protocol. The stacking link must
be directly connected to two the alternate stacking ports of two stacking switches.
The direct connection is necessary because stacking protocols cannot pass through an
intermediate switch.

After a data port is reconfigured as an alternate stack port, all data port configuration
commands still work, but they do not change the operation of the alternate stack port.
The LEDs on an Ethernet port used as an alternate stacking port operate according to
the behavior of the Ethernet port. The LEDs on the related (disabled) native stacking
port remain dark.

Note
Commands that contain the stacking-support keyword operate only on the
local switch; they do not apply to all switches in the stack. If an active stack
topology has been formed, you can telnet to a slot elsewhere in the stack, log
on to that switch, and use commands with the stacking-support keyword on
that switch.

Example
The following command configures the switch to use the alternate stack port for Stack
Port 1 after the next switch restart:
configure stacking-support stack-ports 1 selection alternate

Switch Engine™ Command Reference Guide for version 32.7.1 1417

History Commands

The following command configures the switch to use both native stacking ports after
the next switch restart:
configure stacking-support stack-ports all selection native

The following command configures stack ports 1 and 2 to operate as four 40 Gbps
ports:
configure stacking-support stack-ports all selection native V160

History
This command was first available in ExtremeXOS 12.5.

The V160 keyword was added in ExtremeXOS 12.6.

The V320 keyword was added in ExtremeXOS 15.1 Revision 2.

The V400 keyword was added in ExtremeXOS 22.2.

The alternative-configuration and help keywords were added in ExtremeXOS

32.7.1.

The V40 keyword was added in ExtremeXOS 31.3

The V80 keyword was added in ExtremeXOS 31.4.

The V200 keyword was added in ExtremeXOS 31.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd add vlan

configure stpd stpd_name add [ {vlan} vlan_name | vlan vlan_list] ports
[all | port_list] {[dot1d | emistp | pvst-plus]}

Description
Adds all ports or a list of ports within a VLAN to a specified STPD.

Syntax Description
stpd_name Specifies an STPD name on the switch.
vlan_name Specifies a VLAN name.
vlan_list Specifies a VLAN list of IDs.
all Specifies all of the ports in the VLAN to be included in the
STPD.
port_list Specifies the port or ports to be included in the STPD.

1418 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

dot1d Specifies the STP encapsulation mode of operation to be

802.1D.
emistp Specifies the STP encapsulation mode of operation to be
EMISTP.
pvst-plus Specifies the STP encapsulation mode of operation to be
PVST+.

Default
Default port mode for default STPD (s0) and user-created STPDs is dot1d.

Usage Guidelines
To create an STP domain, use the create stpd command. To create a VLAN, use the
create vlan command.

In an EMISTP or PVST+ environment, this command adds a list of ports within a VLAN
to a specified STPD provided the carrier VLAN already exists on the same set of ports.
You can also specify the encapsulation mode for those ports.

In an MSTP environment, you do not need a carrier VLAN. A CIST controls the
connectivity of interconnecting MSTP regions and sends BPDUs across the regions to
communicate region status. You must use the dot1d encapsulation mode in an MSTP
environment.

You cannot configure STP on the following ports:

• Mirroring target ports.
• Software-controlled redundant ports.

If you see an error similar to the following:

Error: Cannot add VLAN default port 3:5 to STP domain

You might be attempting to add:

• A carrier VLAN port to a different STP domain than the carrier VLAN belongs.
• A VLAN/port for which the carrier VLAN does not yet belong.

Note
This restriction is enforced only in an active STP domain and when you
enable STP to make sure you have a legal STP configuration.

Care must be taken to ensure that ports in overlapping domains do not interfere with
the orderly working of each domain’s protocol.

By default, when the switch boots for the first time, it automatically creates a VLAN
named default with a tag value of 1 and STPD s0. The switch associates VLAN default to
STPD s0. All ports that belong to this VLAN and STPD are in 802.1D encapsulation mode
with autobind enabled. If you disable autobind on the VLAN default, that configuration
is saved across a reboot.

Switch Engine™ Command Reference Guide for version 32.7.1 1419

Naming Conventions Commands

Naming Conventions
If your STPD has the same name as another component, for example a VLAN, we
recommend that you specify the identifying keyword as well as the name. If your STPD
has a name unique only to that STPD, the keywords stpd and vlan are optional.

STP Encapsulations Modes

You can specify the following STP encapsulation modes:
• dot1d—This mode is reserved for backward compatibility with previous STP versions.
BPDUs are sent untagged in 802.1D mode. Because of this, any given physical
interface can have only one STPD running in 802.1D mode.

This encapsulation mode supports the following STPD modes of operation: 802.1D,
802.1w, and MSTP.
• emistp—This mode sends BPDUs with an 802.1Q tag having an STPD ID in the VLAN
ID field.

This encapsulation mode supports the following STPD modes of operation: 802.1D
and 802.1w.
• pvst-plus—This mode implements PVST+ in compatibility with third-party switches
running this version of STP. The STPDs running in this mode have a one-to-one
relationship with VLANs, and send and process packets in PVST+ format.

This encapsulation mode supports the following STPD modes of operation: 802.1D
and 802.1w.

These encapsulation modes are for STP ports, not for physical ports. When a physical
port belongs to multiple STPDs, it is associated with multiple STP ports. It is possible for
the physical port to run in different modes for different domains for which it belongs.

MSTP STPDs use 802.1D BPDU encapsulation mode by default. To ensure correct
operation of your MSTP STPDs, do not configure EMISTP or PVST+ encapsulation mode
for MSTP STPDs.

STPD Identifier
An StpdID is used to identify each STP domain. You assign the StpdID when
configuring the domain. An STPD ID must be identical to the VLAN ID of the carrier
VLAN in that STPD and that VLAN cannot belong to another STPD.

MSTP uses two different methods to identify the STPDs that are part of the MSTP
network. An instance ID of 0 identifies the Common and Internal Spanning Tree (CIST).
The switch assigns this ID automatically when you configure the CIST STPD. A multiple
spanning tree instance identifier identifies each STP domain that is part of an MSTP
region. You assign the MSTI (Multiple Spanning Tree Instances) ID when configuring
the STPD that participates in the MSTP region. In an MSTP region, MSTI IDs only have
local significance. You can reuse MSTI IDs across MSTP regions.

1420 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Automatically Inheriting Ports--MSTP Only

Automatically Inheriting Ports--MSTP Only

In an MSTP environment, whether you manually or automatically bind a port to an
MSTI in an MSTP region, the switch automatically binds that port to the CIST. The CIST
handles BPDU processing for itself and all of the MSTIs; therefore, the CIST must inherit
ports from the MSTIs in order to transmit and receive BPDUs.

Example
Create a VLAN named marketing and an STPD named STPD1 as follows:
create vlan marketing
create stpd stpd1

The following command adds the VLAN named marketing to the STPD STPD1, and
includes all the ports of the VLAN in STPD1:
configure stpd stpd1 add vlan marketing ports all

History
This command was first available in ExtremeXOS 10.1.

The vlan_list variable was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd backup-root

configure stpd stpd_name backup-root [on | off]

Description
Enables and disables the backup root feature.

Syntax Description
stpd_name Specifies an STPD name on the switch.
on Enables backup root.
off Disable backup root.

Default
By default, the backup root feature is disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1421

Usage Guidelines Commands

Usage Guidelines
The backup root feature is used to get faster convergence when the root bridge
connectivity is lost.

Backup root feature enabled bridge port should be connected to Root with point to
point link. When backup root bridge loses contact with the root bridge, the backup
root bridge automatically lowers its bridge priority below the priority of the lost root.
This causes the backup root bridge to become the new root. If a reboot occurs, the new
root will have its priority restored to the original configured value.

If the priority of the root bridge is zero and the backup root loses connectivity to the
root bridge, automatic assignment of the priority value for the backup root will be the
initial configured value.

This feature is activated only when connectivity with the root bridge is lost. Raising the
priority on the root does not cause the backup root feature to be activated.

We recommend the following when configuring the backup root feature:

• Enable the backup root feature on both the root and backup root.
• Configure all bridges except the root and backup root with the maximum bridge
priority value (61440 with 802.1t).
• Configure the root and backup root to have the next lowest priority (57344 with
802.1t)
• To help prevent the backup root feature activating due to a simple link failure rather
than a bridge failure, establish multiple links between the root and backup root.
• Deploy this feature carefully as it may result in suboptimal traffic forwarding paths.

Example
The following example enables the backup root feature on the STP domain r1:
configure stpd r1 backup-root on

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd bpdu-forwarding

configure stpd bpdu-forwarding [on | off]

Description
This command specifies whether to forward or drop BPDUs when STP is disabled.

1422 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
bpdu-forwarding Specifies forwarding or discarding spanning tree BPDUs
when STP is disabled.
on Forward STP BPDUs when spanning tree is disabled
(default).
off Drop STP BPDUs when spanning tree is disabled.

Default
The default is on.

Usage Guidelines
STP must be disabled globally to disable BPDU forwarding; otherwise, an error
message appears:
Error: All Spanning Tree Domains must be disabled globally before configuring stpd bpdu-
forwarding off.

When the BPDU forwarding is off and you try to configure the filter method using
the configure stpd filter-method [system-wide| port-based] command, the
following error message appears:
Error: Spanning Tree Forwarding must be enabled globally before configuring filter-
method.

Example
The following example disables BPDU forwarding when STP is disabled:
configure stpd bpdu-forwarding off

History
This command was first available in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd default-encapsulation

configure stpd stpd_name default-encapsulation [dot1d | emistp | pvst-
plus]

Description
Configures the default encapsulation mode for all ports added to the specified STPD.

Switch Engine™ Command Reference Guide for version 32.7.1 1423

Syntax Description Commands

Syntax Description
stpd_name Specifies an STPD name on the switch.
dot1d Specifies the STP encapsulation mode of operation to be
802.1d.
emistp Specifies the STP encapsulation mode of operation to be
EMISTP.
pvst-plus Specifies the STP encapsulation mode of operation to be
PVST+.

Default
Ports in the default STPD (s0) are dot1d mode.

Ports in user-created STPDs are in dot1d mode.

Usage Guidelines
Care must be taken to ensure that ports in overlapping domains do not interfere with
the orderly working of each domain’s protocol.

By default, when the switch boots for the first time, it automatically creates a VLAN
named default with a tag value of 1 and STPD s0. The switch associates VLAN default to
STPD s0. All ports that belong to this VLAN and STPD are in 802.1d encapsulation mode
with autobind enabled. If you disable autobind on the VLAN default, that configuration
is saved across a reboot.

MSTP STPDs use 802.1D BPDU encapsulation mode by default. To ensure correct
operation of your MSTP STPDs, do not configure EMISTP or PVST+ encapsulation mode
for MSTP STPDs.

Naming Conventions
If your STPD has the same name as another component, for example a VLAN, we
recommend that you specify the identifying keyword as well as the name. If your STPD
has a name unique only to that STPD, the keyword stpd is optional. For name creation
guidelines and a list of reserved names, see Object Name in the Switch Engine 32.7.1
User Guide.

STP Encapsulation Modes

You can specify the following STP encapsulation modes:
• dot1d—This mode is reserved for backward compatibility with previous STP versions.
BPDUs are sent untagged in 802.1D mode. Because of this, any given physical
interface can have only one STPD running in 802.1D mode.

This encapsulation mode supports the following STPD modes of operation: 802.1D,
802.1w, and MSTP.

1424 Switch Engine™ Command Reference Guide for version 32.7.1

Commands STPD Identifier

• emistp—This mode sends BPDUs with an 802.1Q tag having an STPD ID in the VLAN
ID field.

This encapsulation mode supports the following STPD modes of operation: 802.1D
and 802.1w.
• pvst-plus—This mode implements PVST+ in compatibility with third-party switches
running this version of STP. The STPDs running in this mode have a one-to-one
relationship with VLANs and send and process packets in PVST+ format.

This encapsulation mode supports the following STPD modes of operation: 802.1D
and 802.1w.

Note
These encapsulation modes are for STP ports, not for physical ports. When
a physical port belongs to multiple STPDs, it is associated with multiple STP
ports. It is possible for the physical port to run in different modes for different
domains for which it belongs.

STPD Identifier
An StpdID is used to identify each STP domain. You assign the StpdID when
configuring the domain. An STPD ID must be identical to the VLAN ID of the carrier
VLAN in that STP domain, and that VLAN cannot belong to another STPD.

MSTP uses two different methods to identify the STPDs that are part of the MSTP
network. An instance ID of 0 identifies the Common and Internal Spanning Tree (CIST).
The switch assigns this ID automatically when you configure the CIST STPD. A multiple
spanning tree instance identifier identifies each STP domain that is part of an MSTP
region. You assign the MSTI ID when configuring the STPD that participates in the
MSTP region. In an MSTP region, MSTI IDs only have local significance. You can reuse
MSTI IDs across MSTP regions.

Example
The following example specifies that all ports subsequently added to the STPD STPD1
be in PVST+ encapsulation mode unless otherwise specified or manually changed:
configure stpd stpd1 default-encapsulation pvst-plus

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1425

configure stpd delete vlan Commands

configure stpd delete vlan

configure stpd stpd_name delete [ {vlan} vlan_name | vlan
vlan_list]ports [all | port_list]

Description
Deletes one or more ports in the specified VLAN from an STPD.

Syntax Description
stpd_name Specifies an STPD name on the switch.
vlan_name Specifies a VLAN name.
vlan_list Specifies a VLAN list of IDs.
all Specifies that all of the ports in the VLAN are to be
removed from the STPD.
port_list Specifies the port or ports to be removed from the STPD.

Default
N/A.

Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we
recommend that you specify the identifying keyword as well as the name. If your STPD
has a name unique only to that STPD, the keywords stpd and vlan are optional.

In EMISTP and PVST+ environments, if the specified VLAN is the carrier VLAN, all
protected VLANs on the same set of ports are also removed from the STPD.

You also use this command to remove autobind ports from a VLAN. ExtremeXOS
records the deleted ports so that the ports are not automatically added to the STPD
after a system restart.

When a port is deleted on the MSTI, it is automatically deleted on the CIST as well.

Example
The following example removes all ports of a VLAN named Marketing from the STPD
STPD1:
configure stpd stpd1 delete vlan marketing ports all

History
This command was first available in ExtremeXOS 10.1.

1426 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

The vlan_list variable was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd description

configure {stpd} stpd_name description [stpd-description | none}

Description
Adds or overwrites the STP domain description field.

Syntax Description
stpd_name Specifies an STPD name on the switch.
stpd-description Specifies an STPD description.
none Clears the STPD string.

Default
The STP domain description string is empty.

Usage Guidelines
Use this command to add or overwrite the STP domain description field.

The maximum STP domain description length is 180 characters.

The stpd-description must be in quotes if the string contains any spaces.

To display the description, use the show stpd stpd_name command. When no STP
domain description is configured, Description is not displayed in the output.

To clear the STP domain description string, either specify the keyword none in this
command or use the unconfigure stpd {stpd_name} command.

Example
The following command adds the description “this is s0 domain” to the STPD named
s0:

configure stpd s0 description “this is s0 domain”

Switch Engine™ Command Reference Guide for version 32.7.1 1427

History Commands

History
This command was first available in ExtremeXOS 12.4.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd filter-method

configure stpd filter-method [system-wide| port-based]

Description
Configures Spanning Tree BPDU hardware filters.

Syntax Description
system-wide Installs system-wide hardware filters for Spanning Tree.
port-based Installs per-port hardware filters for Spanning Tree.

Default
By default, system-wide hardware filters are installed.

Usage Guidelines
You must disable Spanning Tree before changing the filter method. Use the disable
stpd command to disable Spanning Tree.

Example
The following example sets the filter method for Spanning Tree as system-wide.
configure stpd filter-method system-wide

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd flush-method

configure stpd flush-method [vlan-and-port | port-only]

1428 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures the method used by STP to flush the FDB during a topology change.

Syntax Description
vlan-and-port Specifies a VLAN and port combination flush method.
port-only Specifies a port flush method.

Default
The default flush method is vlan-and-port.

Usage Guidelines
For scaled up configurations where there are more than 1000 VLANs and more than 70
ports participating in STP, the number of messages exchanged between STP/FDB/HAL
modules can consume a lot of system memory during an STP topology change using
the default configuration for flush method. In such situations, setting the flush method
to “port-only” can help reduce the system memory consumption.

Example
The following command sets the flush method to port-only:

configure stpd flush-method port-only

History
This command was available in ExtremeXOS 12.4.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd forwarddelay

configure stpd stpd_name forwarddelay seconds

Description
Specifies the time (in seconds) that the ports in this STPD spend in the listening and
learning states when the switch is the root bridge.

Switch Engine™ Command Reference Guide for version 32.7.1 1429

Syntax Description Commands

Syntax Description
stpd_name Specifies an STPD name on the switch.
seconds Specifies the forward delay time in seconds. The default is
15 seconds, and the range is 4 to 30 seconds.

Default
The default forward delay time is 15 seconds.

Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we
recommend that you specify the identifying keyword as well as the name. If your STPD
has a name unique only to that STPD, the keyword stpd is optional.

You should not configure any STP parameters unless you have considerable knowledge
and experience with STP. The default STP parameters are adequate for most networks.

The range for the seconds parameter is 4 through 30 seconds.

Example
The following command sets the forward delay from STPD1 to 20 seconds:

configure stpd stpd1 forwarddelay 20

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd hellotime

configure stpd stpd_name hellotime seconds

Description
Specifies the time delay (in seconds) between the transmission of BPDUs from this
STPD when it is the root bridge.

1430 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
stpd_name Specifies an STPD name on the switch.
seconds Specifies the hello time in seconds. The default is 2
seconds, and the range is 1 to 10 seconds.

Default
The default hello time is 2 seconds.

Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we
recommend that you specify the identifying keyword as well as the name. If your STPD
has a name unique only to that STPD, the keyword stpd is optional.

In an MSTP environment, configure the hello timer only on the CIST, not on the MSTIs.

You should not configure any STP parameters unless you have considerable knowledge
and experience with STP. The default STP parameters are adequate for most networks.

The range for the seconds parameter is 1 through 10 seconds.

Example
The following command sets the time delay from STPD1 to 10 seconds:

configure stpd stpd1 hellotime 10

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd loop-protect event-threshold

configure stpd stpd_name loop-protect event-threshold [threshold | none]

Description
Configures the loop protect event threshold.

Switch Engine™ Command Reference Guide for version 32.7.1 1431

Syntax Description Commands

Syntax Description
stpd_name Specifies an STPD name on the switch.
threshold Sets the number of loop protect events that must be
received before disabling the port. The valid range is 1–10.
none Disables the loop protect threshold. The port will not
remain enabled even if loop protect events are received.

Default
By default, the loop protect threshold is enabled and set to three loop protect events.

Usage Guidelines
If the loop protect event threshold disables a port, you must enable the port manually.

Example
The following example configures the loop protect event threshold to five events.
configure stpd r1 loop-protect event-threshold 5

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd loop-protect event-window

configure stpd stpd_name loop-protect event-window interval

Description
Configures the interval for which loop protect events are counted by the loop protect
event threshold.

Syntax Description
stpd_name Specifies an STPD name on the switch.
interval The length of the interval, in seconds, over which the loop
protect event threshold is defined. The valid range is 0–255
seconds.

1432 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
By default the interval is set to 180 seconds.

Usage Guidelines
None.

Example
The following example sets the loop protect event window to 120 seconds for STP
domain r1.
configure stpd r1 loop-protect event-window 120

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd maxage

configure stpd stpd_name maxage seconds

Description
Specifies the maximum age of a BPDU in the specified STPD.

Syntax Description
stpd_name Specifies an STPD name on the switch.
seconds Specifies the maxage time in seconds. The default is 20
seconds, and the range is 6 to 40 seconds.

Default
The default maximum age of a BPDU is 20 seconds.

Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we
recommend that you specify the identifying keyword as well as the name. If your STPD
has a name unique only to that STPD, the keyword stpd is optional.

Switch Engine™ Command Reference Guide for version 32.7.1 1433

Example Commands

You should not configure any STP parameters unless you have considerable knowledge
and experience with STP. The default STP parameters are adequate for most networks.

In an MSTP environment, configure the maximum age of a BPDU only on the CIST, not
on the MSTIs.

The range for the seconds parameter is 6 through 40 seconds.

Note that the time must be greater than, or equal to 2 * (Hello Time + 1) and less than, or
equal to 2 * (Forward Delay –1).

Example
The following command sets the maximum age of STPD1 to 30 seconds:

configure stpd stpd1 maxage 30

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd max-hop-count

configure stpd stpd_name max-hop-count hopcount

Description
Specifies the maximum hop count of a BPDU until the BPDU is discarded in the
specified MSTP STP domain.

Syntax Description
stpd_name Specifies an STPD name on the switch.
hopcount Specifies the number of hops required to age out
information and notify changes in the topology. The
default is 20 hops, and the range is 6 to 40 hops.

Default
The default hop count of a BPDU is 20 hops.

Usage Guidelines
This command is applicable only in an MSTP environment.

1434 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

If your STPD has the same name as another component, for example a VLAN, Extreme
Networks recommends that you specify the identifying keyword as well as the name. If
your STPD has a name unique only to that STPD, the keyword stpd is optional.

You should not configure any STP parameters unless you have considerable knowledge
and experience with STP. The default STP parameters are adequate for most networks.

The range for the hopcount parameter is 6 through 40 hops.

In an MSTP environment, the hop count has the same purpose as the maxage timer for
802.1D and 802.1w environments.

The main responsibility of the CIST is to exchange or propagate BPDUs across regions.
The switch assigns the CIST an instance ID of 0, which allows the CIST to send BPDUs
for itself in addition to all of the MSTIs within an MSTP region. Inside a region, the
BPDUs contain CIST records and piggybacked M-records. The CIST records contain
information about the CIST, and the M-records contain information about the MSTIs.
Boundary ports only exchange CIST record BPDUs.

On boundary ports, only CIST record BPDUs are exchanged. In addition, if the other end
is an 802.1D or 802.1w bridge, the maxage timer is used for interoperability between the
protocols.

Example
The following command sets the hop of the MSTP STPD, STPD2, to 30 hops:

configure stpd stpd2 max-hop-count 30

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd mode

configure stpd stpd_name mode [dot1d | dot1w | mstp [cist | msti
instance]]

Description
Configures the operational mode for the specified STP domain.

Switch Engine™ Command Reference Guide for version 32.7.1 1435

Syntax Description Commands

Syntax Description
stpd_name Specifies an STPD name on the switch.
dot1d Specifies the STPD mode of operation to be 802.1D.
dot1w Specifies the STPD mode of operation to be 802.1w, and
rapid configuration is enabled.
mstp Specifies the STPD mode of operation to be 802.1s, and
rapid configuration is enabled.
cist Configures the specified STPD as the common instance
spanning tree for the MSTP region.
msti Configures the specified STPD as a multiple spanning tree
instance for the MSTP region.
instance Specifies the Id of the multiple spanning tree instance. The
range is 1 to 4,094.

Default
The STPD s0 by default operates in MSTP CIST mode.

User-created STPDs operate by default in dot1d mode.

Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we
recommend that you specify the identifying keyword as well as the name. If your STPD
has a name unique only to that STPD, the keyword stpd is optional.

If you configure the STP domain in 802.1D mode, the rapid reconfiguration mechanism
is disabled.

If you configure the STP domain in 802.1w mode, the rapid reconfiguration mechanism
is enabled. You enable or disable RSTP on a per STPD basis only. You do not enable
RSTP on a per port basis.

If you configure the STP domain in MSTP mode, the rapid reconfiguration mechanism
is enabled. You enable or disable MSTP on a per STPD basis only. You do not enable
MSTP on a per port basis. MSTP STPDs use 802.1D BPDU encapsulation mode by
default. To ensure correct operation of your MSTP STPDs, do not configure EMISTP or
PVST+ encapsulation mode for MSTP STPDs.

You must first configure a Common and Internal Spanning Tree (CIST) before
configuring any multiple spanning tree instances (MSTIs) in the region. You cannot
delete or disable a CIST if any of the MSTIs are active in the system.

STP operational mode can be changed while VLANs are associated with an STP
domain. In MSTP mode, mode change is allowed only for CIST domains.

1436 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command configures STPD s1 to enable the rapid reconfiguration
mechanism and operate in 802.1w mode:

configure stpd s1 mode dot1w

The following command configures STPD s2 to operate as an MSTI in an MSTP domain:

configure stpd s2 mode mstp msti 3

History
This command was first available in ExtremeXOS 10.1.

The mstp parameter was added in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd multicast send-query

configure stpd multicast send-query [on | off]

Description
Configures suppressing IGMP- and MLD-triggered queries when STP topology changes
are received.

Syntax Description
multicast Specifies multicast options.
send-query For VLANs associated with STPD, when topology changes
occur, send or suppress IGMP or MLD queries.
on Send IGMP or MLD queries (default).
off Do not send IGMP or MLD queries.

Default
Sending IGMP or MLD queries is on.

Usage Guidelines
Whenever STP topology changes are received on a port, the switch sends triggered
queries that mark the peer port as a router port and floods all multicast packets
towards this port. This can cause unnecessary bandwidth usage. This command allows
you to allow or suppress this forwarding.

Switch Engine™ Command Reference Guide for version 32.7.1 1437

configure stpd ports active-role disable Commands

Example
The following example turns off IGMP and MLD queries:
# configure stpd multicast send-query off

History
This command was first available in ExtremeXOS 21.1.5-Patch1-2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd ports active-role disable

configure stpd stpd_name ports active-role disable port

Description
Allows a port to be selected as an alternate or backup port.

Syntax Description
stpd_name Specifies an STPD name on the switch.
port Specifies a port.

Default
The default is disabled.

Usage Guidelines
Use this command to revert to the default that allows a specified port to be elected to
any STP port role.

Example
The following command disables an active role on STDP s1, port 6:3:

configure stpd s1 ports active-role disable 6:3

History
This command was first available in ExtremeXOS 12.5.

1438 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd ports active-role enable

configure stpd stpd_name ports active-role enable port

Description
Prevents a port from becoming an alternate or backup port.

Syntax Description
stpd_name Specifies an STPD name on the switch.
port Specifies a port.

Default
The default is disabled.

Usage Guidelines
Use this command to keep a port in an active role. It prevents a specified port from
being elected to an alternate or backup role which puts the port in a blocking state.

The following describes the port role and state when RSTP stabilizes.

STP Port Role Port State

Alternate (inactive) Blocking
Backup (inactive Blocking
Root (active) Forwarding
Designated (active) Forwarding

This feature can be enabled on only one STP port in the STP domain.

The restricted port role cannot be combined with this feature.

An active port role (root or designated) cannot be enabled with an edge port.

To disable this command, use the configure stpd ports active-role disable
command.

To view the status of the active role, use the show stpd ports command.

Switch Engine™ Command Reference Guide for version 32.7.1 1439

Example Commands

Example
The following command enables an active role on STDP s1, port 6:3:

configure stpd s1 ports active-role enable 6:3

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd ports auto-edge

configure stpd stpd_name ports auto-edge [on | off] port_list

Description
Enables and disables auto-edge detection.

Syntax Description
stpd_name Specifies an STPD name on the switch.
on Enables auto-edge detection on the specified port.
off Disables auto-edge detection on the specified port.
port_list Specifies one or more ports or slots and ports.

Default
By default, auto-edge detection is on.

Usage Guidelines
None.

Example
The following example enables auto-edge detection on port 1:10 in STP domain r1:
configure stpd r1 ports auto-edge on 1:10

History
This command was first available in ExtremeXOS 15.7.1.

1440 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd ports bpdu-restrict

configure {stpd} stpd_name ports bpdu-restrict [enable | disable]
port_list {recovery-timeout {seconds}}

Description
Configures BPDU Restrict.

Syntax Description
stpd_name Specifies an STPD name on the switch.
port_list Specifies one or more ports or slots and ports.
bpdu-restrict Disables port as soon as a BPDU is received.
recovery-timeout Time after which the port will be re-enabled.
seconds Specifies the time in seconds. The range is 60 to 600. The
default is 300.

Default
The default is disabled.

Usage Guidelines
Before using this command, the port(s) should be configured for edge-safeguard.

Example
The following command enables bpdu-restrict on port 2 of STPD s1:

configure stpd s1 ports bpdu-restrict enable 2

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1441

configure stpd ports cost Commands

configure stpd ports cost

configure stpd stpd_name ports cost [auto | cost] port_list

Description
Specifies the path cost of the port in the specified STPD.

Syntax Description
stpd_name Specifies an STPD name on the switch.
auto Specifies the switch to remove any user-defined port cost
value(s) and use the appropriate default port cost value(s).
cost Specifies a numerical port cost value. The range is 1
through 200,000,000.
port_list Specifies one or more ports or slots and ports.

Default
The switch automatically assigns a default path cost based on the speed of the port, as
follows:
• 10 Mbps port—the default cost is 2,000,000.
• 100 Mbps port—the default cost is 200,000.
• 1000 Mbps port—the default cost is 20,000.
• 10000 Mbps ports—the default cost is 2,000.

The default port cost for trunked ports is dynamically calculated based on the available
bandwidth.

Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we
recommend that you specify the identifying keyword as well as the name. If your STPD
has a name unique only to that STPD, the keyword stpd is optional.

You should not configure any STP parameters unless you have considerable knowledge
and experience with STP. The default STP parameters are adequate for most networks.

The 802.1D-2004 standard modified the default port path cost value to allow for higher
link speeds. If you have a network with both 802.1D-2004 and 802.1D-1998 compliant
bridges, a higher link speed can create a situation whereby an 802.1D-1998 compliant
bridge could become the most favorable transit path and possibly cause the traffic to
span more bridges. To prevent this situation, configure the port path cost to make links
with the same speed use the same path host value. For example, if you have 100 Mbps

1442 Switch Engine™ Command Reference Guide for version 32.7.1

Commands ExtremeXOS 11.5 and Earlier

links on all bridges, configure the port path cost for the 802.1D-2004 compliant bridges
to 19 instead of using the default 200,000.

Note
You cannot configure the port path cost on 802.1D-1998 compliant bridges to
200,000 because the path cost range setting is 1 to 65,535.

The range for the cost parameter is 1 through 200,000,000. If you configure the port
cost, a setting of 1 indicates the highest priority.

If you configured a port cost value and specify the auto option, the switch removes the
user-defined port cost value and returns to the default, automatically assigned, port
cost value.

The auto port cost of a trunk port is calculated based on number member ports in
the trunk port. Link up and down of the member port does not affect the trunk port
cost, thus it does not trigger topology change. Only adding or removing a member port
to/from the trunk port causes auto trunk port cost to change. Also, by so configuring a
static trunk port cost, the value is frozen regardless of the number of member ports in
the trunk port.

ExtremeXOS 11.5 and Earlier

If you have switches running ExtremeXOS 11.5 and earlier, the default costs are different
than switches running ExtremeXOS 11.6 and later.

The range for the cost parameter is 1 through 65,535.

The switch automatically assigns a default path cost based on the speed of the port, as
follows:
• 10 Mbps port—the default cost is 100.
• 100 Mbps port—the default cost is 19.
• 1000 Mbps port—the default cost is 4.
• 10000 Mbps ports—the default cost is 2.

Example
The following command configures a cost of 100 to slot 2, ports 1 through 5 in STPD s0:

configure stpd s0 ports cost 100 2:1-2:5

History
This command was first available in ExtremeXOS 10.1.

The auto option was added in ExtremeXOS 11.0.

The default costs were updated based on support for the 802.1D-2004 standard in
ExtremeXOS 11.6.

Switch Engine™ Command Reference Guide for version 32.7.1 1443

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd ports edge-safeguard disable

configure {stpd} stpd_name ports edge-safeguard disable port_list {bpdu-
restrict} {recovery-timeout {seconds}}

Description
Disables the edge safeguard loop prevention on the specified RSTP or MSTP edge port.

Syntax Description
stpd_name Specifies an STPD name on the switch.
port_list Specifies one or more edge ports.
bpdu-restrict Disables port as soon as a BPDU is received.
recovery-timeout Time after which the port will be re-enabled.
seconds Specifies the time in seconds. The range is 60 to 600. The
default is 300.

Default
By default, this feature is disabled.

Usage Guidelines
This command applies only to ports that have already been configured as edge ports.

Loop prevention and detection on an edge port configured for RSTP or MSTP is called
edge safeguard. An edge port configured with edge safeguard immediately enters the
forwarding state and transmits BPDUs.

If you disable this feature, the edge port enters the forwarding state but no longer
transmits BPDUs unless a BPDU is received by that edge port. This is the default
behavior.

Recovery time starts as soon as the port becomes disabled. If no recovery-timeout is

specified, the port is permanently disabled.

BPDU restrict can be disabled using the configure stpd stpd_name ports bpdu-
restrict disableport_list command.

If edge safeguard is disabled, BPDU restrict is also disabled.

To view the status of the edge safeguard feature use the show {stpd} stpd_name
ports {[detail |port_list {detail}]} command. You can also use the show stpd

1444 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

{stpd_name | detail} command to display the STPD configuration on the switch,

including the enable/disable state for edge safeguard.

Note
In MSTP, configuring edge safeguard at CIST will be inherited in all MSTI.

To enable or re-enable edge safeguard, use one of the following commands:

• configure {stpd} stpd_name ports edge-safeguard enableport_list {bpdu-
restrict} {recovery-timeout {seconds}}
• configure stpd stpd_name ports link-type [[auto | broadcast | point-
to-point]port_list | edgeport_list {edge-safeguard [enable | disable]
{bpdu-restrict} {recovery-timeoutseconds}}]

Example
The following command disables edge safeguard on RSTP edge port 4 in STPD s1 on a
stand-alone switch:

configure stpd s1 ports edge-safeguard disable 4

History
This command was first available in ExtremeXOS 11.4.

The BPDU Restrict function was added in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd ports edge-safeguard enable

configure {stpd} stpd_name ports edge-safeguard enable port_list {bpdu-
restrict} {recovery-timeout {seconds}}

Description
Enables the edge safeguard loop prevention on the specified RSTP or MSTP edge port.

Syntax Description
stpd_name Specifies an STPD name on the switch.
port_list Specifies one or more edge ports.
bpdu-restrict Disables port as soon as a BPDU is received.

Switch Engine™ Command Reference Guide for version 32.7.1 1445

Default Commands

recovery-timeout Time after which the port will be re-enabled.

seconds Specifies the time in seconds. The range is 60 to 600. The
default is 300.

Default
By default, this feature is disabled.

Usage Guidelines
This command applies only to ports that have already been configured as edge ports.

Loop prevention and detection on an edge port configured for RSTP or MSTP is called
edge safeguard. You configure edge safeguard on RSTP or MSTP edge ports to prevent
accidental or deliberate misconfigurations (loops) resulting from connecting two edge
ports together or by connecting a hub or other non-STP switch to an edge port. Edge
safeguard also limits the impact of broadcast storms that might occur on edge ports.

An edge port configured with edge safeguard immediately enters the forwarding state
and transmits BPDUs. This advanced loop prevention mechanism improves network
resiliency but does not interfere with the rapid convergence of edge ports.

Recovery time starts as soon as the port becomes disabled. If no recovery-timeout is

specified, the port is permanently disabled.

BPDU restrict can be disabled using the configure {stpd} stpd_name ports
bpdu-restrict [enable | disable]port_list {recovery-timeout {seconds}}
command and selecting disable.

If edge safeguard is disabled, BPDU restrict is also disabled.

To view the status of the edge safeguard feature use the show {stpd} stpd_name
ports {[detail |port_list {detail}]} command. You can also use the show stpd
{stpd_name | detail} command to display the STPD configuration on the switch,
including the enable/disable state for edge safeguard.

Note
In MSTP, configuring edge safeguard at CIST will be inherited in all MSTI.

To disable edge safeguard, use one of the following commands:

• configure {stpd} stpd_name ports edge-safeguard disableport_list
{bpdu-restrict} {recovery-timeout {seconds}}
• configure stpd stpd_name ports link-type [[auto | broadcast | point-
to-point]port_list | edgeport_list {edge-safeguard [enable | disable]
{bpdu-restrict} {recovery-timeoutseconds}}]

1446 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command enables edge safeguard on RSTP edge port 4 in STPD s1 on a
stand-alone switch:

configure stpd s1 ports edge-safeguard enable 4

History
This command was first available in ExtremeXOS 11.4.

The BPDU Restrict function was added in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd ports link-type

configure stpd stpd_name ports link-type [[auto | broadcast | point-to-
point] port_list | edge port_list {edge-safeguard [enable | disable]
{bpdu-restrict} {recovery-timeout seconds}}]

Description
Configures the ports in the specified STPD as auto, broadcast, edge, or point-to-point
link types.

Syntax Description
stpd_name Specifies an STPD name on the switch.
auto Specifies the switch to automatically determine the port
link type. An auto link behaves like a point-to-point link
if the link is in full-duplex mode or if link aggregation is
enabled on the port. Used for 802.1w configurations.
broadcast Specifies a port attached to a LAN segment with more
than two bridges. Used for 802.1D configurations. A port
with broadcast link type cannot participate in rapid
reconfiguration using RSTP or MSTP. By default, all STP.1D
ports are broadcast links.
point-to-point Specifies a port attached to a LAN segment with only
two bridges. A port with point-to-point link type can
participate in rapid reconfiguration. Used for 802.1w and
MSTP configurations. By default, all 802.1w and MSTP ports
are point-to-point link types.
port_list Specifies one or more ports or slots and ports.

Switch Engine™ Command Reference Guide for version 32.7.1 1447

Default Commands

edge Specifies a port that does not have a bridge attached. An

edge port is placed and held in the STP forwarding state
unless a BPDU is received by the port. Used for 802.1w and
MSTP configurations.
edge-safeguard Specifies that the edge port be configured with edge
safeguard, a loop prevention and detection mechanism.
Used for 802.1w and MSTP configurations.
enable Specifies that edge safeguard be enabled on the edge
port(s).
disable Specifies that edge safeguard be disabled on the edge
port(s).
bpdu-restrict Disables port as soon as a BPDU is received.
recovery-timeout Time after which the port will be re-enabled.
seconds Specifies the time in seconds. The range is 60 to 600. The
default is 300.

Default
STP.1D ports are broadcast link types 802.1w and MSTP ports are auto link types.

Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we
recommend that you specify the identifying keyword as well as the name. If your STPD
has a name unique only to that STPD, the keyword stpd is optional.

The default, broadcast links, supports legacy STP (802.1D) configurations. If the switch
operates in 802.1D mode, any configured port link type will behave the same as the
broadcast link type.

RSTP rapidly moves the designated ports of a point-to-point link type into the
forwarding state. This behavior is supported by RSTP and MSTP only.

In an MSTP environment, configure the same link types for the CIST and all MSTIs.

Auto Link Type

An auto link behaves like a point-to-point link if the link is in full duplex mode or if link
aggregation is enabled on the port; otherwise, an auto link behaves like a broadcast
link. If a non-STP switch exists between several switches operating in 802.1w mode with
auto links, the non-STP switch may negotiate full-duplex even though the broadcast
domain extends over several STP devices.

Edge Link Type

RSTP does not send any BPDUs from an edge port nor does it generate topology
change events when an edge port changes its state.

1448 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Edge Safeguard

If you configure a port to be an edge port, the port immediately enters the forwarding
state. Edge ports remain in the forwarding state unless the port receives a BPDU. In
that case, edge ports enter the blocking state. The edge port remains in the blocking
state until it stops receiving BPDUs and the message age timer expires.

Edge Safeguard
Loop prevention and detection on an edge port configured for RSTP or MSTP is called
edge safeguard. You configure edge safeguard on RSTP or MSTP edge ports to prevent
accidental or deliberate misconfigurations (loops) resulting from connecting two edge
ports together or by connecting a hub or other non-STP switch to an edge port. Edge
safeguard also limits the impact of broadcast storms that might occur on edge ports.

An edge port configured with edge safeguard immediately enters the forwarding state
and transmits BPDUs. This advanced loop prevention mechanism improves network
resiliency but does not interfere with the rapid convergence of edge ports.

Recovery time starts as soon as the port becomes disabled. If no recovery-timeout is

specified, the port is permanently disabled.

BPDU restrict can be disabled using the configure stpd stpd_name ports bpdu-
restrict disableport_list command.

If edge safeguard is disabled, BPDU restrict is also disabled.

To configure a port as an edge port and enable edge safeguard on that port, use
the configure stpd stpd_name ports link-type edgeport_list edge-safeguard
command and specify enable.

To disable edge safeguard on the edge port, use the configure stpd stpd_name
ports link-type edgeport_list edge-safeguard command and specify disable.

Two other commands are also available to enable and disable edge safeguard:
configure stpd ports edge-safeguard enable
configure stpd ports edge-safeguard disable

In MSTP, configuring edge safeguard at CIST will be inherited in all MSTI.

Example
The following command configures slot 2, ports 1 through 4 to be point-to-point links in
STPD s1:

configure stpd s1 ports link-type point-to-point 2:1-2:4

The following command enables edge safeguard on the RSTP edge port on slot 2, port
3 in STPD s1 configured for RSTP:

configure stpd s1 ports link-type edge 2:3 edge-safeguard enable

Switch Engine™ Command Reference Guide for version 32.7.1 1449

History Commands

History
This command was first available in ExtremeXOS 10.1.

The BPDU Restrict function was added in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd ports loop-protect

configure stpd stpd_name ports loop-protect [on | off] port_list

Description
Enables and disables loop protect on a port.

Syntax Description
stpd_name Specifies an STPD name on the switch.
on Enables loop protect on the specified port.
off Disables loop protect on the specified port.
port_list Specifies one or more ports or slots and ports.

Default
By default, loop protect is off.

Usage Guidelines
Loop protect prevents loops due to misconfiguration or one-way communication
failures.

Example
The following example enables loop protect on port 1:10 in the STP domain r1:
configure stpd r1 ports loop-protect on 1:10

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

1450 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure stpd ports loop-protect partner

configure stpd ports loop-protect partner

configure stpd stpd_name ports loop-protect partner [capable |
incapable] port_list

Description
Configures whether the link partner is capable of the loop protect feature.

Syntax Description
stpd_name Specifies an STPD name on the switch.
capable The link partner supports the loop protect feature.
incapable The link partner does not support the loop protect feature.
port_list Specifies one or more ports or slots and ports.

Default
By default, this command is set to incapable.

Usage Guidelines
Ports work in two loop protect operational modes:
• If the port is set to capable, the port works in full mode.
• If the port is set to incapable, the port works limited mode.

In full mode, when RSTP/MSTP BPDUs are received on a point-to-point link and the
port is designated, a loop protect timer is set to three times the hello time. When
this timer expires, the port is moved to the blocking state. Limited mode adds the
requirement that the flags field in the BPDU indicates a root role.

Example
The following example configures loop protect partner capability to "capable" for port
1:10 in the STP domain r1:
configure stpd r1 ports loop-protect partner capable 1:10

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1451

configure stpd ports mode Commands

configure stpd ports mode

configure stpd stpd_name ports mode [dot1d | emistp | pvst-plus]
port_list

Description
Configures the encapsulation mode for the specified port list.

Syntax Description
stpd_name Specifies an STPD name on the switch.
dot1d Specifies the STP encapsulation mode of operation to be
802.1d.
emistp Specifies the STP encapsulation mode of operation to be
EMISTP.
pvst-plus Specifies the STP encapsulation mode of operation to be
PVST+.
port_list Specifies one or more ports or slots and ports.

Default
Ports in the default STPD (s0) and user-created STPDs are dot1d mode.

Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we
recommend that you specify the identifying keyword as well as the name. If your STPD
has a name unique only to that STPD, the keyword stpd is optional.

MSTP STPDs use 802.1D BPDU encapsulation mode by default. To ensure correct
operation of your MSTP STPDs, do not configure EMISTP or PVST+ encapsulation mode
for MSTP STPDs.

You can specify the following STP encapsulation modes:

• dot1d—This mode is reserved for backward compatibility with previous STP versions.
BPDUs are sent untagged in 802.1D mode. Because of this, any given physical
interface can have only one STPD running in 802.1D mode.

This encapsulation mode supports the following STPD modes of operation: 802.1D,
802.1w, and MSTP.
• emistp—This mode sends BPDUs with an 802.1Q tag having an STPD ID in the VLAN
ID field.

This encapsulation mode supports the following STPD modes of operation: 802.1D
and 802.1w.

1452 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

• pvst-plus—This mode implements PVST+ in compatibility with third-party switches

running this version of STP. The STPDs running in this mode have a one-to-one
relationship with VLANs, and send and process packets in PVST+ format.

This encapsulation mode supports the following STPD modes of operation: 802.1D
and 802.1w.

Example
The following command configures STPD s1 with PVST+ packet formatting for slot 2,
port 1:

configure stpd s1 ports mode pvst-plus 2:1

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd ports port-priority

configure stpd stpd_name ports port-priority priority port_list

Description
Specifies the port priority of the port in the specified STPD.

Syntax Description
stpd_name Specifies an STPD name on the switch.
priority Specifies a numerical port priority value. The range is 0
through 240 and is subject to the multiple of 16 restriction.
port_list Specifies one or more ports or slots and ports.

Default
The default is 128.

Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we
recommend that you specify the identifying keyword as well as the name. If your STPD
has a name unique only to that STPD, the keyword stpd is optional.

Switch Engine™ Command Reference Guide for version 32.7.1 1453

Example Commands

You should not configure any STP parameters unless you have considerable knowledge
and experience with STP. The default STP parameters are adequate for most networks.

By changing the priority of the port, you can make it more or less likely to become the
root port or a designated port.

To preserve backward compatibility and to use ExtremeXOS 11.5 or earlier

configurations, the existing configure stpd ports priority command is available
in ExtremeXOS 11.6. If you have an ExtremeXOS 11.5 or earlier configuration, the switch
interprets the port priority based on the 802.1D-1998 standard. If the switch reads
a value that is not supported in ExtremeXOS 11.6, the switch rejects the entry. For
example, if the switch reads the configure stpd ports priority 16 command from
an ExtremeXOS 11.5 or earlier configuration, (which is equivalent to the command
configure stpd ports priority 8 entered through CLI), the switch saves the value in the
new ExtremeXOS 11.6 configuration as configure stpd ports port-priority 128.

A setting of 0 indicates the highest priority.

The range for the priority parameter is 0 through 240 and is subject to the multiple of 16
restriction.

Example
The following command assigns a priority of 32 to slot 2, ports 1 through 5 in STPD s0:

configure stpd s0 ports port-priority 32 2:1-2:5

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd ports priority

configure stpd stpd_name ports priority priority port_list

Description
Specifies the port priority of the port in the specified STPD.

1454 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
stpd_name Specifies an STPD name on the switch.
priority Specifies a numerical port priority value. The range is 0
through 31 for STP and 0 through 15 for MSTP and RSTP.
port_list Specifies one or more ports or slots and ports.

Default
The default is 128.

Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we
recommend that you specify the identifying keyword as well as the name. If your STPD
has a name unique only to that STPD, the keyword stpd is optional.

You should not configure any STP parameters unless you have considerable knowledge
and experience with STP. The default STP parameters are adequate for most networks.

By changing the priority of the port, you can make it more or less likely to become the
root port or a designated port.

To preserve backward compatibility and to use ExtremeXOS 11.5 or earlier

configurations, the existing configure stpd ports priority command is available
in ExtremeXOS 11.6. If you have an ExtremeXOS 11.5 or earlier configuration, the switch
interprets the port priority based on the 802.1D-1998 standard. If the switch reads a
value that is not supported in ExtremeXOS 11.6, the switch rejects the entry.

A setting of 0 indicates the highest priority.

The range for the priority parameter is 0 through 31 for STP and 0 through 15 for MSTP
and RSTP.

ExtremeXOS 11.6 introduces support for a new ports priority command: configure
stpd ports port-priority. When you save the port priority value in an ExtremeXOS
11.6 configuration, the switch saves it as the new command configure stpd ports
port-priority with the corresponding change in priority values. The priority range of
this command is 0 through 240 and is subject to the multiple of 16 restriction. For more
information see configure stpd ports port-priority.

ExtremeXOS 11.5 and Earlier

If you have switches running ExtremeXOS 11.5 and earlier, the default value for the
priority range are different than switches running ExtremeXOS 11.6.

The range for the priority parameter is 0 through 31.

The default is 16.

Switch Engine™ Command Reference Guide for version 32.7.1 1455

Example Commands

Example
The following command assigns a priority of 1 to slot 2, ports 1 through 5 in STPD s0:

configure stpd s0 ports priority 1 2:1-2:5

History
This command was first available in ExtremeXOS 10.1.

The priority range and behavior was updated based on support for the 802.1D-2004
standard in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd ports reflection-bpdu

configure stpd stpd_name ports reflection-bpdu [on | off] port_list

Description
Turns on/off reflection Bridge Protocol Data Unit (BPDU) behavior.

Syntax Description
stpd Spanning Tree Protocol (STP) domain.
stpd_name Specifies the STP domain name
ports Ports in this STP domain to configure.
reflection-bpdu Copy contents (bridge ID, root ID, etc.) of received RSTP/
MSTP proposal BPDU in transmitted agreement BPDU.
Default is on.
on Use received bridge ID, etc. in agreement RSTP/MSTP
BPDU (not necessary for OUIs 00:01:F4, 00:11:88, 00:1F:45,
20:B3:99).
off Use local bridge ID, etc. in transmitted agreement RSTP/
MSTP BPDU for compatibility with EOS switches with
unknown OUIs.
port_list Specifies the ports in this STP domain to configure.

Default
Reflection BPDU behavior is on by default.

1456 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
For Rapid Spanning Tree Protocol (RSTP) proposal handshake to work with CISCO
switches, the switch that receives the proposal BPDU reflects back the same BPDU
(all the contents) with an agreement flag set. This ensures that the other port is
acknowledging the proposal that the switch has send out, so the acknowledgment
BPDU contains the same contents of the other switch's proposal BPDU with the
agreement bit set, instead of the proposal bit.

However, this behavior when used with EOS upstream bridges receiving the
agreement BPDU (whose MAC OUI is different than 00:01:F4, 00:11:88, 00:1F:45,
20:B3:99) causes the switch to believe it is being sent its own BPDU, thus causing a
multisource event during a topology change. This command allows you turn off the
BPDU reflection behavior to avoid this problem.

Example
To enable reflection BPDU on domain "s1" on port 7:
configure s1 ports reflection-bpdu on 7

To disable reflection BPDU on domain "s1" ono port 7:

configure s1 ports reflection-bpdu off 7

History
This command was first available in ExtremeXOS 22.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd ports restricted-role disable

configure stpd stpd_name ports restricted-role disable port_list

Description
Disables restricted role on the specified port inside the core network.

Syntax Description
stpd_name Specifies an STPD name on the switch.
port_list Specifies one or more ports or slots and ports.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 1457

Usage Guidelines Commands

Usage Guidelines
The restricted role is disabled by default. If set, it can cause a lack of spanning
tree connectivity. A network administrator enables the restricted role to prevent
bridges external to a core region of the network from influencing the spanning tree
active topology, possibly because those bridges are not under the full control of the
administrator.

Note
Disabling Restricted Role at CIST is inherited by all MSTI.

Example
The following command disables restricted role for s1 on port 6:3:

configure stpd s1 ports restricted-role disable 6:3

History
This command was first available in ExtremeXOS 12.1.

This command was added to RSTP in ExtremeXOS 11.6 and 12.0.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd ports restricted-role enable

configure stpd stpd_name ports restricted-role enable port_list

Description
Enables restricted role on the specified port inside the core network.

Syntax Description
stpd_name Specifies an STPD name on the switch.
port_list Specifies one or more ports or slots and ports.

Default
N/A.

1458 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Enabling restricted role causes the port not to be selected as a root port even if it has
the best spanning tree priority vector. Such a port is selected as an alternate port after
the root port has been selected.

The restricted role is disabled by default. If set, it can cause a lack of spanning
tree connectivity. A network administrator enables the restricted role to prevent
bridges external to a core region of the network from influencing the spanning tree
active topology, possibly because those bridges are not under the full control of the
administrator.

Note
Restricted role should not be enabled with edge mode.
Enabling Restricted Role at CIST is inherited by all MSTI.

Example
The following command enables restricted role on port 6:3:

configure stpd s1 ports restricted-role enable 6:3

History
This command was first available in ExtremeXOS 12.1.

This command was added to RSTP in ExtremeXOS 11.6 and 12.0.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd ports restricted-tcn

configure stpd stpd_name ports restricted-tcn [on | off] port_list

Description
Restricts the propagation of Topology Change Notification (TCN) BPDUs on the
specified port.

Syntax Description
stpd_name Specifies an STPD name on the switch.
on Does not propagate received TCN BPDUs and topology
changes to other ports.

Switch Engine™ Command Reference Guide for version 32.7.1 1459

Default Commands

off Allows the propagation of received TCN BPDUs and

topology changes to other ports.
port_list Specifies one or more ports or slots and ports.

Default
The default value is off.

Usage Guidelines
Set restricted-tcn to on to prevent unnecessary address flushing caused by
persistent TCNs. Restricting TCNs is a useful when it is not possible to remove the
source of the TCNs.

Example
The following example disables the propagation of TCNs in port 1:10 for STP domain r1:
configure stpd r1 ports restricted-tcn on 1:10

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd priority

configure stpd stpd_name priority priority

Description
Specifies the bridge priority of the STPD.

Syntax Description
stpd_name Specifies an STPD name on the switch.
priority Specifies the bridge priority of the STPD. The range is 0
through 61,440.
• If the bridge priority mode is configured as dot1d and
the protocol mode is configured as dot1w, then value
can be configured in increments of 1.
• If the bridge priority mode is configured as dot1t and the
protocol mode is configured as dot1w, then priority value
can be configured in increments of 4,096.

1460 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
The default priority is 32,768.

Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we
recommend that you specify the identifying keyword as well as the name. If your STPD
has a name unique only to that STPD, the keyword stpd is optional.

You should not configure any STP parameters unless you have considerable knowledge
and experience with STP. The default STP parameters are adequate for most networks.

The range for the priority parameter is 0 through 61,440. If the bridge priority mode
is configured as dot1d and the protocol mode is configured as dot1w, then value can
be configured in increments of 1. If the bridge priority mode is configured as dot1t
and the protocol mode is configured as dot1w, then priority value can be configured in
increments of 4,096. A setting of 0 indicates the highest priority.

If you have an ExtremeXOS 11.5 or earlier configuration that contains an STP or RSTP
bridge priority that is not a multiple of 4,096, the switch rejects the entry and the
bridge priority returns to the default value. The MSTP implementation already uses
multiples of 4,096 to determine the bridge priority.

For example, to lower the numerical value of the priority (which gives the priority a
higher precedence), you subtract 4,096 from the default priority: 32,768 - 4,096 = 28,672.
If you modify the priority by a value other than 4,096, the switch rejects the entry.

ExtremeXOS 11.5 and Earlier

If you have switches running ExtremeXOS 11.5 and earlier, the priority range is different
than switches running ExtremeXOS 11.6 and later.

The range for the priority parameter is 0 through 65,535. A setting of 0 indicates the
highest priority.

Example
The following command sets the bridge priority of STPD1 to 16,384:

configure stpd stpd1 priority 16384

History
This command was first available in ExtremeXOS 10.1.

The priority range and behavior was updated based on support for the 802.1D-2004
standard in ExtremeXOS 11.6.

Switch Engine™ Command Reference Guide for version 32.7.1 1461

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd priority-mode

configure stpd stpd_name priority-mode [dot1d | dot1t]

Description
Sets STP bridge priority values.

Syntax Description
stpd STP domain/STP global configuration.
stpd_name STP domain name on the switch.
priority-mode Control allowable bridge priority values.
dot1d Allow any bridge priority value.
Valid values are 0–65,535 (in increments of 1), with 0
indicating high priority and 65,535 low priority.
dot1t Allow bridge priority in steps of 4,096.
This option is the default bridge priority mode. Valid
values are 0–61,440 (in increments of 4,096), with 0
indicating high priority and 61,440 low priority. Values are
automatically rounded up or down depending on the dot1t
value to which the entered value is closest.

Default
dot1t option is configured by default for operation mode dot1w and MSTP.

Example
The following example configures the priority-mode as dot1d:
configure stpd s1 priority-mode dot1d

History
This command was first available in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd tag

configure stpd stpd_name tag stpd_tag

1462 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Assigns an StpdID to an STPD.

Syntax Description
stpd_name Specifies an STPD name on the switch.
stpd_tag Specifies the VLAN ID of the carrier VLAN that is owned by
the STPD.

Default
N/A.

Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we
recommend that you specify the identifying keyword as well as the name. If your STPD
has a name unique only to that STPD, the keyword stpd is optional.

You should not configure any STP parameters unless you have considerable knowledge
and experience with STP. The default STP parameters are adequate for most networks.

An STPD ID is used to identify each STP domain. You assign the StpdID when
configuring the domain. An STPD ID must be identical to the VLAN ID of the carrier
VLAN in that STP domain, and that VLAN cannot belong to another STPD. Unless all
ports are running in 802.1D mode, an STPD with ports running in either EMISTP mode
or PVST+ mode must be configured with an STPD ID.

You must create and configure the VLAN, along with the tag, before you can configure
the STPD tag. To create a VLAN, use the create vlan command. To configure the
VLAN, use the configure vlan commands.

MSTP Only
MSTP uses two different methods to identify the STPDs that are part of the MSTP
network. An instance ID of 0 identifies the CIST. The switch assigns this ID automatically
when you configure the CIST STPD. To configure the CIST STPD, use the configure
stpd stpd_name mode [dot1d | dot1w | mstp [cist | mstiinstance]]
command.

An MSTI identifier (MSTI ID) identifies each STP domain that is part of an MSTP region.
You assign the MSTI ID when configuring the STPD that participates in the MSTP
region. Each STPD that participates in a particular MSTP region must have the same
MSTI ID. To configure the MSTI ID, use the configure stpd stpd_name mode [dot1d |
dot1w | mstp [cist | mstiinstance]] command.

Switch Engine™ Command Reference Guide for version 32.7.1 1463

Example Commands

Example
The following example assigns an StpdID to the purple_st STPD:
configure stpd purple_st tag 200

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd trap new-root

configure stpd stpd_name trap new-root [on | off]

Description
Enables and disables the new-root trap.

Syntax Description
stpd_name Specifies an STPD name on the switch.
on Enables the new-root trap.
off Disables the new-root trap.

Default
By default, the trap is enabled (on).

Usage Guidelines
The new-root trap is sent when the new root bridge is elected.

Example
The following example disables the new-root trap for the STP domain r1.
configure stpd r1 trap new-root off

History
This command was first available in ExtremeXOS 15.7.1.

1464 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd trap topology-change

configure stpd stpd_name trap topology-change {edge-ports}[on | off]

Description
Enables and disables the topology change trap for all ports or edge ports only.

Syntax Description
stpd_name Specifies an STPD name on the switch.
edge-ports Specifies that topology change traps will be sent only for
edge ports.
on Enables the topology change trap.
off Disables the topology change trap.

Default
By default, the topology change trap is disabled (off) for all ports.

Usage Guidelines
You cannot enable the topology change trap for edge ports if you have disabled the
topology change trap for all ports.

Example
The following example disables the topology change trap for edge ports only in the STP
domain r1.
configure stpd r1 trap topology-change edge-ports off

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure stpd tx-hold-count

configure stpd stpd_name tx-hold-count tx_hold_count

Switch Engine™ Command Reference Guide for version 32.7.1 1465

Description Commands

Description
Configures the maximum BPDUs transmitted per second.

Syntax Description
stpd_name Specifies an STPD name on the switch.
tx_hold_count Specifies the maximum number of BPDUs transmitted per
second. The valid range is 1–10.

Default
By default, the maximum number of BPDUs transmitted per second is 6.

Usage Guidelines
The transmit hold count is used by the port transmit state machine to limit BPDU
transmission rate.

Example
The following example configures the transmit hold count for STP domain r1 to five
BPDUs per second:
configure stpd r1 tx-hold-count 5

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure switch integrity-check image

configure switch integrity-check image [on | off]

Description
Enables or disables the NOS image integrity check feature.

Syntax Description
integrity-check Specifies configuring integrity check.
image Specifies checking the loaded NOS image.

1466 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

on Enables image integrity check feature. You are informed if

the integrity check fails.
off Disables image integrity check feature (default).

Default
By default, ExtremeXOS image integrity check is disabled.

Usage Guidelines
If the image integrity check is enabled, during bootup, the system checks the integrity
of the NOS image, and notifies you if it has been compromised or not (an error
message is logged).

To view the status and configuration of the image integrity check, use the show switch
management command.

Example
The following example enables the NOS image integrity check:
# configure switch integrity-check image on

History
This command was first available in ExtremeXOS 31.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sys-health-check all level

configure sys-health-check all level [normal | strict]

Description
Configures how the ExtremeXOS software handles faults for the switch.

Syntax Description
normal Upon a fault detection, the switch only sends a message to
the syslog. This is the default setting.
strict Upon a fault detection, the switch takes the action
configured by the configure sys-recovery-level slot
or the command.

Switch Engine™ Command Reference Guide for version 32.7.1 1467

Default Commands

Default
The default setting is normal.

Usage Guidelines
Use this command in conjunction with the configure sys-recovery-level switch
[none | reset | shutdown] command to implement your network’s fault handling
strategy.

ExtremeXOS 11.5 enhances the number of switch-fabric tests completed and monitored
by the polling module of the system health checker. Additionally with ExtremeXOS
11.5, you can now configure how ExtremeXOS handles a detected fault based on the
configuration of the configure sys-recovery-level slot [all | slot_number]
[none | reset | shutdown] or the configure sys-recovery-level switch [none
| reset | shutdown] command.

If you configure the strict parameter, the switch takes the action configured by
the configure sys-recovery-level slot or the configure sys-recovery-level
switch command, which can include logging only or restarting, rebooting, or shutting
down the suspect device.

To maintain a smooth upgrade for devices running ExtremeXOS 11.4 and earlier, the
switch-fabric tests introduced in ExtremeXOS 11.5 are set to only log error messages
(‘normal mode’) by default. However, we recommend that you configure ‘strict
mode’ so the system can attempt to recover by utilizing the action configured in
the configure sys-recovery-level slot or the configure sys-recovery-level
switch command (which by default is reset).

Depending on your switch configuration, the following table shows how

ExtremeSwitching series switches behave when the ExtremeXOS software detects a
fault:

Table 18: System Behavior for ExtremeSwitching Series Switches

Fault Handling Hardware Recovery Behavior
Configuration Configuration
configure sys-health- configure sys-recovery-level The switch sends messages
check all level normal switch none to the syslog.
Same as above. configure sys-recovery-level Same as above.
switch reset
Same as above. configure sys-recovery-level Same as above.
switch shutdown
configure sys-health- configure sys-recovery-level Same as above.
check all level strict switch none
Same as above. configure sys-recovery-level ExtremeXOS reboots the
switch reset affected switch.
Same as above. configure sys-recovery-level ExtremeXOS shuts down the
switch shutdown affected switch.

1468 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Displaying the System Health Check Setting

Displaying the System Health Check Setting

To display the system health check setting, including polling and how ExtremeXOS
handles faults on the switch, use the following command:
show switch

The system health check setting, displayed as SysHealth check, shows the polling
setting and how ExtremeXOS handles faults. The polling setting appears as Enabled,
and the fault handling setting appears in parenthesis next to the polling setting. In
the following truncated output, the system health check setting appears as SysHealth
check: Enabled (Normal):

SysName: TechPubs Lab

SysName: BD-8810Rack3
SysLocation:
SysContact: [email protected], +1 888 257 3000
System MAC: 00:04:96:1F:A2:60
SysHealth check: Enabled (Normal)
Recovery Mode: None
System Watchdog: Enabled

If you use the strict parameter, which configures the switch to take the action
configured by the configure sys-recovery-level slot or the configure sys-
recovery-level switch command, (Strict) would appear next to Enabled.

Example
The following command configures the switch to forward faults to be handled by the
level set by the configure sys-recovery-level switch command:
# configure sys-health-check all level strict

History
This command was first available in ExtremeXOS 11.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure syslog add

configure syslog add [ipaddress {udp-port {udp_port}} | ipPort |
ipaddress tls_port {tls_port}] {vr vr_name} [local0...local7]

Description
Configures the remote Syslog server host address, and filters messages to be sent to
the remote Syslog target.

Switch Engine™ Command Reference Guide for version 32.7.1 1469

Syntax Description Commands

Syntax Description
ipaddress Specifies the remote Syslog server IP address.
ipPort Specifies the UDP port number for the Syslog target.
tls_port Specifies remote Syslog server Transport Layer Security
(TLS) for connection type.
tls_port TLS port number (default is 6514).
vr_name Specifies the virtual router that can reach the server IP
address.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

local0 ... local7 Specifies the local Syslog facility.

Default
If a virtual router is not specified, VR-Mgmt is used. If UDP port is not specified, 514 is
used. If TLS port is not specified, 6514 is used.

Usage Guidelines
Options for configuring the remote Syslog server include:
• ipaddress—The IP address of the remote Syslog server host
• ipPort—The UDP port
• vr_name—The virtual router that can reach the Syslog host
• local0-local7—The Syslog facility level for local use

The switch log overwrites existing log messages in a wrap-around memory buffer,
which may cause you to lose valuable information once the buffer becomes full. The
remote Syslog server does not overwrite log information, and can store messages in
non-volatile files (disks, for example).

The enable syslog command must be issued in order for messages to be sent to the
remote Syslog server(s). Syslog is disabled by default. A total of four Syslog servers can
be configured at one time.

When a Syslog server is added, it is associated with the filter DefaultFilter. Use the
configure log target filter command to associate a different filter.

The Syslog facility level is defined as local0 – local7. The facility level is used to group
Syslog data.

Example
The following example adds the remote Syslog server with an IP address of 10.0.0.1:
configure syslog add 10.0.0.1 local1

1470 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The following example adds the remote Syslog server with an IP address of 2001:11::123:
configure syslog add 2001:11::123 local1

History
This command was first available in ExtremeXOS 10.1.

The ipPort parameter was first available in ExtremeXOS 11.0.

The udp-port parameter and support for the EMS (Event Management System) to send
log messages to Syslog servers having IPv6 address was added in ExtremeXOS 21.1.

Transport Layer Security (TLS) option added in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure syslog tls cipher

configure syslog tls cipher [[cipher | all] on | cipher off]

Description
Turns on/off ciphers for Syslog Transport Layer Security (TLS) sessions.

Syntax Description
syslog Specifies configuring the remote Syslog target.
tls Transport Layer Security (TLS) protocol.
cipher Specifies configuring the algorithm to use for encrypting
Syslog TLS sessions.
cipher Specifies the cipher name to enable or disable.
all Specifies all ciphers for enabling.
on Enable selected cipher. Default is that all ciphers are on.
off Disables selected cipher.

Default
By default, all ciphers are enabled.

Usage Guidelines
A minimum of one cipher must be enabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1471

Example Commands

The following is the list of available ciphers:

• aes128-sha
• aes128-sha256
• aes256-sha256
• dhe-rsa-aes128-sha256
• dhe-rsa-aes256-sha256

To view which ciphers are enabled and disabled, use the command show log
configuration on page 2956.

Example
The following example enables all ciphers for Syslog TLS sessions:
configure syslog tls cipher all on

The following example disables the aes128-sha cipher for Syslog TLS sessions:
configure syslog tls cipher aes128-sha off

History
This command was first available in ExtremeXOS 22.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure syslog tls ocsp

configure syslog tls ocsp [on | off]

Description
Enables or disables Online Certificate Status Protocol (OCSP) check for Transport Layer
Security (TLS) connections to remote Syslog servers.

Syntax Description
syslog Specifies configuring the remote Syslog target.
tls Specifies configuring TLS.
ocsp Specifies configuring OCSP for real-time certificate
revocation status checking.
on Enables OCSP (default).
off Disables OCSP.

1472 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
By default, OCSP is enabled.

Usage Guidelines
While you can disable OCSP, it is not recommended because no certificate revocation
status check is performed.

Example
The following example enables OCSP check for TLS connections to remote Syslog
servers.
# configure syslog tls ocsp on

History
This command was first available in ExtremeXOS 30.7.

Platform Availability
This command is available on all Universal switches supported in this document.

configure syslog tls ocsp nonce

configure syslog tls ocsp nonce [on | off]

Description
Enables or disables Online Certificate Status Protocol (OCSP) nonce for Transport Layer
Security (TLS) connections to remote Syslog servers.

Syntax Description
syslog Specifies configuring the remote Syslog target.
tls Specifies configuring TLS.
ocsp Specifies configuring OCSP for real-time certificate
revocation status checking.
nonce Specifies to cryptographically bind an OCSP request and
an OCSP response with the extension id-pkix-ocsp-
nonce to prevent replay attacks.
on Specifies to include the id-pkix-ocsp-nonce extension in
the OCSP request and response.
off Specifies to exclude the extension (default).

Switch Engine™ Command Reference Guide for version 32.7.1 1473

Default Commands

Default
Off.

Usage Guidelines

Example
The following example configures nonce:
# configure syslog tls ocsp nonce on

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure syslog tls ocsp override

configure syslog tls tls override [url | none]

Description
This command configures one HTTP Online Certificate Status Protocol (OCSP) override
URL for Transport Layer Security (TLS) connections to a remote Syslog server.

Syntax Description
syslog Specifies configuring the remote Syslog target.
tls Specifies Transport Layer Security (TLS).
ocsp Specifies the OCSP attribute.
override Specifies to override the OCSP server in the
AuthorityInformationAccess section of a syslog server's
certificate.
url Specifies the URL of the OCSP overrive server. Default port
is 80.
none Specifies to remove the OCSP override URL configuration
(default).

Default
None.

1474 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Only HTTP is supported with either FQDN or IP.

Example
The following example configures an override URL of http://syslogocsp:2022:
# configure radius tls ocsp override http://syslogocsp:2022

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure syslog tls ocsp signer

configure syslog tls ocsp signer ocsp-nocheck [on | off]

Description
Enables or disables Online Certificate Status Protocol (OCSP) signer's ocsp-nocheck for
Transport Layer Security (TLS) connections to remote Syslog servers.

Syntax Description
syslog Specifies configuring the remote Syslog target.
tls Specifies Transport Layer Security (TLS).
ocsp Specifies configuring OCSP for real-time certificate
revocation status checking.
signer Specifies the OCSP signer that signs the OCSP response.
ocsp-nocheck Specifies the extension id-pkix-ocsp-nocheck. If present
in the OCSP signer's certificate, then it is trusted for its
lifetime.
on Specifies to override the id-pkix-ocsp-nocheck extension
in the OCSP signer's certificate and forces the extension as
if it is present.
off Specifies to behave per the extension's precense in the
OCSP signer's certificate. If not present and the OCSP
signer is not root CA, then the whole OCSP will fail
(default).

Default
Off.

Switch Engine™ Command Reference Guide for version 32.7.1 1475

Usage Guidelines Commands

Usage Guidelines

Example
The following example enables OCSP signer's nocheck for TLS connections to a remote
Syslog server.
# configure syslog tls ocsp signer ocsp-nocheck on

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure syslog tls tcp-user-timeout

configure syslog tls tcp-user-timeout [seconds | default]

Description
Specifies the maximum time that transmitted data may remain unacknowledged
before TCP closes the connection to avoid loss of logging to TLS Syslog server.

Syntax Description
tls Specifies Transport Layer Security protocol.
tcp-user-timeout Specifies the maximum time that transmitted data
may remain unacknowledged before TCP closes the
connection.
seconds Timeout period in seconds. Range = 20–900.
default Specifies not using value from tcp-user-timeout option;
use the system default.

Default
The default is to use Linux default—tcp-user-timeout is not enabled.

Usage Guidelines
For Linux, by default, it takes about 15 minutes for kernel to end a TCP connection when
transmitted data remains unacknowledged. This results in a potential loss of logs to TLS
Syslog server during the 15 minutes window due to link down. This command allows
you to reduce this window.

1476 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example sets the TCP user timeout value to 30 seconds:
configure syslog tls tcp-user-timeout 30

The following example turns off using the TCP user timeout value and accepts system
default:
configure syslog tls tcp-user-timeout default

History
This command was first available in ExtremeXOS 22.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure syslog delete

configure syslog delete [ ipaddress {udp-port {udp_port}} | ipPort |
ipaddress tls_port {tls_port}] {vr vr_name} [local0...local7 ]] | all
{local0...local7} {vr vr_name} ]
configure syslog delete host name/ip {: udp-port} [local0...local7]

Description
Deletes a remote Syslog server address.

Syntax Description
ipaddress Specifies the remote Syslog server IP address.
ipPort Specifies the UDP port number for the Syslog target.
tls_port Specifies remote Syslog server Transport Layer Security
(TLS) for connection type.
tls_port TLS port number.
vr_name Specifies the virtual router that can reach the server IP
address.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

local0 ... local7 Specifies the local Syslog facility.

all Specifies all remote Syslog servers.

Switch Engine™ Command Reference Guide for version 32.7.1 1477

Default Commands

Default
If a virtual router is not specified, VR-Mgmt is used.

If a UDP port number is not specified, 514 is used.

If a TLS port number is not specified, 6514 is used.

Usage Guidelines
This command is used to delete a remote Syslog server target.

Example
The following example deletes the remote Syslog server with an IP address of 10.0.0.1:
configure syslog delete 10.0.0.1 local1

The following example deletes the remote Syslog server with an IP address of
2001:11::123 :
configure syslog delete 2001:11::123 local1

History
This command was first available in ExtremeXOS 10.1.

The ipPort parameter was first available in ExtremeXOS 11.0.

The udp-port parameter and support for the EMS to send log messages to Syslog
servers having IPv6 address was added in ExtremeXOS 21.1.

Transport Layer Security (TLS) option added in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure syslog reference-identifier

configure syslog [all |ipaddress {tls-port tls_port}] {vr vr_name}
{local} reference-identifier reference_identifier

Description
Specifies the remote Syslog server certificate reference identifier.

1478 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
all All specified targets.
ipaddress Specifies the remote Syslog server IPv4 or IPv6 address.
tls-port Specifies using a remote Syslog server Transport Layer
Security (TLS) port.
tls_port Specifies the remote Syslog server Transport Layer Security
(TLS) port (default is 6514).
vr Specifies a virtual router.
vr_name Specifies the virtual router ID.
local Specifies the remote Syslog server facility: "local0" "local1"
"local2" "local3" "local4" "local5" "local6" "local7".
reference-identifier Remote Syslog server certificate reference identifier.
reference_identifier Identifier value (for example, the host name). If none is
specified, the existing reference identifier configuration is
removed.

Default
If a TLS port is not specified, the default is 6514.

Example
The following example specifies the reference identifier as "hostname" for all specified
targets on VR "vr1":
# configure syslog all vr vr1 reference-identifier hostname

History
This command was first available in ExtremeXOS 22.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure system ports notation

configure system ports notation [slot:port | slot/port]

Description
Configures a standalone switch to be addressed with a slot number.

Switch Engine™ Command Reference Guide for version 32.7.1 1479

Syntax Description Commands

Syntax Description
system Configures system settings.
ports Configures system ports settings.
notation Configures system port notation settings.
slot:port Designates slot:port notation. For example, 1:47. (Default on
stacks and Extended Edge Switching). Also designates a
5720 slot:port:chennel notation. For example, 5:49:3 for Slot
5 Port 49 Channel 3.
slot Designates standard slot notation. For example, 1/47.
port Designates standard port notation. For example, 1/47. Also
designates a channelized 5720 port. For example, Port 49
Channel 3.

Default
By default, on standalone switches, port notation is used.

By default, on stacks/Extended Edge Switching, slot:port notation is used.

Usage Guidelines
You can configure a standalone system as a slotted system with this command, which
allows for commands which had ‘slot’ arguments to be visible and take in a valid slot
number of ‘1’, along with any port arguments specified in ‘slot’:’port’ notation. In turn,
any command output would specify ‘slot’ information and ports displayed in ‘slot’:’port’
or slot/port notation.

ExtremeSwitching 5720 series switches use a specified chennelized port number.

Note
5720 VIM-6YE ports are not channelized and map to ports 51-53 and 54-56.

Note
Switches running Release 31.6 or earlier that are connected to a channelized
5720 port will not display the correct port number via the Extreme Discovery
Protocol. The port numbers will display correctly via the Link Layer Discovery
Protocol.

This command requires a configuration save and reboot to take effect.

To view the port notation status, use the show management command.

Example
The following example changes a standalone switch to have slot:port notation:
# configure system ports notation slot:port
This command will take effect after the next reboot.

1480 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 30.2.

The slot/port keyword was added in ExtremeXOS 31.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sys-recovery-level switch

configure sys-recovery-level switch [none | reset | shutdown]

Description
Configures a recovery option for instances where a hardware exception occurs on
ExtremeSwitching series switches.

Syntax Description
none Configures the switch to maintain its current state
regardless of the detected fault. The switch does not
reboot or shutdown. ExtremeXOS logs fault and error
messages to the syslog.
reset Configures the switch to reboot upon detecting a
hardware fault. ExtremeXOS logs fault, error, system reset,
and system reboot messages to the syslog.
shutdown Configures the switch to shut down upon detecting a
hardware fault. All ports are taken offline in response
to the reported errors; however, the management port
remains operational for debugging purposes only. If the
switch shuts down, it remains in this state across additional
reboots or power cycles until you explicitly clear the
shutdown state.

Default
The default setting is reset.

Usage Guidelines
Use this command for system auto-recovery upon detection of hardware problems.
You can configure ExtremeSwitching series switches to take no action, automatically
reboot, or shutdown if the switch detects a hardware fault. This enhanced level of
recovery detects faults in the CPU.

Switch Engine™ Command Reference Guide for version 32.7.1 1481

Messages Displayed Commands

You must specify one of the following parameters for the switch to respond to
hardware failures:
• none—Configures the switch to maintain its current state regardless of the detected
fault. The switch does not reboot or shutdown.
• reset—Configures the switch to reboot upon detecting a hardware fault.
• shutdown—Configures the switch to shutdown upon fault detection. All ports are
taken offline in response to the reported errors; however, the management port
remains operational for debugging purposes only.

Messages Displayed
If you configure the hardware recovery setting to either none (ignore) or shutdown,
the switch prompts you to confirm this action by displaying a message similar to the
following:
Are you sure you want to shutdown on errors? (y/n)

Enter y to confirm this action and configure the hardware recovery level. Enter n or
press [Enter] to cancel this action.

Displaying the Hardware Recovery Setting

To display the hardware recovery setting, use the following command:
show switch

If you change the hardware recovery setting from the default (reset) to either none
(ignore) or shutdown, the Recovery Mode output is expanded to include a description
of the hardware recovery mode. If you keep the default behavior or return to reset, the
Recovery Mode output lists only the software recovery setting.

The following truncated output from a ExtremeSwitching series switch displays the
software recovery and hardware recovery settings (displayed as Recovery Mode):

SysName: TechPubs Lab

SysLocation:
SysContact: [email protected], +1 888 257 3000
System MAC: 00:04:96:1F:A5:71
Recovery Mode: All, Ignore
System Watchdog: Enabled

If you configure the hardware recovery setting to none, the output displays “Ignore” to
indicate that no corrective actions will occur on the switch. “Ignore” appears only if you
configure the hardware recovery setting to none.

If you configure the hardware recovery setting to shutdown, the output displays
“Shutdown” to indicate that the switch will shutdown if fault detection occurs.
“Shutdown” appears only if you configure the hardware recovery setting to shutdown.

If you configure the hardware recovery setting to reset, the output displays only the
software recovery mode.

1482 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command configures the switch to not take an action if a hardware fault
occurs:
# configure sys-recovery-level switch none

History
This command was first available in ExtremeXOS 11.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure sys-recovery-level
configure sys-recovery-level [all | none]

Description
Configures a recovery option for instances where a software exception occurs in
ExtremeXOS.

Syntax Description
all Configures ExtremeXOS to log an error into the syslog and
reboot the system after any software task exception occurs.
none Configures the recovery level to none. No action is taken
when a software task exception occurs; there is no system
reboot, which can cause unexpected switch behavior.

Note: Use this parameter only under the guidance of

Extreme Networks Technical Support personnel.

Default
The default setting is all.

Usage Guidelines
If the software fails, the switch automatically reboots or leaves the system in its current
state. You must specify one of the following parameters for the system to respond to
software failures:
• all—The system will send error messages to the Syslog and reboot if any software
task exception occurs.

Switch Engine™ Command Reference Guide for version 32.7.1 1483

Displaying the System Recovery Setting Commands

• none—No action is taken when a software task exception occurs. The system does
not reboot, which can cause unexpected switch behavior.

Note
Use the none parameter only under the guidance of Extreme Networks
Technical Support personnel.

The default setting and behavior is all. Extreme Networks strongly recommends using
the default setting.

Displaying the System Recovery Setting

To display the software recovery setting on the switch, use the following command:
# show switch

This command displays general switch information, including the software recovery
level. The following truncated output from an ExtremeSwitching switch displays the
software recovery setting (displayed as Recovery Mode):

SysName: TechPubs Lab

SysLocation:
SysContact: [email protected], +1 888 257 3000
System MAC: 00:04:96:20:B4:13
SysHealth check: Enabled (Normal)
Recovery Mode: All
System Watchdog: Enabled

Note
All platforms display the software recovery setting as Recovery Mode.

Example
The following command configures a switch to not take an action when any software
task exception occurs:
# configure sys-recovery-level none

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure tacacs priv-lvl

configure tacacs priv-lvl [required | optional]

1484 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Sets the requirement that the privilege level attribute (priv-lvl) must be specified for
TACACS priv-levl authentication to occur.

Syntax Description
priv-levl Specifies setting the requirement that the privilege level
attribute for authentication to occur.
required Fails login attempt if priv-lvl attribute is not provided.
optional Allows login to occur with read-only privilege if priv-lvl is
not provided. (default).

Default
By default, the priv-lvl is not required.

Usage Guidelines
Using this command to set the privilege level attribute as required does not change
any behavior associated with values received in the priv-lvl attribute, only the presence/
absence of the attribute.

Example
The following example makes the priv-lvl attribute required for TACACS authentication:
# configure tacacs priv-lvl required

History
This command was first available in ExtremeXOS 22.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure tacacs-accounting server

configure tacacs-accounting [primary | secondary] server [ipaddress |
hostname] {udp_port} client-ip ipaddress {vr vr_name}

Description
Configures the TACACS+ accounting server.

Switch Engine™ Command Reference Guide for version 32.7.1 1485

Syntax Description Commands

Syntax Description
primary Configures the primary TACACS+ accounting server.
secondary Configures the secondary TACACS+ accounting server.
ipaddress The IP address of the TACACS+ accounting server being
configured.
hostname The host name of the TACACS+ accounting server being
configured.
tcp_port The TCP port to use to contact the TACACS+ server.
ipaddress The IP address used by the switch to identify itself when
communicating with the TACACS+ accounting server.
vr_name Specifies the virtual router on which the client IP is located.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

Default
Unconfigured. The default virtual router is VR-Mgmt, the management virtual router.

Usage Guidelines
You can use the same TACACS+ server for accounting and authentication.

To remove a server, use the following command:

unconfigure tacacs server [primary | secondary]

Example
The following command configures server tacacs1 as the primary TACACS+ accounting
server for client switch 10.10.20.35 using a virtual router interface of VR-Default:
configure tacacs-accounting primary server tacacs1 client-ip 10.10.20.35 vr vr-Default

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

1486 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure tacacs server client-ip

configure tacacs server client-ip

configure tacacs [primary | secondary] server [host_ipaddr |
host_ipV6addr | hostname] {tcp_port} client-ip [client_ipaddress |
client_ipv6address] {vr vr_name}

Description
Configures the server information for a TACACS+ authentication server.

Syntax Description
primary Configures the primary TACACS+ server.
secondary Configures the secondary TACACS+ server.
host_ipaddr The IP address of the TACACS+ server being configured.
host_ipV6addr The IPv6 address of the TACACS+ accounting server being
configured.
hostname The host name of the TACACS+ server being configured.
tcp_port The TCP port to use to contact the TACACS+ server.
client_ipaddr The IP address used by the switch to identify itself when
communicating with the TACACS+ server.
client_ipV6addr The client IPv6 address used by the switch to identify
itself when communicating with the TACACS+ accounting
server.
vr_name Specifies the virtual router on which the client IP is located.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

Default
TACACS+ uses TCP port 49. The default virtual router is VR-Mgmt, the management
virtual router.

Usage Guidelines
Use this command to configure the server information for a TACACS+ server.

To remove a server, use the following command:

unconfigure tacacs server [primary | secondary]

Use of the hostname parameter requires that DNS be enabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1487

Example Commands

Example
The following command configures server tacacs1 as the primary TACACS+ server for
client switch 10.10.20.35 using a virtual router interface of VR-Default:
configure tacacs primary server tacacs1 client-ip 10.10.20.35 vr vr-Default

Example
The following command configures IPv6 server 1111::220 as the primary TACACS+ server
for client switch 1111::170 using virtual router interface of vr-mgmt:
# configure tacacs primary server 1111::220 client-ip 1111::170 vr vr-mgmt

History
This command was first available in ExtremeXOS 10.1.

IPv6 support was added in ExtremeXOS 32.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure tacacs shared-secret

configure tacacs [primary | secondary] shared-secret {encrypted
encrypted_secret | secret }

Description
Configures the shared secret string used to communicate with the TACACS+
authentication server.

Syntax Description
primary Configures the authentication string for the primary
TACACS+ server.
secondary Configures the authentication string for the secondary
TACACS+ server.
encrypted Indicates that the string is already encrypted.
string The string to be used for authentication.

Default
N/A.

1488 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
The secret must be the same between the client switch and the TACACS+ server.

The encrypted keyword is primarily for the output of the show configuration command,
so the shared secret is not revealed in the command output. Do not use it to set the
shared secret.

Example
The following command configures the shared secret as “purplegreen” on the primary
TACACS+ server:

configure tacacs-accounting primary shared-secret purplegreen

History
This command was first available in ExtremeXOS 10.1.

The encrypted keyword was added in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure tacacs timeout

configure tacacs timeout seconds

Description
Configures the timeout interval for TACAS+ authentication requests.

Syntax Description
seconds Specifies the number of seconds for authentication
requests. Range is 3 to 120 seconds.

Default
The default is 3 seconds.

Usage Guidelines
Use this command to configure the timeout interval for TACACS+ authentication
requests.

To detect and recover from a TACACS+ server failure when the timeout has expired,
the switch makes one authentication attempt before trying the next designated

Switch Engine™ Command Reference Guide for version 32.7.1 1489

Example Commands

TACACS+ server or reverting to the local database for authentication. In the event that
the switch still has IP connectivity to the TACACS+ server, but a TCP session cannot
be established, (such as a failed TACACS+ daemon on the server), failover happens
immediately regardless of the configured timeout value.

For example, if the timeout value is set for 3 seconds (the default value), it will take
3 seconds to fail over from the primary TACACS+ server to the secondary TACACS+
server. If both the primary and the secondary servers fail or are unavailable, it takes
approximately 6 seconds to revert to the local database for authentication.

Example
The following command configures the timeout interval for TACACS+ authentication to
10 seconds:

configure tacacs timeout 10

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure tacacs-accounting server client-ip

configure tacacs-accounting [primary | secondary] server [host_ipaddr
| host_ipV6addr | hostname] {tcp_port} client-ip [client_ipaddress |
client_ipv6address] {vr vr_name}

Description
Configures the server information for a TACACS+ accounting server.

Syntax Description
primary Configures the primary TACACS+ server.
secondary Configures the secondary TACACS+ server.
host_ipaddr The IP address of the TACACS+ server being configured.
host_ipV6addr The IPv6 address of the TACACS+ accounting server being
configured.
hostname The host name of the TACACS+ server being configured.
tcp_port The TCP port to use to contact the TACACS+ server.
client_ipaddr The IP address used by the switch to identify itself when
communicating with the TACACS+ server.

1490 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

client_ipV6addr The client IPv6 address used by the switch to identify

itself when communicating with the TACACS+ accounting
server.
vr_name Specifies the virtual router on which the client IP is located.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

Default
N/A.

Usage Guidelines
Use this command to configure the server information for a TACACS+ accounting
server.

To remove a server, use the following command:

unconfigure tacacs-accounting server [primary | secondary]

Use of the hostname parameter requires that DNS be enabled.

Example
The following command configures accounting server tacacs1 as the primary TACACS+
server for client switch 10.10.20.35 using a virtual router interface of VR-Default:
configure tacacs-accounting primary server tacacs1 client-ip 10.10.20.35 vr vr-Default

Example
The following command configures IPv6 server 1111::220 as the primary TACACS+
accounting server for client switch 1111::170 using virtual router interface of vr-mgmt:
# configure tacacs-accounting primary server 1111::220 client-ip 1111::170 vr vr-mgmt

History
This command was first available in ExtremeXOS 10.1.

IPv6 support was added in ExtremeXOS 32.6.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1491

configure tacacs-accounting shared-secret Commands

configure tacacs-accounting shared-secret

configure tacacs-accounting [primary | secondary] shared-secret
{encrypted encrypted_secret | secret }

Description
Configures the shared secret string used to communicate with the TACACS+
accounting server.

Syntax Description
primary Configures the authentication string for the primary
TACACS+ accounting server.
secondary Configures the authentication string for the secondary
TACACS+ accounting server.
string The string to be used for authentication.

Default
N/A.

Usage Guidelines
Secret needs to be the same as on the TACACS+ server.

The encrypted keyword is primarily for the output of the show configuration command,
so the shared secret is not revealed in the command output. Do not use it to set the
shared secret.

Example
The following command configures the shared secret as “tacacsaccount” on the
primary TACACS+ accounting server:

configure tacacs-accounting primary shared-secret tacacsaccount

History
This command was first available in ExtremeXOS 10.1.

The encrypted keyword was added in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

1492 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure tacacs-accounting timeout

configure tacacs-accounting timeout

configure tacacs-accounting timeout seconds

Description
Configures the timeout interval for TACACS+ accounting authentication requests.

Syntax Description
seconds Specifies the number of seconds for accounting requests.
Range is 3 to 120 seconds.

Default
The default is 3 seconds.

Usage Guidelines
This command configures the timeout interval for TACACS+ accounting authentication
requests.

To detect and recover from a TACACS+ accounting server failure when the timeout
has expired, the switch makes one authentication attempt before trying the next
designated TACACS+ accounting server or reverting to the local database for
authentication. In the event that the switch still has IP connectivity to the TACACS+
accounting server, but a TCP session cannot be established, (such as a failed TACACS+
daemon on the accounting server), failover happens immediately regardless of the
configured timeout value.

For example, if the timeout value is set for 3 seconds (the default value), it takes 3
seconds to fail over from the primary TACACS+ accounting server to the secondary
TACACS+ accounting server. If both the primary and the secondary servers fail or
are unavailable, it takes approximately 6 seconds to revert to the local database for
authentication.

Example
The following command configures the timeout interval for TACACS+ accounting
authentication to 10 seconds:

configure tacacs-accounting timeout 10

History
This command was first available in ExtremeXOS 10.1.

Switch Engine™ Command Reference Guide for version 32.7.1 1493

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure tech-support add collector

configure tech-support add collector [hostname | ip_address] tcp-port
port {vr vr_name} {from source_ip_address} {ssl [on | off]}

Description
This command adds collectors that the switch attempts to connect to for the purpose
of forwarding status reports. The collector is identified by its hostname or IP address.

This command also configures the initial value of the TCP port that the collector is
listening to, the VR name and source IP address that the switch uses to attempt to
connect to the collector, and the SSL mode whether the switch needs to turn SSL on or
off when it connects to the collector.

Syntax Description
hostname Host name of the collector.
ip_address IPv4 address of the collector.
tcp-port TCP port number that the collector is listening.
port Port number. The range is 1-65535.
vr vr_name Specifies the Virtual router and virtual router name. The default
name is VR-Mgmt.
from Specifies the source and the source IPv4 address. The default
source_ip_addr source is the IP address on VLAN Mgmt.
ess
ssl Specifies the Secure Sockets Layer.
on Specifies that SSL is on.
off Specifies that SSL is off.

Default
Disabled.

Usage Guidelines
This command adds collectors that the switch attempts to connect to for the purpose
of forwarding status reports. The collector is identified by its hostname or IP address.
Each added collector needs to have a unique hostname or IP address. If the specified
hostname or IP address has already existed, an error message ‘ERROR: The collector
1.1.1.1 already exists’ is displayed. Other commands use hostname or IP address to
specify the collector that the command reconfigures, deletes, runs reports for, or shows
configuration and status.

1494 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

This command also configures the initial value of the TCP port that the collector is
listening to, the VR name and source IP address that the switch uses to connect to
the collector, and the SSL mode that determines if the switch needs to turn SSL on/off
when connecting to the collector. The purpose of having a default collector configured
is to minimize the configuration required for a customer to enable techSupport.

Example
The following command adds a collector at address "1.1.1.1" listening to TCP port "1":
configure tech-support add collector 1.1.1.1 tcp-port 1

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure tech-support collector

configure tech-support collector [hostname | ip_address] tcp-port port
{vr vr_name} {from source_ip_address} {ssl [on | off]}

Description
This command reconfigures the TCP port, the VR, the Source IP Address, and SSL mode
of an existing collector.

Syntax Description
hostname Host name of the collector.
ip_address IPv4 address of the collector.
tcp-port TCP port number that the collector is listening.
port Port number. The range is 1-65535.
vr vr_name Specifies the Virtual router and virtual router name. The default
name is VR-Mgmt.
from Specifies the source and the source IPv4 address. The default
source_ip_addr source is the IP address on VLAN Mgmt.
ess
ssl Specifies the Secure Sockets Layer.
on Specifies that SSL is on.
off Specifies that SSL is off.

Switch Engine™ Command Reference Guide for version 32.7.1 1495

Default Commands

Default
Disabled.

Usage Guidelines
This command reconfigures the TCP port, the VR, the Source IP Address, and SSL mode
of an existing collector. The collector to be reconfigured is specified by its hostname
or IP address. If the specified collector does not exist, an error message ERROR: The
collector 1.1.1.1 does not exists is displayed.

Example
The following command reconfigures the tech support collector:

configure tech-support collector

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure tech-support collector data-set

configure tech-support collector [ all hostname | ip_address] data-set
[ summary | detail ]

Description
This command configures the amount and type of data that is included in the status
report for a collector.

Syntax Description
all Configures report data set for all existing collectors.
hostname Specifies the host name of the collector.
ip_address Specifies the IPv4 address of the collector.
data-set Specifies the report data set. The default is detail.
detail Specifies the output of show tech-support area for area general,
config, log, VLAN, and EPM.
summary Specifies the output of show tech-support all command.

1496 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
The default is detail.

Usage Guidelines
This command configures the amount and type of data that is included in the status
report for a collector. When you specify all, it configures a report data set for all
existing collectors; otherwise report data is set for a particular collector specified by the
hostname or IP address. When the data set is set to summary, the status report sent
by the switch includes installed ExtremeXOS and Bootrom image versions, the active
partition, serial number, equipment type, installed hardware options, stored SRAM
contents, basic switch configuration, and log messages. The output of the summary
option is collected from the show tech-support area command for the area general,
configuration, log, VLAN, and EPM. Changing the report data set to detail will send
the full output of the show tech command. When a collector is added, the data set is
set to detail.

Example
The following command example configures a specific collector to display a detailed
output set:

configure tech-support collector 65.222.234.14 data-set detail

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure tech-support collector frequency error-detected

configure tech-support collector [ all | hostname | ip_address]
frequency [bootup [on | off] | error-detected [on | off]| daily [on
{time hour} | off]]

Description
This command configures how often the switch sends status reports for a collector.

Syntax Description
all Configures report mode for all report collectors.
hostname Configures report mode based on the host name of the collector.

Switch Engine™ Command Reference Guide for version 32.7.1 1497

Default Commands

ip_address Configures report mode based on the IPv4 address of the collector.
bootup Send status report when the switch boots up. The default value is
on.
on Specifies that the status reporting is on at bootup.
off Specifies that the status reporting is off at bootup.
error-detected Specifies that a status report is sent when a critical severity event is
logged. The default value is off.
on Specifies that error-detected reporting is on.
off Specifies that error-detected reporting is off. This is the default
value.
daily Specifies that status reports are sent once a day. The default value is
off.
on time hour Specifies the time to send the report. Specifies the hour 0-23. The
default value is 0 (12:00AM).
off Specifies that the daily status reports are off. This is the default
value.

Default
Disabled.

Usage Guidelines
This command configures the frequency that the switch sends status reports for a
collector. By specifying all, it configures report frequency for all existing collectors;
otherwise it configures report frequency for a particular collector specified by the
hostname or IP address. If the bootup option is set to on, the switch sends a status
report when the switch boots up. If the error-detected option is set to on, the switch
sends a status report when a critical severity event is logged. If the daily option is set
to on, the switch sends a status report once a day regardless of the switchs' operational
status during the last 24 hour period.

Optionally, you can specify the hour that the report is sent. The default hour is 0,
and the valid range is 0 to 23, where 0 is 12:00 AM local time and 23 is 11:00 PM
local time. You can enable or disable each option (bootup, error-detected or daily)
independently. When all three options of a collector are turned off, the switch does
not send any status report to that collector even if the report mode of the collector is
set to automatic. When a collector is added, the bootup option is set to on, and the
error-detected and daily option is set to off.

Example
The following command example configures the report mode on all existing collectors:
configure tech-support collector all report

1498 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure tech-support collector report

configure tech-support collector [hostname | ip_address] report
[ automatic | manual ]

Description
This command configures the report mode for a collector.

Syntax Description
all Configures report mode for all report collectors.
hostname Configures report mode based on the host name of the collector.
ip_address Configures report mode based on the IPv4 address of the collector.
automatic Automatically reports switch status to the configured collector
(Default).
manual Manually reports switch status to the configured collector through
the run tech-support report.

Default
Disabled.

If enabled, the automatic collector is the default report setting.

Usage Guidelines
This command configures the report mode for a collector. When you specify all,
it configures report mode for all existing collectors, otherwise it configures report
mode for a particular collector specified by the hostname, or IP address. When the
report mode is set to automatic, the switch automatically attempts to connect to
the cloud-hosted collector, and reports the switch status information based on the
frequency and data set setting of the collector. Changing the configuration to manual
restricts reporting to user initiated mode using the run tech-support command for that
collector. When a collector is added, the report mode is set to automatic by default.

Switch Engine™ Command Reference Guide for version 32.7.1 1499

Example Commands

Example
The following command example configures the report mode on all existing collectors:

configure tech-support collector all report

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure tech-support delete collector

configure tech-support delete collector [ all | hostname | ip_address]

Description
This command deletes existing collectors.

Syntax Description
all Specifies that you delete all report collectors.
hostname Specifies the host name of the collector you want to delete.
ip_address Specifies the IPv4 address of the collector you want to delete.

Default
Disabled.

Usage Guidelines
This command deletes existing collectors. If you specify all, it deletes all existing
collectors; otherwise it deletes the collector specified by the hostname or IP address.
If the specified collector does not exist, an error message ERROR: The collector
1.1.1.1 does not exist is displayed.

Example
The following example deletes all collectors :

configure tech-support delete collector all

1500 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure telnet access-profile

configure telnet access-profile [ access_profile | [[add rule ] [first |
[[before | after] previous_rule]]] | delete rule | none ]

Description
Configures Telnet to use an ACL policy or ACL rule for access control.

Syntax Description
access_profile Specifies an ACL policy.
add Specifies that an ACL rule is to be added to the Telnet
application.
rule Specifies an ACL rule.
first Specifies that the new rule is to be added before all other
rules.
before Specifies that the new rule is to be added before a previous
rule.
after Specifies that the new rule is to be added after a previous
rule.
previous_rule Specifies an existing rule in the application.
delete Specifies that one particular rule is to be deleted.
none Specifies that all the rules or a policy file is to be deleted.

Default
Telnet is enabled with no ACL policies and uses TCP port 23.

Usage Guidelines
You must be logged in as administrator to configure Telnet parameters.

You can restrict Telnet access in the following ways:

• Implement an ACL policy file that permits or denies a specific list of IP addresses
and subnet masks for the Telnet port. You must create the ACL policy file before you
can use this command. If the ACL policy file does not exist on the switch, the switch
returns an error message indicating that the file does not exist.

Switch Engine™ Command Reference Guide for version 32.7.1 1501

Creating an ACL Policy File Commands

In the ACL policy file for Telnet, the “source-address” field is the only supported
match condition. Any other match conditions are ignored.

Use the none option to remove a previously configured ACL.

• Add an ACL rule to the Telnet application through this command. Once an ACL is
associated with Telnet, all the packets that reach a Telnet module are evaluated with
this ACL and appropriate action (permit or deny) is taken, as is done using policy
files.

The permit or deny counters are also updated accordingly regardless of whether
the ACL is configured to add counters. To display counter statistics, use the show
access-list counters process telnet command.

Only the following match conditions and actions are copied to the client memory.
Others that may be in the rule are not copied.

Match conditions:
• Source-address—IPv4 and IPv6
• Actions—Permit or Deny

When adding a new rule, use the first, before, and after previous_rule parameters to
position it within the existing rules.

If the Telnet traffic does not match any of the rules, the default behavior is deny. To
permit Telnet traffic that does not match any of the rules,add a permit all rule at the
end of the rule list.

Creating an ACL Policy File

To create an ACL policy file, use the edit policy command. For more information
about creating and implementing ACL policy files, see the Policy Manager and ACLs
chapters in the Switch Engine 32.7.1 User Guide.

If you attempt to implement a policy that does not exist on the switch, an error
message similar to the following appears:
Error: Policy /config/MyAccessProfile.pol does not exist on file system

If this occurs, make sure the policy you want to implement exists on the switch.
To confirm the policies on the switch, use the configure snmp add community
command. If the policy does not exist, create the ACL policy file.

Viewing Telnet Information

To display the status of Telnet, including the current TCP port, the virtual router used
to establish a Telnet session, and whether ACLs are controlling Telnet access, use the
following command: show management.

1502 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example applies the ACL policy MyAccessProfile_2 to Telnet:
configure telnet access-profile MyAccessProfile_2

The following example applies the ACL rule DenyAccess to the Telnet application in the
first position in the list:
configure telnet access-profile add DenyAccess first

The following example removes the association of a single ACL rule from the Telnet
application:
configure telnet access-profile delete DenyAccess

The following example removes the association of an ACL policy or all ACL rules from
the Telnet application:
configure telnet access-profile none

History
This command was first available in ExtremeXOS 11.2.

Support for ACL rules for Telnet was added in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure telnet port

configure telnet port [portno | default]

Description
Configures the TCP port used by Telnet for communication.

Syntax Description
portno Specifies a TCP port number. The default is 23. The range
is 1 through 65535. The following TCP port numbers are
reserved and cannot be used for Telnet connections: 22, 80,
and 1023.
default Specifies the default Telnet TCP port number. The default
is 23.

Default
The switch listens for Telnet connections on Port 23.

Switch Engine™ Command Reference Guide for version 32.7.1 1503

Usage Guidelines Commands

Usage Guidelines
You must be logged in as administrator to configure the Telnet port.

The portno range is 1 through 65535. The following TCP port numbers are reserved and
cannot be used for Telnet connections: 22, 80, and 1023. If you attempt to configure a
reserved port, the switch displays an error message similar to the following:

configure telnet port 22

Error: port number is a reserved port

If this occurs, select a port number that is not a reserved port.

The switch accepts IPv6 connections.

Example
The following command changes the port used for Telnet to port 85:

configure telnet port 85

The following command returns the port used for Telnet to the default port of 23:

configure telnet port default

History
This command was first available in ExtremeXOS 10.1.

Support for IPv6 connections was added in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure telnet vr
configure telnet vr [all | default | vr_name]

Description
Configures the virtual router used on the switch for listening for Telnet connections.

1504 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
all Specifies to use all virtual routers for Telnet connections.
default Specifies to use the default virtual router for Telnet
connections. The default router is VR-Mgmt.
vr_name Specifies the name of the virtual router to use for Telnet
connections.
NOTE: User-created VRs are supported only on the
platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

The default is all.

Usage Guidelines
You must be logged in as administrator to configure the virtual router.

The switch accepts IPv6 connections.

If you specify all, the switch listens on all of the available virtual routers for Telnet
connections.

The vr_name specifies the name of the virtual router to use for Telnet connections.

If you specify a virtual router name that does not exist, the switch displays an error
message similar to the following:
configure telnet vr vr-ttt ^ %% Invalid input detected at '^' marker.

Example
The following command configures the switch to listen for and receive Telnet requests
on all virtual routers:
configure telnet vr all

History
This command was first available in ExtremeXOS 11.0.

Support for IPv6 was added in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure time
configure time month day year hour min sec

Switch Engine™ Command Reference Guide for version 32.7.1 1505

Description Commands

Description
Configures the system date and time.

Syntax Description
month Specifies the month. The range is 1-12.
day Specifies the day of the month. The range is 1-31.
year Specifies the year in the YYYY format.The range is 2003 to
2036.
hour Specifies the hour of the day. The range is 0 (midnight) to
23 (11 pm).
min Specifies the minute. The range is 0-59.
sec Specifies the second. The range is 0-59.

Default
N/A.

Usage Guidelines
The format for the system date and time is as follows:

mm dd yyyy hh mm ss

The time uses a 24-hour clock format. You cannot set the year earlier than 2003 or past
2036. You have the choice of inputting the entire time/date string. If you provide one
item at a time and press [Tab], the screen prompts you for the next item. Press [cr] to
complete the input.

Example
The following command configures a system date of February 15, 2002 and a system
time of 8:42 AM and 55 seconds:

configure time 02 15 2002 08 42 55

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

1506 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure timezone

configure timezone
configure timezone {name tz_name} GMT_offset {autodst {name
dst_timezone_ID} {dst_offset} {begins [every floatingday | on
absoluteday] {at time_of_day} {ends [every floatingday | on
absoluteday] {at time_of_day}}} | noautodst}

Description
Configures the Greenwich Mean Time (GMT) offset and Daylight Saving Time (DST)
preference.

Syntax Description
tz_name Specifies an optional name for this timezone specification.
May be up to six alphabetic characters in length. The
default is an empty string.
GMT_offset Specifies a Greenwich Mean Time (GMT) offset, in + or -
minutes.
autodst Enables automatic Daylight Saving Time.
dst-timezone-ID Specifies an optional name for this DST specification. May
be up to six characters in length. The default is an empty
string.
dst_offset Specifies an offset from standard time, in minutes. Value is
in the range of 1 to 60. Default is 60 minutes.
floatingday Specifies the day, week, and month of the year to begin or
end DST each year. Format is: week day month where:
week is specified as [first | second | third | fourth | last] or 1-5.
day is specified as [sunday | monday | tuesday | wednesday
| thursday | friday | saturday] or 1-7 (where 1 is Sunday).
month is specified as [january | february | march | april |
may | june | july | august | september | october | november
| december] or 1-12.
Default for beginning is second sunday march; default for
ending is first sunday november.
absoluteday Specifies a specific day of a specific year on which to begin
or end DST. Format is: month day year where:
month is specified as 1-12. day is specified as 1-31. year is
specified as 2003-2035.
The year must be the same for the begin and end dates.
time_of_day Specifies the time of day to begin or end Daylight
Saving Time. May be specified as an hour (0-23) or as
hour:minutes. Default is 2:00.
noautodst Disables automatic Daylight Saving Time.

Switch Engine™ Command Reference Guide for version 32.7.1 1507

Default Commands

Default
Autodst, beginning every second Sunday in March, and ending every first Sunday in
November.

Usage Guidelines
Network Time Protocol (NTP) server updates are distributed using GMT time.

To properly display the local time in logs and other timestamp information, the switch
should be configured with the appropriate offset to GMT based on geographic location.

The GMT_offset is specified in +/- minutes from the GMT time.

Automatic DST changes can be enabled or disabled. The default configuration, where
DST begins on the second Sunday in March at 2:00 AM and ends the first Sunday in
November at 2:00 AM, applies to most of North America (beginning in 2007), and can
be configured with the following syntax: configure timezone GMT_offst autodst.

The starting and ending date and time for DST may be specified, as these vary in time
zones around the world.
• Use the every keyword to specify a year-after-year repeating set of dates (for
example, the last Sunday in March every year).
• Use the on keyword to specify a non-repeating, specific date for the specified year. If
you use this option, you will need to specify the command again every year.
• The begins specification defaults to every second Sunday in March.
• The ends specification defaults to every first sunday november.
• The ends date may occur earlier in the year than the begins date. This will be the
case for countries in the Southern Hemisphere.
• If you specify only the starting or ending time (not both) the one you leave
unspecified will be reset to its default.
• The time_of_day specification defaults to 2:00.
• The timezone IDs are optional. They are used only in the display of timezone
configuration information in the show switch command.

To disable automatic DST changes, re-specify the GMT offset using the noautodst
option: configure timezone gmt_offst noautodst.

Greenwich Mean Time offsets

NTP updates are distributed using GMT time. To properly display the local time in
logs and other timestamp information, the switch should be configured with the

1508 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Greenwich Mean Time offsets

appropriate offset to GMT based on geographical location. configure timezone on page

1507 describes the GMT offsets.

GMT GMT Common Time Zone Cities

Offset in Offset in References
Hours Minutes
+0:00 +0 GMT - Greenwich Mean London, England; Dublin,
UT or UTC - Universal Ireland; Edinburgh, Scotland;
(Coordinated) Lisbon, Portugal; Reykjavik,
Iceland; Casablanca, Morocco
WET - Western European
-1:00 -60 WAT - West Africa Cape Verde Islands
-2:00 -120 AT - Azores Azores
-3:00 -180 Brasilia, Brazil; Buenos Aires,
Argentina; Georgetown, Guyana;
-4:00 -240 AST - Atlantic Standard Caracas; La Paz
-5:00 -300 EST - Eastern Standard Bogota, Columbia; Lima, Peru;
New York, NY, Trevor City, MI USA
-6:00 -360 CST - Central Standard Mexico City, Mexico
-7:00 -420 MST - Mountain Standard Saskatchewan, Canada
-8:00 -480 PST - Pacific Standard Los Angeles, CA, Cupertino, CA,
Seattle, WA USA
-9:00 -540 YST - Yukon Standard
-10:00 -600 AHST - Alaska-Hawaii Standard
CAT - Central Alaska
HST - Hawaii Standard
-11:00 -660 NT - Nome
-12:00 -720 IDLW - International Date Line
West
+1:00 +60 CET - Central European Paris, France; Berlin, Germany;
FWT - French Winter Amsterdam, The Netherlands;
Brussels, Belgium; Vienna,
MET - Middle European Austria; Madrid, Spain; Rome,
MEWT - Middle European Italy; Bern, Switzerland;
Winter Stockholm, Sweden; Oslo,
SWT - Swedish Winter Norway
+2:00 +120 EET - Eastern European, Russia Athens, Greece; Helsinki, Finland;
Zone 1 Istanbul, Turkey; Jerusalem,
Israel; Harare, Zimbabwe
+3:00 +180 BT - Baghdad, Russia Zone 2 Kuwait; Nairobi, Kenya; Riyadh,
Saudi Arabia; Moscow, Russia;
Tehran, Iran
+4:00 +240 ZP4 - Russia Zone 3 Abu Dhabi, UAE; Muscat; Tblisi;
Volgograd; Kabul
+5:00 +300 ZP5 - Russia Zone 4

Switch Engine™ Command Reference Guide for version 32.7.1 1509

Example Commands

GMT GMT Common Time Zone Cities

Offset in Offset in References
Hours Minutes
+5:30 +330 IST – India Standard Time New Delhi, Pune, Allahabad,
India
+6:00 +360 ZP6 - Russia Zone 5
+7:00 +420 WAST - West Australian
Standard
+8:00 +480 CCT - China Coast, Russia Zone
7
+9:00 +540 JST - Japan Standard, Russia
Zone 8
+10:00 +600 EAST - East Australian
Standard
GST - Guam Standard
Russia Zone 9
+11:00 +660
+12:00 +720 IDLE - International Date Line Wellington, New Zealand; Fiji,
East Marshall Islands
NZST - New Zealand Standard
NZT - New Zealand
+13:00 +780 PHOT-Phoenix Island Time Kanton Island
+14:00 +840 LINT-Line Islands Time Kiritimati

For name creation guidelines and a list of reserved names, see Object Names in the
Switch Engine 32.7.1 User Guide.

Example
The following example configures GMT offset for Mexico City, Mexico and disables
automatic DST:
# configure timezone -360 noautodst

The following four commands are equivalent, and configure the GMT offset and
automatic DST adjustment for the US Eastern timezone, with an optional timezone
ID of EST:
3 configure timezone name EST -300 autodst name EDT 60 begins every second sunday march
at 2 ends every first sunday november at 2:00
# configure timezone name EST -300 autodst name EDT 60 begins every 1 1 4 at 2:00 ends
every 5 1 10 at 2:00
# configure timezone name EST -300 autodst name EDT
# configure timezone -300 autodst

The following example configures the GMT offset and automatic DST adjustment for
the Middle European timezone, with the optional timezone ID of MET:
# configure timezone name MET 60 autodst name MDT begins every last sunday march at 1
ends every last sunday october at 1

1510 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The following command configures the GMT offset and automatic DST adjustment for
New Zealand. The ending date must be configured each year because it occurs on the
first Sunday on or after March 5:
# configure timezone name NZST 720 autodst name NZDT 60 begins every first sunday october
at 2 ends on 3/16/2002 at 2

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure trusted-ports trust-for dhcp-server

configure trusted-ports [ports|all] trust-for dhcp-server

Description
Configures one or more trusted DHCP ports.

Syntax Description
ports Specifies one or more ports to be configured as trusted
ports.
all Specifies all ports to be configured as trusted ports.

Default
N/A.

Usage Guidelines
To configure trusted DHCP ports, you must first enable DHCP snooping on the switch.
To enable DHCP snooping, use the following command:
enable ip-security dhcp-snooping {vlan} vlan_name ports [all |
ports] violation-action [drop-packet {[block-mac | block-port]
[durationduration_in_seconds | permanently] | none]}] {snmp-trap}

Trusted ports do not block traffic; rather, the switch forwards any DHCP server packets
that appear on trusted ports. Depending on your DHCP snooping configuration,
the switch drops packets and can disable the port temporarily, disable the port
permanently, blackhole the MAC address temporarily, blackhole the MAC address
permanently, and so on.

Switch Engine™ Command Reference Guide for version 32.7.1 1511

Displaying DHCP Trusted Server Information Commands

If you configure one or more trusted ports, the switch assumes that all DHCP server
packets on the trusted port are valid.

Displaying DHCP Trusted Server Information

To display the DHCP snooping configuration settings, including DHCP trusted ports if
configured, use the following command: show ip-security dhcp-snooping {vlan}
vlan_name

To display any violations that occur, including those on DHCP trusted ports
if configured, use the following command: show ip-security dhcp-snooping
violations {vlan} vlan_name

Example
The following command configures ports 2:2 and 2:3 as trusted ports:

configure trusted-ports 2:2-2:3 trust-for dhcp-server

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure trusted-servers add server

configure trusted-servers [dynamic vlan_id |{vlan} vlan_name] add server
ip_address trust-for dhcp-server

Description
Configures and enables a trusted DHCP server on the switch.

Syntax Description
vlan_name Specifies the VLAN name.
dynamic Configuration options for dynamically created VLANs.
vlan_id VLAN ID tag between 1 and 4,094.
ip_address Specifies the IP address of the trusted DHCP server.

Default
N/A.

1512 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
If you configured trusted DHCP server, the switch forwards only DHCP packets from
the trusted servers. The switch drops DHCP packets from other DHCP snooping-
enabled ports.

You can configure a maximum of eight trusted DHCP servers on the switch.

If you configure a port as a trusted port, the switch assumes that all DHCP server
packets on that port are valid.

Displaying DHCP Trusted Server Information

To display the DHCP snooping configuration settings, including DHCP trusted servers if
configured, use the following command:
show ip-security dhcp-snooping {vlan} vlan_name

To display any violations that occur, including those on the DHCP trusted servers if
configured, use the following command:
show ip-security dhcp-snooping violations {vlan} vlan_name

Example
The following command configures a trusted DHCP server on the switch:
configure trusted-servers vlan purple add server 10.10.10.10 trust-for dhcp-server

History
This command was first available in ExtremeXOS 11.6.

Dynamic VLAN and VLAN ID options added in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure trusted-servers delete server

configure trusted-servers [dynamic vlan_id |vlan vlan_name] delete
server ip_address trust-for dhcp-server

Description
Deletes a trusted DHCP server from the switch.

Switch Engine™ Command Reference Guide for version 32.7.1 1513

Syntax Description Commands

Syntax Description
vlan_name Specifies the VLAN name.
ip_address Specifies the IP address of the trusted DHCP server.
dynamic Configuration options for dynamically created VLANs.
vlan_id VLAN ID tag between 1 and 4,094.

Default
N/A.

Usage Guidelines
Use this command to delete a trusted DHCP server from the switch.

Displaying DHCP Trusted Server Information

To display the DHCP snooping configuration settings, including DHCP trusted servers if
configured, use the following command:
show ip-security dhcp-snooping {vlan} vlan_name

To display any violations that occur, including those on the DHCP trusted servers if
configured, use the following command:
show ip-security dhcp-snooping violations {vlan} vlan_name

Example
The following command deletes a trusted DHCP server from the switch:

configure trusted-servers vlan purple delete server 10.10.10.10 trust-for dhcp-server

History
This command was first available in ExtremeXOS 11.6.

Dynamic VLAN and VLAN ID options added in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

configure tunnel ipaddress

configure tunnel tunnel_name ipaddress [ipv6-link-local | {eui64}
ipv6_address_mask ]

1514 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures an IPv6 address/prefix on a tunnel.

Syntax Description
tunnel_name Specifies an IPv6 tunnel.
ipv6-link-local Specifies the link-local address for a tunnel.
eui64 Specifies an EUI64 interface identifier for the lower 64 bits
of the address.
ipv6_address_mask Specifies an IPv6 address / IPv6 prefix length.

Default
N/A.

Usage Guidelines
This command will configure an IPv6 address/prefix route on the specified tunnel.

6to4 tunnels must follow the standard address requirement. The address must
be of the form 2002:IPv4_source_endpoint::/16, where IPv4_source_endpoint is
replaced by the IPv4 source address of the endpoint, in hexadecimal, colon separated
form. For example, for a tunnel endpoint located at IPv4 address 10.20.30.40, the tunnel
address would be 2002:a14:1e28::/16. In hex, 10 is a, 20 is 14, 30 is 1e and 40 is 28.

6in4 tunnels have no restrictions on their address format or prefix allocations.

Note
This command does not work for GRE tunnels. The following error message is
displayed:
Error: IPv6 addresses can not be configured on GRE type tunnels!

Example
The following example configures the 6in4 tunnel "link39" with the IPv6 link-local
address:
configure tunnel link39 ipaddress ipv6-link-local

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 interworking feature in
the Switch Engine 32.7.1 Feature License Requirements document..

Switch Engine™ Command Reference Guide for version 32.7.1 1515

configure tunnel ip tcp adjust-mss Commands

configure tunnel ip tcp adjust-mss

configure tunnel tunnel_name ip tcp adjust-mss [off | on tcp_mss_value]

Description
Adjusts the TCP Maximum Segment Size (MSS) on GRE Tunnel.

Syntax Description
tunnel_name Specifies an IPv4 tunnel name.
ip Specifies IP networking.
tcp Specifies the TCP protocol.
adjust-mss Specifies to adjust the TCP payload MSS.
off Specifies to turn off TCP MSS adjustment (Default).
on Specifies to turn on TCP MSS adjustment.
tcp_mss_value Specifies the value of TCP MSS in bytes. Range is 536-9130.

Default
Off.

Usage Guidelines
This command is only available for GRE Tunnel.

For the tcp_mss_value option, because it is an adjustment, there is no default value.

When TCP MSS is off, the value is ignored.

Example
The following example configures tcp adjust-mss for tunnel "mytunnel" with an adjust-
mss value of 1300:
configure tunnel mytunnel ip tcp adjust-mss on 1300

History
This command was first available in ExtremeXOS 31.6.

Platform Availability
This command is available on the platforms listed for the IPv6 interworking feature in
the Switch Engine 32.7.1 Feature License Requirements document..

1516 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure tunnel ipv6 tcp adjust-mss

configure tunnel ipv6 tcp adjust-mss

configure tunnel tunnel_name ipv6 tcp adjust-mss [off | on
tcp_mss_value]

Description
Adjusts the TCP Maximum Segment Size (MSS) on GRE Tunnel.

Syntax Description
tunnel_name Specifies an IPv6 tunnel name.
ipv6 Specifies IPv6 networking.
tcp Specifies the TCP protocol.
adjust-mss Specifies to adjust the TCP payload MSS.
off Specifies to turn off TCP MSS adjustment (Default).
on Specifies to turn on TCP MSS adjustment.
tcp_mss_value Specifies the value of TCP MSS in bytes. Range is 536-9110.

Default
Off.

Usage Guidelines
This command is only available for GRE Tunnel.

For the tcp_mss_value option, because it is an adjustment, there is no default value.

When TCP MSS is off, the value is ignored.

Example
The following example configures tcp adjust-mss for tunnel "mytunnel" with an adjust-
mss value of 1300:
configure tunnel mytunnel ipv6 tcp adjust-mss on 1300

History
This command was first available in ExtremeXOS 32.3.

Platform Availability
This command is available on the platforms listed for the IPv6 interworking feature in
the Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 1517

configure twamp endpoint Commands

configure twamp endpoint

configure twamp [add | delete] endpoint {vr name} ipaddress ip port
udp_port

Description
This command allows you to add and delete the TWAMP endpoints.

Syntax Description
ip The endpoint IP address, either IPv4 or IPv6.
udp_port The UDP port the endpoint will listen on; range is 1025 -
65535
name An optional VR may be used; default is VR-Default.

Default
N/A.

Usage Guidelines
Use this command to add and delete the TWAMP endpoints. The user specifies the IP
address and UDP port number for the endpoint. Removing the endpoint terminates all
test sessions associated with the endpoint.

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure twamp key-id

configure twamp [ add | delete ] key-id key_name shared_secret

Description
This command configures the shared secret used for authentication and encryption.

1518 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
key_name The 80 octet KeyID field in the Set-Up-Response control
message from RFC 4656.
shared_secret The shared secret passphrase, which is used to derive the
shared secret key, as defined in RFC 5357.

Default
N/A.

Usage Guidelines
None.

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure twamp reflector

configure twamp reflector [{sessions count} {timeout ref_wait}]

Description
This command allows you to modify the number of test sessions to support and
timeout value for those test sessions.

Syntax Description
count Range 0 – 2000 entries; default 2000.
ref_wait Range 30 – 3600 seconds; default 900 seconds.

Default
count = 2000

ref_wait = 900

Usage Guidelines
The timeout value is the REFWAIT value specified in RFC 5357.

Switch Engine™ Command Reference Guide for version 32.7.1 1519

History Commands

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure twamp server

configure twamp server [{sessions count} {timeout serv_wait}]

Description
This command allows you to modify the number of concurrent TWAMP control
sessions to support and the timeout value for those control sessions.

Syntax Description
count Range 1 - 64.
serv_wait Range 30 - 3600 seconds.

Default
count = 64

serv_wait = 900

Usage Guidelines
The application terminates the control session if the timeout value expires without the
reception of a TWAMP-Control message. This value is the SERVWAIT value specified in
RFC 5357.

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure upm event

configure upm event upm-event profile profile-name ports port_list

1520 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures a pre-defined event that triggers the named profile.

Syntax Description
upm-event Specifies a pre-defined event type: device-detect, device-
undetected, user-authenticate, user-unauthenticated.
profile-name Specifies the profile to be configured.
port-list Attaches the UPM profile to the specified port(s).

Default
N/A.

Usage Guidelines
This command configures a profile to be executed when the specified event occurs on
the specified port(s).

You can configure multiple user profiles on the same port(s).

Example
The following example shows how to configure a profile on port 1:1, called “profile 1” that
is triggered by the event “device-detect”:

# configure upm event device-detect profile "p1" ports 1:1

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the Universal Port feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure upm profile maximum execution-time

configure upm profile profile-name maximum execution-time seconds

Description
Defines a maximum execution period for a profile.

Switch Engine™ Command Reference Guide for version 32.7.1 1521

Syntax Description Commands

Syntax Description
seconds Defines the execution period in seconds. The range is 2 to
4294967295 seconds.

Default
30 seconds.

Usage Guidelines
If you make a mistake while configuring a profile and the profile loops, it will loop
until the end of the maximum execution period. While testing new profiles, consider
configuring a relatively short execution time so that any accidental loops do not create
long delays during testing.

Example
The following example sets the execution period to 10 seconds:
configure upm profile test maximum execution-time 10

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the Universal Port feature, see the
Switch Engine 32.7.1 Feature License Requirements document.opic/ph "/>

configure upm timer after

configure upm timer timer-name after time-in-secs {every seconds}

Description
Creates and names a UPM timer that is activated after the specified time in seconds.

Syntax Description
timer-name Specifies the name of the UPM timer to be created.
time-in-secs Configures the interval after which the UPM timer is
activated.
seconds Configures the UPM timer to be activated after every
instance of the specified interval.

1522 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
Use this command to configure a timer that activates after the specified time. This is
useful for deployment in CLI scripts, because you do not know what the current time
will be when the script executes.

When a switch configuration is saved or restored, the UPM timers are activated only at
the predetermined timings that were originally configured with the start time.

The periodic timer configured with the every keyword and the one-time timer
configured with only the after keyword have a maximum range of one year in seconds
(31,622,400 seconds).

Example
The following example configures the UPM timer “A” to be activated every 10 seconds,
after an interval of 20 seconds:
configure upm timer "timerA" after 20 every 10

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the Universal Port feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure upm timer at

configure upm timer timer-name at month day year hour min secs {every
seconds}

Description
Use this command to configure the time setting on a UPM timer.

Syntax Description
timer-name Specifies the name of the UPM timer to be created.
month Configures the month when the UPM timer is activated.
day Configures the day when the UPM timer is activated.

Switch Engine™ Command Reference Guide for version 32.7.1 1523

Default Commands

year Configures the year when the UPM timer is activated.

hour Configures the hour when the UPM timer is activated.
min Configures the minute when the UPM timer is activated.
secs Configures the second when the UPM timer is activated.
seconds Configures the UPM timer to be activated at every instance of the
specified interval.

Default
N/A.

Usage Guidelines
Use this command to when you know the exact time you want an event to execute. If
you use this command without the every keyword, the timer is activated once at the
specified time. The every keyword configures a periodic timer that is activated at every
instance of the time specified in seconds.

When a switch configuration is saved or restored, the UPM timers are activated only at
the predetermined timings that were originally configured with the start time.

Example
The following example shows how to configure a timer, T1, that is activated every 10
seconds beginning at 1400 hours on October 16, 2006:

# configure upm timer "t1" at 10 16 2006 14 00 00 every 10

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the Universal Port feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure upm timer profile

configure upm timer timer-name profile profileName

Description
Associates a profile with a UPM timer.

1524 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
timer-name Specifies the name of the UPM timer to be associated with
the named profile.
profileName Specifies the name of the profile to be associated with the
UPM timer.

Default
N/A.

Usage Guidelines
Each timer can be attached to only one profile. Once a timer is configured to a profile,
it must be unconfigured from that profile before it can be configured to a different
profile.

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the Universal Port feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure virtual-network
configure virtual-network vn_name [add | delete] [{vlan vlan_name} |
{vman vman_name | dynamic {vlan} vlan_id]

Description
This command adds/removes a tenant VLAN or VMAN to a virtual network.

Syntax Description
vn_name Alphanumeric string indentifying the Virtual Network to be
configured.
add Add a tenant VLAN to the Virtual Network.
delete Delete a tenant VLAN from the Virtual Network.
vlan Specifies VLAN.
vlan_name Name of the tenant VLAN.
vman Specifies VMAN.

Switch Engine™ Command Reference Guide for version 32.7.1 1525

Default Commands

vman_name Name of the tenant VMAN.

dynamic Specifies configuring options for dynamically created
VLANs.
Adds dynamic VLAN’s VID to a VNET. You can save this to
the configuration and is it persistent across reboots. After
reboot when a dynamic VLAN gets created with matching
VID, the VLAN is internally applied to the VNET, so that you
do not need to reconfigure this every time after reboot.
vlan Add or delete a tenant VLAN to the Virtual Network
vlan_id VLAN ID tag between 2 and 4,094.

Default
N/A.

Usage Guidelines
Only a single VLAN/VMAN can be added to a virtual network.

Example
The following example adds a VLAN to an existing virtual network:
# configure virtual-network my_virtual_network add vlan vlan100

The following example removes a VLAN from an existing virtual network:

# configure virtual-network my_virtual_network delete vlan vlan100

The following example adds dynamic VLANs with VID 100 to virtual network
"my_virtual_network":
# configure virtual-network my_virtual_network add dynamic vlan 100

History
This command was first available in ExtremeXOS 21.1.

VMAN option added in ExtremeXOS 22.1.

Configuring dynamic VLANs as tenant VLANs was added in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

configure virtual-network add network ports

configure virtual-network add network ports [all | portlist]

1526 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Add ports that can terminate tunnels carrying VXLAN or NVGRE encapsulated traffic.

Syntax Description
add Add to existing overlay tunnel termination configuration.
network Configuration related to underlay network.
ports Select ports that can terminate tunnels carrying VXLAN or
NVGRE encapsulated traffic.
all Select all ports.
portlist Lists ports to be added.

Default
N/A.

Example
The following example adds ports 1–10 to terminate tunnels carrying VXLAN or NVGRE
encapsulated traffic:
configure virtual-network add network ports 1-10

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

configure virtual-network delete network ports

configure virtual-network delete network ports [all | portlist]

Description
Deletes ports that can terminate tunnels carrying VXLAN or NVGRE encapsulated
traffic.

Syntax Description
delete Delete from existing overlay tunnel termination
configuration.
network Configuration related to underlay network.

Switch Engine™ Command Reference Guide for version 32.7.1 1527

Default Commands

ports Remove ports that can terminate tunnels carrying VXLAN

or NVGRE encapsulated traffic.
all Select all ports.
portlist Lists ports to be deleted.

Default
N/A.

Example
The following example deletes ports 1–10 to terminate tunnels carrying VXLAN or
NVGRE encapsulated traffic:
configure virtual-network delete network ports 1-10

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

configure virtual-network dynamic

configure virtual-network dynamic [on | off]

Description
Globally controls enabling or disabling auto-creation of virtual networks.

Syntax Description
virtual-network Virtual overlay network.
dynamic Configure creation of dynamic virtual networks.
on Enable creation of dynamic virtual networks by
applications such as BGP Auto-peering.
off Disable creation of dynamic virtual networks by
applications such as BGP Auto-peering (default).

Default
By default, automatic creation of virtual networks is disabled.

1528 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Creating or deleting BGP Auto-peering enables or disables automatic virtual network
creation.

You can view the setting from this command in the show virtual-network {vn_name
| vxlan vni vni | [vlan vlan_name | vman vman_name]} command.

Example
The following example enables automatic creation of virtual networks:
# configure virtual-network dynamic on

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

configure virtual-network flooding

configure virtual-network vn_name flooding [standard | multicast {group
[<grpipaddress> | none]}]

Description
This command modifies the flooding mode of an existing virtual network.

Syntax Description
vn_name Alphanumeric string identifying the Virtual Network to be
configured.
standard Head-end replication to remote endpoints with standard
L2 flooding to tenant ports.
multicast Multicast flooding to remote endpoints with standard L2
flooding to tenant ports.
group Configure multicast group for flooding of unknown-
destination frames (automatically assigned if unspecified).
grpipaddress IPv4 multicast group address to be used for flooding.
none Unconfigure multicast group. Flooding changes to auto-
assigned multicast group.

Switch Engine™ Command Reference Guide for version 32.7.1 1529

Default Commands

Default
Standard.

Usage Guidelines
For auto-assigning multicast groups, you must configure the following command:
configure virtual-network multicast group.

This command is not allowed on dynamic virtual networks.

Example
To configure multicast flooding mode (group is auto-assigned):
configure virtual-network my_virtual_network flooding multicast

To configure multicast flooding mode specifying a multicast group:

configure virtual-network my_virtual_network flooding multicast group 232.1.1.1

To unconfigure multicast group (flooding changes to auto-assigned group):

configure virtual-network my_virtual_network flooding multicast none

To configure standard flooding mode:

configure virtual-network my_virtual_network flooding standard

History
This command was first available in ExtremeXOS 31.2.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

configure virtual-network local endpoint

configure virtual-network local-endpoint [ ipaddress ipaddress { vr
vr_name } | none ]

Description
This command configures a local IPv4 address to be used as SIP for encapsulated
packets.

1530 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
ipaddress Configure the IP address to be used as source IP address
for VXLAN packets encapsulated by this gateway.
ipaddress An existing interface IPv4 address.
vr VR/VRF instance the IPv4 address is configured on.
vr_name An existing VR/VRF name.
none Remove existing IP address configuration for the local
tunnel endpoint for this virtual router.

Default
VR-Default.

Usage Guidelines
The address must have been configured as an interface address prior to issuing this
command. Although not mandatory, it is strongly recommended that a loopback VLAN
IP address be used as the local IP address for tunnels. “VR-Default” is the default for
VR/VRF name. ExtremeXOS checks if the given IP address is configured on the VR/VRF.
If not configured, the command fails with an appropriate error message. This release
of ExtremeXOS supports tunnel termination on a single VR/VRF. That VR/VRF can be a
user created. If you intend to change the IP address or the VR/VRF, you can re-issue the
same command with a different IP address to effect the change.

Example
To configure a local tunnel endpoint IP address in a user created VR/VRF:
configure virtual-network local-endpoint ipaddress 10.10.10.1 vr VR-User

To change a local tunnel endpoint to a different IP address within the same VR/VRF:
configure virtual-network local-endpoint ipaddress 20.20.20.1 vr VR-User

To unconfigure a local tunnel endpoint IP address:

configure virtual-network local-endpoint none

To change a local tunnel endpoint to a different IP address in a different VR/VRF:

configure virtual-network local-endpoint ipaddress 10.10.10.1 vr VR-Default

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

Switch Engine™ Command Reference Guide for version 32.7.1 1531

configure virtual-network monitor Commands

configure virtual-network monitor

configure virtual-network vn_name monitor [ on | off ]

Description
Use this command to enable or disable statistics monitoring (byte/packet counters) on
a Virtual Network.

Syntax Description
vn_name Alphanumeric string identifying the Virtual Network to be
configured.
on Enable statistics.
off Disable statistics.

Default
N/A.

Usage Guidelines
N/A.

Example
To enable statistics monitoring on an existing Virtual Network:
configure virtual-network vnet1 monitor on

To disable statistics monitoring on an existing Virtual Network

configure virtual-network vnet1 monitor off

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

configure virtual-network multicast group

configure virtual-network multicast group [grpipaddress netmask | none]

1532 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
This command is used to configure multicast group range to be used for auto-assigned
groups.

Syntax Description
grpipaddress IPv4 multicast group range for flooding of unknown
destination frames
netmask IPv4 multicast group address netmask (format 255.x.x.x).
none Unconfigure multicast group range.

Default
Standard.

Usage Guidelines

Example
configure virtual-network multicast group 232.1.1.1 255.255.255.255

History
This command was first available in ExtremeXOS 31.2.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

configure virtual-network name

configure virtual-network vn_name name new_name

Description
Renames virtual networks.

Syntax Description
virtual-network Configures virtual networks.
vn_name Specifies the virtual network to be renamed.
name Selects renaming the virtual network.
new_name Specifies the new name for the virtual network.

Switch Engine™ Command Reference Guide for version 32.7.1 1533

Default Commands

Default
N/A.

Usage Guidelines
Dynamically created virtual networks are not saved to the configuration. When a
dynamically created virtual network is renamed, the virtual network becomes static
and is saved to the configuration.

Example
The following example changes the name of the virtual network from "vn1" to "vn2":
# configure virtual-network vn name vn2

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

configure virtual-network remote-endpoint vxlan ipaddress

configure virtual-network vn_name [add | delete] remote-endpoint vxlan
ipaddress ipaddress {vr vr_name}

Description
Use this command to add or remove a remote endpoint to a virtual network.

Syntax Description
vn_name Alphanumeric string identifying the Virtual Network to be
configured.
add Add configuration to the virtual network.
delete Delete configuration from the virtual network.
ipaddress A remote endpoint IP address.
vr VR/VRF instance the remote endpoint is associated with.
vr_name An existing VR/VRF name.

Default
VR-Default.

1534 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This command is only valid when the virtual network is operating in “flooding standard”
mode. The remote endpoint will receive unknown destination frames of all types that
enter the virtual network from the local endpoint. For "explicit-remotes" flooding mode,
the remote endpoints are added when BUM FDB entries are added.

Example
To add a remote endpoint to an existing Virtual Network:
configure virtual-network my_virtual_network add remote-endpoint vxlan ipaddress 1.2.3.4

To remove a remote endpoint from an existing Virtual Network:

configure virtual-network my_virtual_network delete remote-endpoint vxlan ipaddress
1.2.3.4

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

configure virtual-network remote-endpoint vxlan ipaddress monitor

configure virtual-network remote-endpoint vxlan ipaddress ipaddress { vr
vr_name } monitor [ on | off ]

Description
This command enables or disables statistics monitoring (byte/packet counters) on a
Virtual Network remote endpoint.

Syntax Description
ipaddress An existing interface IPv4 address.
vr VR/VRF instance the IPv4 address is configured on.
vr_name An existing VR/VRF name.
on Enable statistics.
off Disable statistics.

Default
Off.

Switch Engine™ Command Reference Guide for version 32.7.1 1535

Usage Guidelines Commands

Usage Guidelines
The command applied on dynamic remote endpoint is not saved to the configuration.
If you want it to be saved, convert the remote endpoint to static using the command
create virtual-network remote-endpoint vxlan ipaddress ipaddress {vr
vr_name}.

Example
To enable statistics monitoring on an existing Virtual Network remote endpoint:
configure virtual-network remote-endpoint vxlan ipaddress 10.10.10.146 monitor on

To disable statistics monitoring on an existing Virtual Network remote endpoint:

configure virtual-network remote-endpoint vxlan ipaddress 10.10.10.146 monitor on

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

configure virtual-network replication-role

configure virtual-network replication-role [rnve | replicator | leaf
{selected-replicator-default ipaddress}]

Description
Configures the assisted replication role on a switch. In addition, if the switch role is leaf,
this command also configures the default selected replicator for all virtual networks
created afterwards.

Syntax Description
virtual-network Designates changing the virtual overlay network
configuration.
replication-role Sets the replication role used for VXLAN replication of
unknown unicast, broadcast, and multicast traffic.
rnve Sets regular network virtualization edge node (RNVE) to
use head-end replication (default).
replicator Sets replicate tunneled broadcast and multicast traffic to
leaf nodes.
leaf Sets tunnel broadcast and multicast traffic to replicator.

1536 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

selected-replicator- Sets the default target to send broadcast and multicast

default traffic to perform replication.
ipaddress Sets the IPv4 address of a remote tunnel endpoint
configured as a replicator.

Default
If not specified, the replicator role is set to RNVE.

Usage Guidelines
The selected-replicator-default value is only applied to currently configured
virtual networks if the role is changing to leaf. It is always applied to virtual
networks you create afterwards. To change the selected-replicator for already
configured virtual networks, use the command configure virtual-network vn_name
selected-replicator [ipaddress ipaddress | none].

Do not configure a switch as the new replicator until the prior replicator is
unconfigured because packet duplication might occur.

To remove configuration of the assisted replication feature, set the replication role to
rnve, and the switch reverts back to head-end replication.

Example
The following example configures a node as a replicator:
# configure virtual-network replication-role replicator

The following example configures a node as a leaf, assigning a default selected

replicator for future created virtual networks only:
# configure virtual-network replication-role leaf selected-replicator-default 1.2.3.4

History
This command was first available in ExtremeXOS 31.1.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

configure virtual-network selected-replicator

configure virtual-network vn_name selected-replicator [ipaddress
ipaddress | none]

Switch Engine™ Command Reference Guide for version 32.7.1 1537

Description Commands

Description
Sets, or removes, the selected replicator for an already configured virtual network.

Syntax Description
virtual-network Designates changing the virtual overlay network
configuration.
vn_name Sets the alphanumeric string identifying the virtual
network to be configured.
selected-replicator Target to send broadcast and multicast traffic to perform
replication when configured as leaf.
ipaddress Designates configuring the IP address of a remote tunnel-
endpoint to be used as replicator.
ipaddress Sets the IPv4 address of the remote tunnel-endpoint
configured as a replicator.
none Removes an existing default selected replicator for this
virtual network.

Default
N/A.

Usage Guidelines

Example
The following example configures the remote tunnel-endpoint at the IP address
"10.1.1..100" as the selected replicator for the virtual network "vn-blue":
# configure virtual-network vn-blue selected-replicator 10.1.1.100

The following example removes the selected replicator from the virtual network "vn-
blue":
# configure virtual-network vn-blue selected-replicator none

History
This command was first available in ExtremeXOS 31.1.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

1538 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure virtual-network vxlan vni

configure virtual-network vxlan vni

configure virtual-network vn_name vxlan vni [ vni | none]

Description
Use this command to assign a VXLAN VNI to a virtual network.

Syntax Description
vn_name Alphanumeric string identifying the Virtual Network to be
configured.
vni Virtual Network Identifier value between 1 and 16777215.
none Remove existing VXLAN VNI configuration for this virtual
network.

Default
N/A.

Usage Guidelines
The range of supported VNIs is 1-16777215. The VNI needs to be unique and not more
than a one VNI can configured for a virtual-network in this release of ExtremeXOS.

Example
To configure a VXLAN VNI value of 10000 to an existing Virtual Network:
configure virtual-network my_virtual_network vxlan vni 10000

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

configure vlan add nsi | isid

configure [{vlan} vlan_name |vlan vlan_id] add [nsi nsi | isid isid]

Description
Maps a static VLAN to a Network Service Identifier (NSI) or Individual Service Identifier
(ISID).

Switch Engine™ Command Reference Guide for version 32.7.1 1539

Syntax Description Commands

Syntax Description
vlan Specifies VLAN.
vlan_name Specifies the name of the VLAN to map.
vlan_id Specifies the ID of the VLAN to map.
add Specifies mapping a VLAN to an NSI.
nsi Specifies an NSI.
nsi Specifies the ID number of the NSI to map to the VLAN.
isid Specifies an ISID.
isid Specifies the ID number of the ISID to map to the VLAN.

Default
N/A.

Usage Guidelines
These static VLAN mappings do not age out of the LLDP database, but are removed
when the VLAN is deleted or when removed by the command configure vlan delete nsi
| isid on page 1548.

You can only map one VLAN to an NSI or ISID.

Example
The following example maps VLAN "vlan1" to NSI "1000":
# configure vlan vlan1 add nsi 1000

History
This command was first available in ExtremeXOS 22.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vlan add ports

configure [ {vlan} vlan_name | vlan vlan_list] add ports [port_list |
all] {tagged tag | untagged} {{stpd} stpd_name} {dot1d | emistp |
pvst-plus}}

Description
Adds one or more ports in a VLAN.

1540 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan_name Specifies a VLAN name.
vlan_list Specifies a VLAN list of IDs.
port_list Specifies a list of ports or slots and ports.
all Specifies all ports.
tagged tag Specifies the ports should be configured as tagged.
untagged Specifies the ports should be configured as
untagged.
stpd_name Specifies an STP domain name.
dot1d | emistp | pvst-plus Specifies the BPDU encapsulation mode for these
STP ports.

Default
Untagged.

Usage Guidelines
The VLAN must already exist before you can add (or delete) ports: use the create vlan
command to create the VLAN.

If the VLAN uses 802.1Q tagging, you can specify tagged or untagged port(s). If the
VLAN is untagged, the ports cannot be tagged.

Untagged ports can only be a member of a single VLAN. By default, they are members
of the default VLAN (named Default). In order to add untagged ports to a different
VLAN, you must first remove them from the default VLAN. You do not need to do this
to add them to another VLAN as tagged ports. If you attempt to add an untagged
port to a VLAN prior to removing it from the default VLAN, you see the following error
message:
Error: Protocol conflict when adding untagged port 1:2. Either add this port as tagged or
assign another protocol to this VLAN.

Note
This message is not displayed if keyword all is used as port_list.

The ports that you add to a VLAN and the VLAN itself cannot be explicitly assigned to
different virtual routers (VRs). When multiple VRs are defined, consider the following
guidelines while adding ports to a VLAN:
• A VLAN can belong (either through explicit or implicit assignment) to only one VR.
• If a VLAN is not explicitly assigned to a VR, then the ports added to the VLAN must
be explicitly assigned to a single VR.

Switch Engine™ Command Reference Guide for version 32.7.1 1541

Example Commands

• If a VLAN is explicitly assigned to a VR, then the ports added to the VLAN must be
explicitly assigned to the same VR or to no VR.
• If a port is added to VLANs that are explicitly assigned to different VRs, the port must
be explicitly assigned to no VR.

Note
User-created VRs are supported only on the platforms listed for this feature
in in the Switch Engine 32.7.1 Feature License Requirements document. On
switches that do not support user-created VRs, all VLANs are created in
VR-Default and cannot be moved.

Refer to the STP section in the Switch Engine 32.7.1 User Guide for more information on
configuring Spanning Tree Domains.

Note
If you use the same name across categories (for example, STPD and EAPS
names), we recommend that you specify the identifying keyword as well as the
actual name. If you do not use the keyword, the system may return an error
message.

Beginning with ExtremeXOS 11.4, the system returns the following message if the ports
you are adding are already EAPS primary or EAPS secondary ports:
WARNING: Make sure Vlan1 is protected by EAPS. Adding EAPS ring ports to a VLAN could
cause a loop in the network. Do you really want to add these ports? (y/n)

Example
The following example assigns tagged ports 1:1, 1:2, 1:3, and 1:6 to a VLAN named
"accounting":
configure vlan accounting add ports 1:1, 1:2, 1:3, 1:6 tagged

History
This command was first available in ExtremeXOS 10.1.

The tagged keyword was added in ExtremeXOS 15.4.

The vlan_list option was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vlan add ports private-vlan translated

Translation from network VLAN tag to each subscriber VLAN tag is done by default
in a private VLAN.

1542 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

configure [ {vlan} vlan_name | vlan vlan_id] add ports port_list

private-vlan translated

Description
Adds the specified ports to the specified network VLAN and enables tag translation for
all subscriber VLAN tags to the network VLAN tag.

Syntax Description
vlan_name Specifies the network VLAN to which the ports are added.
vlan_list Specifies a VLAN list of IDs.
port_list Specifies the ports to be added to the network VLAN.

Default
N/A.

Usage Guidelines
This command is allowed only when the specified VLAN is configured as a network
VLAN on a PVLAN.

Example
The following example adds port 2:1 to VLAN sharednet and enables VLAN translation
on that port:
configure sharednet add ports 2:1 private-vlan translated

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all platforms that support the Private VLAN feature. For
features and the platforms that support them, see the Switch Engine 32.7.1 Feature
License Requirements document.

configure vlan add ports stpd

configure vlan vlan_name add ports [all | port_list] {tagged {tag} |
untagged} stpd stpd_name {[dot1d | emistp | pvst-plus]}

Switch Engine™ Command Reference Guide for version 32.7.1 1543

Description Commands

Description
Adds one or more ports in a VLAN to a specified STPD.

Syntax Description
vlan_name Specifies a VLAN name.
all Specifies all of the ports to be included in the STPD.
port_list Specifies the port or ports to be included in the STPD.
tagged Specifies the ports should be configured as tagged.
tag Specifies the port-specific VLAN tag. When there are
multiple ports specified in the port_list, the same tag
is used for all of them. When unspecified port tag is
equal to the VLAN tag.
untagged Specifies the ports should be configured as untagged.
stpd_name Specifies an STPD name on the switch.
dot1d Specifies the STP encapsulation mode of operation to be
802.1d.
emistp Specifies the STP encapsulation mode of operation to be
EMISTP.
pvst-plus Specifies the STP encapsulation mode of operation to be
PVST+.

Default
Ports in the default STPD (s0) are in dot1.d mode.

Ports in user-created STPDs are in emistp mode.

Usage Guidelines
To create a VLAN, use the create vlan command. To create an STP domain, use the
create stpd command.

In an EMISTP or PVST+ environment, this command adds a list of ports to a VLAN and a
specified STPD at the same time provided the carrier VLAN already exists on the same
set of ports. You can also specify the encapsulation mode for those ports.

In an MSTP environment, you do not need a carrier VLAN. A CIST controls the
connectivity of interconnecting MSTP regions and sends BPDUs across the regions to
communicate region status. You must use the dot1d encapsulation mode in an MSTP
environment.

You cannot configure STP on the following ports:

• Mirroring target ports.

1544 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Naming Conventions

• Software-controlled redundant ports.

If you see an error similar to the following:

Error: Cannot add VLAN default port 3:5 to STP domain

You might be attempting to add:

• A carrier VLAN port to a different STP domain than the carrier VLAN belongs.
• A VLAN/port for which the carrier VLAN does not yet belong.

Note
This restriction is only enforced in an active STP domain and when you
enable STP to ensure you have a legal STP configuration.

Naming Conventions
If your VLAN has the same name as another component, for example an STPD, we
recommend that you specify the identifying keyword as well as the name. If your VLAN
has a name unique only to that VLAN, the keywords vlan and stpd are optional.

STP Encapsulation Modes

You can specify the following STP encapsulation modes:
• dot1d—This mode is reserved for backward compatibility with previous STP versions.
BPDUs are sent untagged in 802.1D mode. Because of this, any given physical
interface can have only one STPD running in 802.1D mode.

This encapsulation mode supports the following STPD modes of operation: 802.1D,
802.1w, and MSTP.
• emistp—This mode sends BPDUs with an 802.1Q tag having an STPD ID in the VLAN
ID field.

This encapsulation mode supports the following STPD modes of operation: 802.1D
and 802.1w.
• pvst-plus—This mode implements PVST+ in compatibility with third-party switches
running this version of STP. The STPDs running in this mode have a one-to-one
relationship with VLANs, and send and process packets in PVST+ format.

This encapsulation mode supports the following STPD modes of operation: 802.1D
and 802.1w.

These encapsulation modes are for STP ports, not for physical ports. When a physical
ports belongs to multiple STPDs, it is associated with multiple STP ports. It is possible
for the physical port to run in different modes for different domains for which it
belongs.

MSTP STPDs use only 802.1D BPDU encapsulation mode. The switch prevents you from
configuring EMISTP or PVST+ encapsulation mode for MSTP STPDs.

Specify the port tag when you need to put multiple vlans into a broadcast domain.

Switch Engine™ Command Reference Guide for version 32.7.1 1545

Automatically Inheriting Ports--MSTP Only Commands

Automatically Inheriting Ports--MSTP Only

In an MSTP environment, whether you manually or automatically bind a port to an
MSTI in an MSTP region, the switch automatically binds that port to the CIST. The CIST
handles BPDU processing for itself and all of the MSTIs; therefore, the CIST must inherit
ports from the MSTIs in order to transmit and receive BPDUs.

Example
The following command adds slot 1, port 2 and slot 2, port 3, members of a VLAN
named Marketing, to the STPD named STPD1, and specifies that they be in EMISTP
mode:
configure vlan marketing add ports 1:2, 2:3 tagged stpd stpd1 emistp

The following examples illustrate the tag variable in ExtremeXOS 15.4.

The following example configures vlan with tag 100 and port tag of 10 and 11 on two
different ports:
create vlan exchange tag 100
config vlan exchange add ports 3 tagged 10
config vlan exchange add ports 4 tagged 11

The following example configures a VLAN with tag 100, and port tag of 10 and 11 on the
same ports:
create vlan exchange tag 100
config vlan exchange add ports 3 tagged 10
config vlan exchange add ports 3 tagged 11

The following example configures VLAN with tag 100, and port tag of 10 on two ports
and 11 on a different port:
create vlan exchange tag 100
config vlan exchange add ports 2:3,2:4 tagged 10
config vlan exchange add ports 2:5 tagged 11

History
This command was first available in ExtremeXOS 10.1.

The nobroadcast keyword was removed in ExtremeXOS 11.4.

The tag variable was added in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vlan add secondary-ipaddress

configure [ {vlan} vlan_name | vlan vlan_id]add secondary-ipaddress
anycast [ip_address {netmask} | ipNetmask]

1546 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures secondary IP addresses on a VLAN to support multinetting.

Syntax Description
vlan_name Specifies a VLAN name.
vlan_id Specifies a VLAN id.
anycast Specifies that the address functions like any other
secondary address on a VLAN, but responds to ARP
requests with the anycast MAC address.
ip_address Specifies an IP address.
netmask Specifies a network mask.
ipNetmask Specifies an IP address with network mask.

Default
N/A.

Usage Guidelines
Adding a secondary IP address to a VLAN enables multinetting. Secondary addresses
are added to support legacy stub IP networks.

After you have added a secondary IP address to a VLAN, you cannot unconfigure the
primary IP address of that VLAN until you delete all of the secondary addresses. To
delete the secondary address, use the following command:
configure [ {vlan} vlan_name | vlan vlan_id] delete secondary-ipaddress
[ip_address | all]

Example
The following example configures the VLAN multi to support the 10.1.1.0/24 subnet in
addition to its primary subnet:
# configure vlan multi add secondary-ipaddress 10.1.1.1/24

History
This command was first available in ExtremeXOS 11.0.

The vlan_id variable is first available in ExtremeXOS 16.1.

Anycast capability was added in ExtremeXOS 30.7.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1547

configure vlan delete nsi | isid Commands

configure vlan delete nsi | isid

configure [{vlan} vlan_name |vlan vlan_id] delete [nsi nsi | isid isid]

Description
Unmaps a static VLAN from a Network Service Identifier (NSI) or Individual Service
Identifier (ISID).

Syntax Description
vlan Specifies VLAN.
vlan_name Specifies the name of the VLAN to remove.
vlan_id Specifies the ID of the VLAN to remove.
delete Specifies removing the mapping of a VLAN from an NSI.
nsi Specifies an NSI.
nsi Specifies the ID number of the NSI to unmap from the
VLAN.
isid Specifies an ISID.
isid Specifies the ID number of the ISID to unmap from the
VLAN.

Default
N/A.

Usage Guidelines
Only mappings created by the command configure vlan add nsi | isid on page 1539 can
be removed using this command.

Example
The following example removes VLAN "vlan1" from NSI "1000":
# configure vlan vlan1 delete nsi 1000

History
This command was first available in ExtremeXOS 22.4.

Platform Availability
This command is available on all Universal switches supported in this document.

1548 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure vlan delete ports

configure vlan delete ports

configure [ {vlan} vlan_name | vlan vlan_list] delete ports [all |
port_list ]

Description
Deletes one or more ports in a VLAN.

Syntax Description
vlan_name Specifies a VLAN name.
vlan_list Specifies a VLAN list of IDs.
all Specifies all ports.
port_list Specifies a list of ports or slots and ports.
tagged tag Specifies the port-specific VLAN tag. When there are
multiple ports specified using port_list, the same tag is
used for all of them.

Default
When unspecified, the port tag is equal to the VLAN tag.

Usage Guidelines
Specify port tag to delete a VLAN port that has a different tag from the VLAN tag.

Example
The following example removes ports 1, 3, and 7 on a switch from a VLAN named
accounting:
configure accounting delete ports 1,3,7

The following example deletes a VLAN port with tag 10:

create vlan exchange tag 100
config vlan exchange del ports 3 tag 10

The following example deletes a VLAN port tag of 10 on two ports:

create vlan exchange tag 100
config vlan exchange d ports 3,4 tag 10

History
This command was first available in ExtremeXOS 10.1.

The vlan_list option was added in ExtremeXOS 16.1.

Switch Engine™ Command Reference Guide for version 32.7.1 1549

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure vlan delete secondary-ipaddress

configure [ {vlan} vlan_name | vlan vlan_id] delete secondary-ipaddress
[ip_address | all]

Description
Removes secondary IP addresses on a VLAN that were added to support multinetting.

Syntax Description
vlan_name Specifies a VLAN name.
vlan_id Specifies a VLAN ID.
ip_address Specifies an IP address.
all Specifies deleting all existing secondary and anycast IP
addresses.

Default
N/A.

Usage Guidelines
After you have added a secondary IP address to a VLAN (configure [ {vlan}
vlan_name | vlan vlan_id]add secondary-ipaddress anycast [ip_address
{netmask} | ipNetmask] ), you cannot unconfigure the primary IP address of that
VLAN until you delete all of the secondary addresses. Use the all keyword to delete all
the secondary and anycast IP addresses from a VLAN.

Example
The following example removes the 10.1.1.0 secondary IP address from the VLAN "multi":
# configure vlan multi delete secondary-ipaddress 10.1.1.1

History
This command was first available in ExtremeXOS 11.0.

The vlan_id variable is first available in ExtremeXOS 16.1.

The capability to delete anycast IP addresses was added in ExtremeXOS 30.7.

1550 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure vlan description

configure {vlan} vlan_name description [vlan-description | none]

Description
Configures a description for the specified VLAN.

Syntax Description
vlan_name Specifies the VLAN name.
vlan-description Specifies a VLAN description (up to 64 characters) that
appears in show vlan commands and can be read from the
ifAlias MIB object for the VLAN.
none This keyword removes the configured VLAN description.

Default
By default, the VLAN has no description.

Usage Guidelines
The VLAN description must be in quotes if the string contains any space characters.
If a VLAN description is configured for a VLAN that already has a description, the new
description replaces the old description.

Example
The following example assigns the description "Campus A" to VLAN vlan1:
configure vlan vlan1 description “Campus A”

History
This command was first available in ExtremeXOS 12.4.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vlan dhcp-address-range

configure vlan vlan_name dhcp-address-range ipaddress1 - ipaddress2

Switch Engine™ Command Reference Guide for version 32.7.1 1551

Description Commands

Description
Configures a set of DHCP addresses for a VLAN.

Syntax Description
vlan_name Specifies the VLAN on whose ports DHCP will be enabled.
ipaddress1 Specifies the first IP address in the DHCP address range to
be assigned to this VLAN.
ipaddress2 Specifies the last IP address in the DHCP address range to
be assigned to this VLAN.

Default
N/A.

Usage Guidelines
The following error conditions are checked: ipaddress2 >= ipaddress1, the range must
be in the VLAN's network, the range does not contain the VLAN's IP address, and the
VLAN has an IP address assigned.

Example
The following command allocates the IP addresses between 192.168.0.20 and
192.168.0.100 for use by the VLAN temporary:

configure temporary dhcp-address-range 192.168.0.20 - 192.168.0.100

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vlan dhcp-lease-timer

configure vlan vlan_name dhcp-lease-timer lease-timer

Description
Configures the timer value in seconds returned as part of the DHCP response.

1552 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan_name Specifies the VLAN on whose ports netlogin should be
disabled.
lease-timer Specifies the timer value, in seconds.

Default
N/A.

Usage Guidelines
The timer value is specified in seconds. The timer value range is 0 - 4294967295, where
0 indicates the default (not configured) value of 7200 second.

Example
The following command configures the DHCP lease timer value for VLAN corp:

configure vlan corp dhcp-lease-timer <lease-timer>

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vlan dhcp-options

configure {vlan} vlan_name dhcp-options [code option_number [16-
bit value1 {value2 {value3 {value4}}} | 32-bit value1 {value2
{value3 {value4}}} | flag [on | off] | hex string_value |
ipaddress ipaddress1 {ipaddress2 {ipaddress3 {ipaddress4}}} | string
string_value] | default-gateway | dns-server {primary | secondary} |
wins-server] ipaddress

Description
Configures the DHCP options returned as part of the DHCP response by a switch
configured as a DHCP server.

Syntax Description
vlan_name Specifies the VLAN on which to configure DHCP.
code Specifies the generic DHCP option code.

Switch Engine™ Command Reference Guide for version 32.7.1 1553

Default Commands

option_number Specifies the DHCP Option number.

16-bit Specifies that one to four 16-bit unsigned integer values
associated with selected DHCP option.
32-bit Specifies that one to four 32-bit unsigned integer values
associated with selected DHCP option.
flag Specifies that 1 byte value associated with selected DHCP
option number.
hex Specifies that hexadecimal string associated with selected
DHCP option number.
string Specifies that a string is associated with selected DHCP
option number.
string_value The string value associated with specified option.
default-gateway Specifies the router option.
dns-server Specifies the Domain Name Server (DNS) option.
primary Specifies the primary DNS option.
secondary Specifies the secondary DNS option.
wins-server Specifies the NetBIOS name server (NBNS) option.
ipaddress The IP address associated with the specified option.

Default
N/A.

Usage Guidelines
This command configures the DHCP options that can be returned to the DHCP client.
For the default-gateway option you are only allowed to configure an IP address that is
in the VLAN's network range. For the other options, any IP address is allowed.

The options below represent the following BOOTP options specified by RFC2132:
• default-gateway—Router option, number 3.
• dns-server—Domain Name Server option, number 6.
• wins-server—NetBIOS over TCP/IP Name Server option, number 44.

Example
The following command configures the DHCP server to return the IP address 10.10.20.8
as the router option:

configure vlan <name> dhcp-options default-gateway 10.10.20.8

History
This command was first available in ExtremeXOS 11.0.

1554 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

The primary and secondary DNS options were added in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vlan dynamic-vlan uplink-ports

configure vlan dynamic-vlan uplink-ports [ add {ports} port_list |
delete {ports} [port_list | all] ]

Description
Statically provisions uplink ports for all dynamically created VLANs.

Syntax Description
dynamic-vlan Configuration options for dynamically created VLANs.
uplink-ports Tagged uplink ports for VLANs created by system
applications.
add Add ports to dynamic VLAN uplink port list.
delete Remove ports from dynamic VLAN uplink port list.
ports Ports to be configured as uplink ports.
port_list List of ports separated by a comma or -.
all Clear the dynamic VLAN uplink port list.

Default
N/A.

Usage Guidelines
Use this command to statically provision uplink ports for dynamically created VLANs.

Example
# conf vlan dynamic-vlan uplink-ports add ports 16-18
# conf vlan dynamic-vlan uplink-ports add 20,22,24
# configure vlan dynamic-vlan uplink-ports delete ports 22
# configure vlan dynamic-vlan uplink-ports delete 16-18
# configure vlan dynamic-vlan uplink-ports delete all

History
This command was first available in ExtremeXOS 15.3.

Switch Engine™ Command Reference Guide for version 32.7.1 1555

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure vlan ipaddress

configure [ {vlan} vlan_name | vlan vlan_id] ipaddress
[ipaddress {netmask} | {ipNetmask} | ipv6-link-local | {eui64}
ipv6_address_mask]

Description
Assigns an IPv4 address and an optional subnet mask or an IPv6 address to the VLAN.
Beginning with ExtremeXOS 11.2, you can specify IPv6 addresses. You can assign either
an IPv4 address, and IPv6 address, or both to the VLAN. Beginning with ExtremeXOS
11.3, you can use this command to assign an IP address to a specified VMAN and enable
multicasting on that VMAN.

Note
You can also use this command to assign an IP address to a VMAN on all
platforms that support the VMAN feature. For information on which software
licenses and platforms support the VMAN feature, see the Switch Engine 32.7.1
Feature License Requirements document.

Syntax Description
vlan_name Specifies a VLAN name.
vlan_id Specifies a VLAN ID.
ipaddress Specifies an IPv4 address.
netmask Specifies an IPv4 subnet mask in dotted-quad notation (for
example, 255.255.255.0). This parameter supports 255.255.255.254
for 31-bit prefixes.
ipNetmask Specifies an IPv4 prefix mask in CIDR notation. This parameter
supports /31 for 31-bit prefixes.
ipv6-link-local Specifies IPv6 and configures a link-local address generated by
combining the standard link-local prefix with the automatically
generated interface in the EUI-64 format. Using this option
automatically generates an entire IPv6 address; this address is
only a link-local, or VLAN-based, IPv6 address; that is, ports on the
same segment can communicate using this IP address and do
not have to pass through a gateway.

1556 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

eui64 Specifies IPv6 and automatically generates the interface ID in

the EUI-64 format using the interface’s MAC address. Once you
enter this parameter, you must add the following variables:
ipv6_address_mask. Use this option when you want to enter the
64-bit prefix and use a EUI-64 address for the rest of the IPv6
address.
ipv6_address_ma Specify the IPv6 address in the following format: x:x:x:x:x:x:x:x/prefix
sk length, where each x is the hexadecimal value of one of the 8
16-bit pieces of the 128-bit wide address.

Default
N/A.

Usage Guidelines
The VLAN must already exist before you can assign an IP address; use the create vlan
command to create the VLAN (also the VMAN must already exist).

Note
If you plan to use the VLAN as a control VLAN for an EAPS domain, do
NOT configure the VLAN with an IP address. For information about adding
secondary IP addresses to VLANs, see the IPv4 Unicast Routing section in the
Switch Engine 32.7.1 User Guide .

Beginning with ExtremeXOS 11.2, you can specify IPv6 addresses. For information about
IPv6 addresses, see the IPv6 Unicast Routing section in the Switch Engine 32.7.1 User
Guide.

Beginning with ExtremeXOS 11.3, you can assign an IP address (including IPv6
addresses) to a VMAN. Beginning with version 11.4, you can enable multicasting on that
VMAN.

Beginning with ExtremeXOS 15.7.1, you can configure IPv4 addresses with 31-bit prefixes
on network VLANs and the Mgmt VLAN.

To enable multicasting on the specified VMAN once you assigned an IP address, take
the following steps:

1. Enable IP multicast forwarding.

2. Enable and configure multicasting.

Example
The following examples are equivalent; both assign an IPv4 address of 10.12.123.1 to a
VLAN named "accounting":
configure vlan accounting ipaddress 10.12.123.1/24
configure vlan accounting ipaddress 10.12.123.1 255.255.255.0

Switch Engine™ Command Reference Guide for version 32.7.1 1557

History Commands

The following example assigns a link local IPv6 address to a VLAN named
management:
configure vlan accounting ipaddress ipv6-link-local

History
This command was first available in ExtremeXOS 10.1.

The IPv6 parameters were added in ExtremeXOS 11.2.

Support for 31-bit prefixes on IPv4 addresses was added in ExtremeXOS in 15.7.1.

The vlan_id variable is first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vlan l2pt profile

configure [[{vlan vlan_name] [vxlan {vr vr_name} rtep rtep_ipv4]] l2pt
profile [none | profile_name]

Description
Configures VLAN L2PT profiles on service interfaces.

Syntax Description
vlan Specifies the VLAN configuration.
vlan_name Specifies the VLAN name.
vxlan Specifies Virtual eXtensible LAN.
vr Specifies Virtual Router.
vr_name Specifies the Virtual Router Name. If not specified, the VR
of the current command context is used.
rtep Specifies Remote Tunnel End Point.
rtep_ipv4 Specifies the Remote Tunnel End Point IPv4 address.
l2pt Specifies Layer 2 protocol tunneling.
profile Specifies the L2PT profile for the RTEP.
none Specifies that no L2PT profile should be bound to the ports
(default).
profile_name Specifies the L2PT profile to be bound to the ports.

1558 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Disabled.

Usage Guidelines
Use this command to configure VLAN L2PT profiles on VXLAN RTEP interfaces.

Example
The following example binds the tenant VLAN to l2pt-nw profile with RTEP IP address
as 2.2.2.2 of VxLAN service Interface with the action "none":
# configure l2pt profile "l2pt-nw" add protocol filter cdp action none
# configure vlan tenant vxlan rtep 2.2.2.2 l2pt profile l2pt-nw

The following example unbinds the configured l2pt profile from RTEP IP address 2.2.2.2
associated with tenant VLAN:
# configure vlan tenant vxlan rtep 2.2.2.2 l2pt profile none

The following example binds the tenant with peer 2.2.2.2 of VxLAN RTEP l2pt-nw
specifies tunneling actions:
# configure l2pt profile "l2pt-nw" add protocol filter cdp action tunnel
# configure tenant vxlan rtep 2.2.2.2 l2pt profile "l2pt-nw"
Error: Cannot tunnel on VxLAN RTEP. Tunnel action may be applied only to ports.

History
This command was first available in ExtremeXOS 31.3.

Platform Availability
This command is supported on the ExtremeSwitching 5520 series switch and stacks
with 5520 slots only.

configure vlan name

configure [ {vlan} vlan_name | vlan vlan_id]name name

Description
Renames a previously configured VLAN.

Syntax Description
vlan_name Specifies the current (old) VLAN name.
vlan_id Specifies the VLAN ID.
name Specifies a new name for the VLAN.

Switch Engine™ Command Reference Guide for version 32.7.1 1559

Default Commands

Default
N/A.

Usage Guidelines
You cannot change the name of the default VLAN “Default.”

For information on VLAN name requirements and a list of reserved keywords, see
Object Names in the Switch Engine 32.7.1 User Guide.

Note
If you use the same name across categories (for example, STPD and EAPS
names), we recommend that you specify the identifying keyword as well as the
actual name. If you do not use the keyword, the system may return an error
message.

Example
The following example renames VLAN vlan1 to engineering:
configure vlan vlan1 name engineering

History
This command was first available in ExtremeXOS 10.1.

The vlan_id variable is first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vlan netlogin-lease-timer

configure vlan vlan_name netlogin-lease-timer seconds

Description
Configures the timer value returned as part of the DHCP response for clients attached
to networklogin-enabled ports.

Syntax Description
vlan_name Specifies the VLAN to which this timer value applies.
seconds Specifies the timer value, in seconds.

1560 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
10 seconds.

Usage Guidelines
The timer value is specified in seconds.

This command applies only to the web-based authentication mode of network login.

Example
The following command sets the timer value to 15 seconds for VLAN corp:

configure vlan corp netlogin-lease-timer 15

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vlan qosprofile

configure [ {vlan} vlan_name | vlan vlan_list] {qosprofile} [qosprofile
| none]

Description
Configures a VLAN traffic group, which links all the ingress ports in the specified VLAN
to the specified egress QoS profile.

Syntax Description
vlan_name Specifies a VLAN name.
vlan_list Specifies a VLAN list of IDs.
qosprofile Specifies an egress QoS profile. The supported values are:
qp1 to qp8 and none.

Default
None.

Switch Engine™ Command Reference Guide for version 32.7.1 1561

Usage Guidelines Commands

Usage Guidelines
Extreme switches support eight egress QoS profiles (QP1 to QP8) for each port. The QoS
profile QP7 is not available to you on a SummitStack.

Example
The following command configures VLAN accounting to use QoS profile QP3:

configure vlan accounting qosprofile qp3

History
This command was first available in ExtremeXOS 11.0.

The vlan_list option was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vlan protocol

configure [ {vlan} vlan_name | vlan vlan_list]protocol {filter}
filter_name

Description
Configures a VLAN to use a specific protocol filter.

Syntax Description
vlan_name Specifies a VLAN name.
vlan_list Specifies a VLAN list of IDs.
protocol_name Specifies a protocol filter name. This can be the name of a
predefined protocol filter, or one you define.The following
protocol filters are predefined: IP, IPv6, IPX, NetBIOS,
DECNet, IPX_8022, IPX_SNAP, AppleTalk.
Using any indicates that this VLAN should act as the
default VLAN for its member ports.

Default
Protocol any.

1562 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
If the keyword any is specified, all packets that cannot be classified into another
protocol-based VLAN are assigned to this VLAN as the default for its member ports.

Use the configure protocol command to define your own protocol filter.

Protocol Filters
These devices do not forward packets with a protocol-based VLAN set to AppleTalk. To
ensure that AppleTalk packets are forwarded on the device, create a protocol-based
VLAN set to "any" and define other protocol-based VLANs for other traffic, such as IP
traffic. The AppleTalk packets pass on the “any” VLAN, and the other protocols pass
traffic on their specific protocol-based VLANs.

Example
The following example configures the protocol filter "my_filter" to vlan v1:
configure vlan v1 protocol "my_filter"
configure vlan v1 protocol filter "my_filter"

History
This command was first available in ExtremeXOS 10.1.

The IPv6 parameter was added in ExtremeXOS 11.2.

The filter keyword was added in ExtremeXOS 15.5.

The vlan_list option was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vlan router-discovery add prefix

configure vlan vlan_name router-discovery {ipv6} add prefix prefix

Description
Adds a prefix to the router discovery advertisements on the VLAN.

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
prefix Specifies the prefix to add.

Switch Engine™ Command Reference Guide for version 32.7.1 1563

Default Commands

Default
N/A.

Usage Guidelines
This command adds a prefix to the router advertisement messages for the VLAN.
Prefixes defined with this command are only included in the router advertisement
messages and have no operational impact on VLANs.

To configure the parameters for this prefix, use the following command:
configure vlan vlan_name router-discovery {ipv6} set prefix prefix
[autonomous-flag auto_on_off | onlink-flag onlink_on_off | preferred-
lifetime preflife |valid-lifetime validlife]

Example
The following command adds the prefix 2001:db8:3456::/64 for the VLAN "top_floor":
configure vlan top_floor router-discovery add prefix 2001:db8:3456::/64

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure vlan router-discovery default-lifetime

configure vlan vlan_name router-discovery {ipv6} default-lifetime
defaultlifetime

Description
Configures the router lifetime value sent in router discovery advertisements on the
VLAN.

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
defaultlifetime Specifies the router lifetime. Range is 0, or max-interval to
9000 seconds.

1564 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
1800 seconds.

Usage Guidelines
This command configures the router lifetime value to be included in the router
advertisement messages.

The value is specified in seconds and is either 0, or between max-interval and 9000
seconds. A value of 0 indicates that the router is not to be used as a default router.

After a host sends a router solicitation, and receives a valid router advertisement with a
non-zero router lifetime, the host must desist from sending additional solicitations on
that interface, until an event such as re-initialization takes place.

Example
The following example configures the default-lifetime to be 3600 seconds for the VLAN
"top_floor":
configure vlan top_floor router-discovery default-lifetime 3600

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure vlan router-discovery delete prefix

configure vlan vlan_name router-discovery {ipv6} delete prefix [prefix |
all]

Description
Deletes prefixes from the router discovery advertisements on the VLAN.

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
prefix Specifies the prefix to delete.
all Specifies to delete all prefixes.

Switch Engine™ Command Reference Guide for version 32.7.1 1565

Default Commands

Default
N/A.

Usage Guidelines
This command deletes previously defined router advertisement prefixes.

Example
The following example deletes the prefix 2001:db8:3161::/64 for the VLAN "top_floor":
configure vlan top_floor router-discovery delete 2001:db8:3161::/64

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure vlan router-discovery link-mtu

configure vlan vlan_name router-discovery {ipv6} link-mtu linkmtu

Description
Configures the link MTU value sent in router discovery advertisements on the VLAN.

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
linkmtu Specifies the link MTU. Range is 0 to 9216.

Default
0, meaning that no link MTU information is sent.

Usage Guidelines
This command configures the link MTU placed into the router advertisement
messages. Advertisement of the MTU helps ensure use of a consistent MTU by hosts
on the VLAN.

The minimum value is 0, and the maximum value is 9216. The default value is 0, which
means that no link MTU information is included in the router discovery messages.

1566 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example configures the link MTU to be 5126 for the VLAN "top_floor":
configure vlan top_floor router-discovery link-mtu 5126

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure vlan router-discovery managed-config-flag

configure vlan vlan_name router-discovery {ipv6} managed-config-flag
on_off

Description
Configures the managed address configuration flag value sent in router discovery
advertisements on the VLAN.

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
on_off Specifies setting the flag to on or off.

Default
Off.

Usage Guidelines
This command configures the contents of the managed address configuration flag in
the router advertisement messages.

A value of on tells hosts to use the administered (stateful) protocol DHCP for address
autoconfiguration in addition to any addresses autoconfigured using stateless address
autoconfiguration. A value of off tells hosts to use stateless address autoconfiguration.
If this command is not entered, the default value is off.

Switch Engine™ Command Reference Guide for version 32.7.1 1567

Example Commands

Example
The following example configures the managed address configuration flag to be on for
the VLAN "top_floor":
configure vlan top_floor router-discovery managed-config-flag on

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure vlan router-discovery max-interval

configure vlan vlan_name router-discovery {ipv6} max-interval
maxinterval

Description
Configures the maximum time between unsolicited router discovery advertisements
on the VLAN.

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
maxinterval Specifies the maximum time between advertisements, in
seconds. Range is 4 to 1800.

Default
600 seconds.

Usage Guidelines
This command configures the maximum amount of time before an unsolicited router
advertisement message is advertised over the links corresponding to the VLAN.

Example
The following example configures the max-interval to be 300 seconds for the VLAN
"top_floor":
configure vlan top_floor router-discovery max-interval 300

1568 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure vlan router-discovery min-interval

configure vlan vlan_name router-discovery {ipv6} min-interval
mininterval

Description
Configures the minimum time between unsolicited router discovery advertisements on
the VLAN.

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
mininterval Specifies the minimum time between advertisements, in
seconds. Range is 3 to 1350 (see guidelines).

Default
200 seconds, or max-interval × .33 (see guidelines).

Usage Guidelines
This command configures the minimum amount of time before an unsolicited router
advertisement message is advertised over the links corresponding to the VLAN.

The minimum value is three seconds. The maximum time is (.75 × max-interval)
seconds. If you do not explicitly set this value, the min-interval value is reset whenever
the max-interval is configured. Min-interval will then be dynamically adjusted to .33
times the max-interval.

Example
The following example configures the min-interval to be 300 seconds for the VLAN
"top_floor":
configure vlan top_floor router-discovery min-interval 300

History
This command was first available in ExtremeXOS 11.2.

Switch Engine™ Command Reference Guide for version 32.7.1 1569

Platform Availability Commands

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure vlan router-discovery other-config-flag

configure vlan vlan_name router-discovery {ipv6} other-config-flag
on_off

Description
Configures the other stateful configuration flag value sent in router discovery
advertisements on the VLAN.

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
on_off Specifies setting the flag to on or off.

Default
Off.

Usage Guidelines
This command configures the contents of the other stateful configuration flag in the
router advertisement messages.

When set to on, hosts use the administered (stateful) protocol (DHCP) for
autoconfiguration of other (non-address) information. If this command is not entered,
the default value is off.

Example
The following example configures the other stateful configuration flag to be on for the
VLAN "top_floor":
configure vlan top_floor router-discovery other-config-flag on

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

1570 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure vlan router-discovery reachable-time

configure vlan router-discovery reachable-time

configure vlan vlan_name router-discovery {ipv6} reachable-time
reachabletime

Description
Configures the reachable time value in router discovery advertisements on the VLAN.

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
reachabletime Specifies the reachable time value in advertisements, in
milliseconds. Range is 0 to 3,600,000 (one hour).

Default
30,000 milliseconds.

Usage Guidelines
The reachable time is the time, in milliseconds, that a node assumes a neighbor is
reachable after having received a reachability confirmation. A value of 0 means the
time is unspecified by this router. The maximum value is 3,600,000 (1 hour).

Example
The following example configures the reachable time to be 3,600,000 milliseconds for
the VLAN "top_floor":
configure vlan top_floor router-discovery reachable-time 3600000

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure vlan router-discovery retransmit-time

configure vlan vlan_name router-discovery {ipv6} retransmit-time
retransmittime

Switch Engine™ Command Reference Guide for version 32.7.1 1571

Description Commands

Description
Configures the retransmit time value in router discovery advertisements on the VLAN.

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
retransmittime Specifies the reachable time value in advertisements, in
milliseconds. Range is 0 to 4,294,967,295 (approximately 50
days).

Default
1,000 milliseconds.

Usage Guidelines
This command configures the retransmit time value in the router advertisement
messages.

The retransmit time, in milliseconds, is the time between retransmitted neighbor

solicitation messages. A value of 0 means the value is unspecified by this router. The
maximum value is 4,294,967,295.

Example
The following example configures the retransmit time to be 604,800,000 milliseconds
(one week) for the VLAN "top_floor":
configure vlan top_floor router-discovery retransmit-time 604800000

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

configure vlan router-discovery set prefix

configure vlan vlan_name router-discovery {ipv6} set prefix prefix
[autonomous-flag auto_on_off | onlink-flag onlink_on_off | preferred-
lifetime preflife |valid-lifetime validlife]

Description
Sets the parameters for a prefix in the router discovery advertisements on the VLAN.

1572 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
prefix Specifies which prefix’s parameters to set.
auto_on_off Specifies the autonomous flag.
onlink_on_off Specifies the on link flag.
preflife Specifies the preferred lifetime in seconds. Maximum value
is 4,294,967,295.
validlife Specifies the valid lifetime in seconds. Maximum value is
4,294,967,295.

Default
The prefix parameter defaults are:
• Valid lifetime—2,592,000 seconds (30 days)
• On-link flag—on
• Preferred lifetime—604,800 seconds (7 days)
• Autonomous flag—on

Usage Guidelines
This command configures the attributes associated with the specified prefix.

The autonomous-flag flag option modifies the autonomous flag of the prefix. The
autonomous flag value specifies whether the prefix can be used for autonomous
address configuration (on) or not (off).

The onlink-flag option modifies the on link flag of the prefix. The on link flag specifies
whether the prefix can be used for on link determination (on) or not (off). The default
value of the on link flag is on.

The preferred-lifetime option modifies the preferred lifetime of a prefix. The

preferred lifetime value is the time (from when the packet is sent) that addresses
generated from the prefix via stateless address autoconfiguration remain preferred. The
maximum value is 4,294,967,295. The default value is 604,800 seconds (7 days).

The valid-lifetime option modifies the valid lifetime of a prefix. The valid lifetime
value is the time (from when the packet was sent) that the prefix is valid for the
purpose of on-link determination. The maximum value is a 4,294,967,295. The default
value is 2,592,000 seconds (30 days).

Example
The following example sets the on link parameter of the prefix 2001:db8:3161::/64 to off,
for the VLAN "top_floor":
configure vlan top_floor router-discovery set prefix 2001:db8:3161::/64 onlink-flag off

Switch Engine™ Command Reference Guide for version 32.7.1 1573

History Commands

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the in the Switch Engine 32.7.1 Feature License Requirements document..

configure router-discovery vrrp-lla-only

configure {vlan} vlan_name router-discovery {ipv6} vrrp-lla-only on_off

Description
Configures the router discovery advertisements to send only with VRRP link local
address on the VRRP-enabled VLAN interface.

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
router-discovery IPv6 Router Discovery configuration
ipv6 IPv6 Router Discovery configuration.
vrrp-lla-only Router advertisement is sent only with VRRP’s virtual link
local address.
on_off Specifies setting the flag to on or off. Default is off.

Default
Default is off.

Usage Guidelines
This command configures the router advertisements to use only VRRP’s link local
address and avoid VLAN link local address on VRRP-enabled VLAN interfaces.

When set to on, VRRP’s link local address is used in router advertisements. If this
command is not entered, the default value is off and VLAN link local address is used in
router advertisements.

Note
You need to explicitly set this value to "off" when VRRP is disabled on the VLAN.

1574 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example configures the router discovery advertisements to use VRRP link
local address for the VLAN "top_floor":
# configure vlan top_floor router-discovery vrrp-lla-only on

History
This command was first available in ExtremeXOS 32.7.1.

Platform Availability
This command is available on all platforms that support the Advanced Edge License as
shown in the Switch Engine 32.7.1 Feature License Requirements document.

configure vlan subvlan

configure vlan vlan_name [add | delete] subvlan sub_vlan_name

Description
Adds or deletes a subVLAN to a superVLAN.

Syntax Description
vlan_name Specifies a superVLAN name.
add Adds the subVLAN to the superVLAN.
delete Deletes the subVLAN from the superVLAN.
sub_vlan_name Specifies a subVLAN name.

Default
N/A.

Usage Guidelines
The following properties apply to VLAN aggregation operation:
• All broadcast and unknown traffic remain local to the subVLAN and does not cross
the subVLAN boundary. All traffic within the subVLAN are switched by the subVLAN,
allowing traffic separation between subVLANs (while using the same default router
address among the subVLANs).
• Hosts can be located on the superVLAN or on subVLANs. Each host can assume any
IP address within the address range of the superVLAN router interface. Hosts on the
subVLAN are expected to have the same network mask as the superVLAN and have
their default router set to the IP address of the superVLAN.
• All IP unicast traffic between subVLANs is routed through the superVLAN. For
example, no ICMP redirects are generated for traffic between subVLANs, because

Switch Engine™ Command Reference Guide for version 32.7.1 1575

Example Commands

the superVLAN is responsible for subVLAN routing. Unicast IP traffic across the
subVLANs is facilitated by the automatic addition of an ARP entry (similar to a proxy
ARP entry) when a subVLAN is added to a superVLAN. This feature can be disabled
for security purposes.

Example
The following example adds the subVLAN "vsub1" to the superVLAN "vsuper":
configure vlan vsuper add subvlan vsub1

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vlan subvlan-address-range

configure vlan vlan_name subvlan-address-range ipaddress1 ipaddress2

Description
Configures subVLAN address ranges on each subVLAN to prohibit the entry of IP
addresses from hosts outside of the configured range.

Syntax Description
vlan_name Specifies a subVLAN name.
ipaddress1 Specifies an IP address.
ipaddress2 Specifies another IP address.

Default
N/A.

Usage Guidelines
There is no error checking to prevent the configuration of overlapping subVLAN
address ranges between multiple subVLANs. Doing so can result in unexpected
behavior of ARP within the superVLAN and associated subVLANs.

1576 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example configures the subVLAN vsuper to prohibit the entry of IP
addresses from hosts outside of the configured range of IP addresses:
configure vlan vsuper subvlan-address-range 10.1.1.1 - 10.1.1.255

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vlan suppress

configure vlan vlan_name suppress [arp-only |none]

Description
This command enables or disables ARP suppression on VXLAN tenant VLANs.

Syntax Description
vlan_name VLAN name.
suppress Specifies suppression of ARP on VXLAN tenant VLANs.
arp-only Specifies ARP suppression. Requests may be proxied.
none Disable ARP suppression (default).

Default
ARP is suppressed.

Usage Guidelines
This command is allowed on VXLAN tenant VLANs only.

Example
The following example enables ARP suppression on VXLAN tenant VLAN "tenant1":
configure vlan tenant1 suppress arp-only

History
This command was first available in ExtremeXOS 22.3.

Switch Engine™ Command Reference Guide for version 32.7.1 1577

Platform Availability Commands

Platform Availability
This command is supported on the ExtremeSwitching 5320, 5420, 5520, 5720 series
switches, and stacks with 5320, 5420, 5520, 5720 slots only.

configure vlan tag

configure {vlan} vlan_name tag tag {remote-mirroring}

Description
Assigns a unique 802.1Q tag to the VLAN.

Syntax Description
vlan_name Specifies a VLAN name.
tag Specifies a value to use as an 802.1Q tag. The valid range is
from 2 to 4095.
remote-mirroring Specifies that the tagged VLAN is for remote mirroring.

Default
The default VLAN uses an 802.1Q tag (and an internal VLANid) of 1.

Usage Guidelines
If any of the ports in the VLAN use an 802.1Q tag, a tag must be assigned to the VLAN.
The valid range is from 2 to 4094 (tag 1 is assigned to the default VLAN, and tag 4095 is
assigned to the management VLAN).

The 802.1Q tag is also used as the internal VLANid by the switch.

You can specify a value that is currently used as an internal VLANid on another VLAN;
it becomes the VLANid for the VLAN you specify, and a new VLANid is automatically
assigned to the other untagged VLAN.

Example
The following command assigns a tag (and internal VLANid) of 120 to a VLAN named
accounting:
configure accounting tag 120

History
This command was first available in ExtremeXOS 10.1.

The remote-mirroring option was added in ExtremeXOS 12.1.

1578 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure vlan udp-profile

configure vlan vlan_name udp-profile [profilename | none]

Description
Associates a UDP forwarding profile to a VLAN.

Syntax Description
vlan_name Specifies a VLAN name.
profilename Specifies a policy file to use for the UDP forwarding profile.
none Removes any UDP forwarding profile from the VLAN.

Default
No UDP profiles are associated with the VLAN.

Usage Guidelines
You can apply a UDP forwarding policy only to an L3 VLAN (a VLAN having at least one
IP address configured on it). If there is no IP address configured on the VLAN, then the
command is rejected.

A UDP forwarding policy must contain only the following attributes. Unrecognized
attributes are ignored.
• Match attributes
◦ Destination UDP port number (destination-port)
◦ Source IP address (source-ipaddress)
• Action modified (set) attributes
◦ Destination IP address (destination-ipaddress)
◦ VLAN name (vlan)

Policy files used for UDP forwarding are processed differently from standard policy
files. Instead of terminating when an entry’s match clause becomes true, each entry in
the policy file is processed and the corresponding action is taken for each true match
clause.

For example, if the following policy file is used as a UDP forwarding profile, any packets
destined for UDP port 67 are sent to IP address 20.0.0.5 and flooded to VLAN to7:

entry one {
if match all {
destination-port 67 ;

Switch Engine™ Command Reference Guide for version 32.7.1 1579

Example Commands

} then {
destination-ipaddress 20.0.0.5 ;
}
}
entry two {
if match all {
destination-port 67 ;
} then {
vlan "to7" ;
}
}

If you include more than one VLAN set attribute or more than one destination-
ipaddress set attribute in one policy entry, the last one is accepted and the rest are
ignored.

Note
Although the ExtremeXOS Policy manager allows you to set a range for the
destination-port, you should not specify the range for the destination-port
attribute in the match clause of the policy statement for the UDP profile. If
a destination-port range is configured, the last port in the range is accepted
and the rest are ignored.

You can have two valid set statements in each entry of a UDP forwarding policy; one
a destination-ipaddress and one a VLAN. ExtremeXOS currently allows a maximum
of eight entries in a UDP forwarding policy, so you can define a maximum of 16
destinations for one inbound broadcast UDP packet: eight IP addresses and eight
VLANs.

Note
It is strongly advised to have no more than eight entries in a UDP forwarding
profile. The UDP forwarding module processes those entries even if the entries
do not contain any attributes for UDP forwarding. Having more than eight
entries drastically reduces system performance. If the inbound UDP traffic rate
is very high, having more than eight entries could cause the system to freeze or
become locked.
If you rename a VLAN referred to in your UDP forwarding profile, you must
manually edit the policy to reflect the new name, and refresh the policy.

You can also validate whether the UDP profile has been successfully associated with
the VLAN by using the command show policy {policy-name | detail}. UDP
forwarding is implemented as part of the netTools process, so the command does
display netTools as a user of the policy.

Example
The following example associates the UDP forwarding profile "port123_to_corporate" to
VLAN "to-sales":
configure vlan to-sales udp-profile port123_to_corporate

1580 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all platforms that use the Edge, Advanced Edge, or
Core license. For information on the licenses available for each platform, see the
Switch Engine 32.7.1 Feature License Requirements document.

configure vlan untagged-ports auto-move

configure vlan untagged-ports auto-move [on | off |inform]

Description
Globally, allows untagged ports to be moved directly from untagged VLANs to either
different untagged VLANs or tagged VLANs.

Syntax Description
on Auto-move global setting is on, which allows you to
move untagged ports from untagged VLANs without first
removing the port VLAN configuration.
off Auto-move global setting is off; you cannot directly
move untagged ports from untagged VLANs without first
removing the port VLAN configuration.
inform Auto-move global setting is on, but you are informed when
such a move occurs (default):
Port # untagged has been auto-moved from VLAN
"x" to "y".

Default
The default is inform.

Usage Guidelines
The global setting of this command impacts the following configuration commands:
• configure vlan add ports on page 1540
• configure vman add ports on page 1593

Moving tagged ports is not impacted by this global setting. You can move tagged ports
directly without having to enable the auto-move global setting.

Switch Engine™ Command Reference Guide for version 32.7.1 1581

Example Commands

Example
The following example turns on the auto-move global setting:
configure vlan untagged-ports auto-move on

The following example turns on the auto-move global setting with the inform option:
configure vlan untagged-ports auto-move inform

When the inform keyword is used, you can directly move an untagged port, but you
are informed that this has occurred:
configure vlan untagged-ports auto-move inform
configure vlan v2 add ports 1 untagged
Port 1 untagged has been auto-moved from VLAN "Default" to "v2".

History
This command was first available in ExtremeXOS 22.1.

The default was changed from off to inform in ExtremeXOS 22.4.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vlan-translation add loopback-port

configure {vlan} vlan_name vlan-translation add loopback-port port

Description
Adds the specified port as a loopback port for the specified member VLAN.

Syntax Description
vlan_name Specifies the name of the member VLAN to which you
want to add the loopback port.
port Specifies the port that serves as the loopback port.

Default
N/A.

Usage Guidelines
If two or more member VLANs have overlapping ports (where the same ports are
assigned to both VLANs), each of the member VLANs with overlapping ports must have
a dedicated loopback port.

1582 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

The loopback port can be added to the member VLAN when the member VLAN is
created, or you can use this command to add the loopback port at a later time.

Example
The following example adds port 2:1 as a loopback port for the member VLAN leafvlan:
configure leafvlan vlan-translation add loopback-port 2:1

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all platforms that support the VLAN Translation feature.
For features and the platforms that support them, see the Switch Engine 32.7.1 Feature
License Requirements document.

configure vlan-translation add member-vlan

configure {vlan} vlan_name vlan-translation add member-vlan
member_vlan_name {loopback-port port}

Description
Adds a member VLAN to a translation VLAN.

Syntax Description
vlan_name Specifies the name of the translation VLAN to which you
want to add the member VLAN.
member_vlan_name Specifies the member VLAN to be added to the translation
VLAN.
port Specifies the port that serves as the loopback port.
loopback-port If two or more member VLANs have overlapping ports
(where the same ports are assigned to both VLANs), each
of the member VLANs with overlapping ports must have a
dedicated loopback port.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 1583

Usage Guidelines Commands

Usage Guidelines
This command configures VLAN tag translation between the two VLANs specified. The
member VLAN is added to the list maintained by translation VLAN. A translation VLAN
can have multiple member VLANs added to it.

Example
The following example adds member VLAN leafvlan to the translation VLAN
branchvlan:
configure branchvlan vlan-translation add member-vlan leafvlan

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all platforms that support the VLAN Translation feature.
For features and the platforms that support them, see the Switch Engine 32.7.1 Feature
License Requirements document.

configure vlan-translation delete loopback-port

configure {vlan} vlan_name vlan-translation delete loopback-port

Description
Deletes the loopback port from the specified member VLAN.

Syntax Description
vlan_name Specifies the name of the member VLAN from which you
want to delete the loopback port.

Default
N/A.

Usage Guidelines
This command disables and deletes the loopback port from the specified member
VLAN. This command does not delete the member VLAN.

1584 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example deletes the loopback port from the member VLAN leafvlan:
configure leafvlan vlan-translation delete loopback-port

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all platforms that support the VLAN Translation feature.
For features and the platforms that support them, see the Switch Engine 32.7.1 Feature
License Requirements document.

configure vlan-translation delete member-vlan

configure {vlan} vlan_name vlan-translation delete member-vlan
[member_vlan_name | all]

Description
Deletes one or all member VLANs from a translation VLAN.

Syntax Description
vlan_name Specifies the name of the translation VLAN from which you
want to delete the member VLAN.
member_vlan_name Specifies the member VLAN to be deleted from the
translation VLAN.
all Deletes all member VLANs from the specified translation
VLAN.

Default
N/A.

Usage Guidelines
This command removes the link between the translation VLAN and the specified
member VLANs, but it does not remove the VLANs from the switch.

Example
The following example deletes member VLAN leafvlan from the translation VLAN
branchvlan:
configure branchvlan vlan-translation delete member-vlan leafvlan

Switch Engine™ Command Reference Guide for version 32.7.1 1585

History Commands

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all platforms that support the VLAN Translation feature.
For features and the platforms that support them, see the Switch Engine 32.7.1 Feature
License Requirements document.

configure vm add | delete ports

configure vm vm_name {add | delete} ports portlist

Description
Adds or deletes dedicated Application Hosting (IAH) or management ports to a virtual
machine (VM).

Syntax Description
vm Designates a virtual machine.
vm_name Specifies the VM name to add or delete ports to.
add Designates adding IAH ports to a VM.
delete Designates deleting IAH ports from a VM.
ports Designates adding or deleting ports.
portlist Selects the IAH ports to add or delete.

Default
N/A.

Usage Guidelines
Multiple VMs cannot use the same sideband port, but they can share the management
port. To view ports for an existing VM, use the command show vm {vm_name |
detail}.

This command does not take effect until the next time the guest VM is started.

The IAH feature requires the Solid State Storage Device SSD-120.

Example
The following example adds port 1–5 to VM "vm1":
# configure vm vm1 add ports 1-5

1586 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all platforms that support the Integrated Application
Hosting (IAH) feature and have a Core or Premier license installed. For a list of platforms
that support the IAH feature and for information about licenses, see the Switch Engine
32.7.1 Feature License Requirements.

configure vm add virtual-interface

configure vm vm_name add virtual-interface port port {vlan vlan_id}
{name vf_name}

Description
Adds a virtual interface to a guest virtual machine (VM).

Syntax Description
vm Virtual machine.
vm_name Specifies the VM to add the virtual interface to.
add Specifies adding a virtual interface.
virtual-interface Specifies the virtual interface to add.
name Specifies adding an optional name to the virtual interface.
vf_name Specifies an optional name (unique within this VM) for the
virtual interface to add to the VM.
port Specifies the associated dedicated port (physical function
for this virtual interface).
port Specifies the dedicated port number.
vlan Specifies an optional VLAN mapped to this virtual interface.
vlan_id Specifies the VLAN ID tag between 1 and 4,094.

Default
N/A.

Usage Guidelines
The maximum number of virtual interfaces that you can attach is 16. The dedicated
port specified cannot already be a dedicated port within the VM.

To delete a virtual interface from a guest VM, use the configure vm vm_name delete
virtual-interface [name vf_name | mac mac_addr] command.

Switch Engine™ Command Reference Guide for version 32.7.1 1587

Example Commands

Example
The following example add a virtual interface to the VM "vm1" on port 7:
# configure vm vm1 add virtual-interface port 7

History
This command was first available in ExtremeXOS 30.5.

Platform Availability
This command is available on all platforms that support the Integrated Application
Hosting (IAH) feature and have a Core or Premier license installed. For a list of platforms
that support the IAH feature and for information about licenses, see the Switch Engine
32.7.1 Feature License Requirements.

configure vm delete virtual-interface

configure vm vm_name delete virtual-interface [name vf_name | mac
mac_addr]

Description
Deletes a virtual interface from a guest virtual machine (VM).

Syntax Description
vm Virtual machine.
vm_name Specifies the VM to delete the virtual interface from.
delete Specifies deleting a virtual interface.
virtual-interface Specifies which virtual interface to delete.
name Specifies deleting a virtual interface by specifying its
optional name.
vf_name Specifies the optional name (unique within this VM) of the
virtual interface to delete from the VM.
mac Specifies deleting a virtual interface by specifying its MAC
address.
mac_addr Specifies the virtual interface MAC address.

Default
N/A.

1588 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
To add a virtual interface to a guest VM, use the configure vm vm_name add virtual-
interface port port {vlan vlan_id} {name vf_name} command.

Example
The following example deletes the virtual interface "my_vf" from the VM "vm1":
# configure vm vm1 delete virtual-interface my_vf

History
This command was first available in ExtremeXOS 30.5.

Platform Availability
This command is available on all platforms that support the Integrated Application
Hosting (IAH) feature and have a Core or Premier license installed. For a list of platforms
that support the IAH feature and for information about licenses, see the Switch Engine
32.7.1 Feature License Requirements.

configure vm cpus
configure vm vm_name cpus num_cpus

Description
Configures an existing virtual machine (VM) CPU allocation.

Syntax Description
vm Designates a virtual machine.
vm_name Specifies the VM name to configure.
cpus Designates specifying the number of CPUs to allocate to
the VM.
num_cpus Specifies the number of CPUs to allocate to the VM. Range
is 1–2. The default is 1.

Default
By default, the number of CPUs allocated is 1.

Usage Guidelines
The number of CPUs allocated to a VM is set when the VM is created (default is 1),
but you can change the allocation with this command. To view the number of CPUs
currently allocated to a VM, use the command show vm {vm_name | detail}.

Switch Engine™ Command Reference Guide for version 32.7.1 1589

Example Commands

This command does not take effect until the next time the guest VM is started.

The Integrated Application Hosting (IAH) feature requires the Solid State Storage
Device SSD-120.

Example
The following example changes the number of CPUs allocated to VM "vm1" to 2:
# configure vm vm1 cpus 2

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all platforms that support the Integrated Application
Hosting (IAH) feature and have a Core or Premier license installed. For a list of platforms
that support the IAH feature and for information about licenses, see the Switch Engine
32.7.1 Feature License Requirements.

configure vm disk bus-type

configure vm vm_name disk bus-type bus_type

Description
Configures the virtual machine's (VM’s) disk bus or controller.

Syntax Description
vm Specifies VMs.
vm_name Specifies the name of the VM.
disk Specifies disk configuration.
bus-type Specifies configuring the disk bus type.
bus_type Specifies the disk bus type (default is VirtIO).

Default
The default is VirtIO.

Usage Guidelines
This command allows you to configure the VM’s disk bus or controller. The default
bus type is VirtIO, but some operating systems are do not support this, and as a

1590 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

consequence, the VM will fail to boot. In this case, you can configure the bus type to IDE
or SCSI.

Example
The following example configures the VM "vm1" to the bus type to IDE:
# configure vm vm1 disk bus-type IDE

History
This command was first available in ExtremeXOS 30.7.

Platform Availability
This command is available on all platforms that support the Integrated Application
Hosting (IAH) feature and have a Core or Premier license installed. For a list of platforms
that support the IAH feature and for information about licenses, see the Switch Engine
32.7.1 Feature License Requirements.

configure vm memory
configure vm vm_name memory memory_size

Description
Changes the amount of memory assigned to an existing virtual machine (VM).

Syntax Description
vm Designates creating a virtual machine.
vm_name Specifies the VM name to change memory for.
memory Designates specifying the amount of RAM allocated to the
VM.
memory_size Specifies the amount of RAM (in MB) allocated to the VM.
The default is 4,096.

Default
By default, the amount of RAM allocated to a VM is 4,096.

Usage Guidelines
The amount of RAM allocated to a VM is set when the VM is created (default is 4,096
MB), but you can change the allocation with this command. To view the amount of
RAM currently allocated to a VM, use the command show vm {vm_name | detail}.

Switch Engine™ Command Reference Guide for version 32.7.1 1591

Example Commands

This command does not take effect until the next time the guest VM is started.

The Integrated Application Hosting (IAH) feature requires the Solid State Storage
Device SSD-120.

Example
The following example changes the amount of RAM allocated to VM "vm1" to 2,000 MB:
# configure vm vm1 memory 2000

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all platforms that support the Integrated Application
Hosting (IAH) feature and have a Core or Premier license installed. For a list of platforms
that support the IAH feature and for information about licenses, see the Switch Engine
32.7.1 Feature License Requirements.

configure vm vnc
configure vm vm_name vnc [none | vnc_display]

Description
Configures the VNC display for a virtual machine (VM).

Syntax Description
vm Designates a virtual machine.
vm_name Specifies the VM name to configure the VNC display for.
vnc Specifies providing a display number for VNC access.
none Disables VNC access (default).
vnc_display Specifies the VNC screen number. Range is 0–15.

Default
By default, VNC access is disabled.

Usage Guidelines
For the VNC display number (or screen number), you can use the values from 0 to 15.
These correspond to TCP ports 5,900 to 5,915.

1592 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Multiple VMs can be configured with the same VNC display, but VMs configured with
the same display number cannot run at the same time. A VM cannot be started if the
VNC port is already in use.

For security reasons, the VNC display is only accessible using SSH tunnel.

Example
The following example enables VNC on VM "vm1" with display number 3:
# configure vm vm1 vnc 3

History
This command was first available in ExtremeXOS 30.5.

Platform Availability
This command is available on all platforms that support the Integrated Application
Hosting (IAH) feature and have a Core or Premier license installed. For a list of platforms
that support the IAH feature and for information about licenses, see the Switch Engine
32.7.1 Feature License Requirements.

configure vman add ports

configure vman vman_name add ports [port_list | all] {tagged | untagged
{port-cvid port_cvid} | cep [ cvid cvid_first { - cvid_last }
{ translate cvid_first_xlate { - cvid_last_xlate } } | port-cvid
port_cvid ]

Description
Adds one or more ports to a VMAN.

Syntax Description
vman-name Specifies the name of the VMAN to configure.
vman_id Specifies the ID of the VMAN to configure
all Specifies all switch ports.
port_list Specifies a list of ports.
untagged Configures the specified ports as Customer Network
Ports (CNPs).
tagged Configures the specified ports as Provider Network
Ports (PNPs), which are also called VMAN network
ports.

Switch Engine™ Command Reference Guide for version 32.7.1 1593

Default Commands

port-cvid Port's customer VLAN ID used for untagged packets.

port_cvid Customer VLAN ID assigned to untagged packets from
1.

Default
If you do not specify a parameter, the default value is untagged, which creates a CNP.

Usage Guidelines
This command adds ports as either CNPs or PNPs. To add a port to a VMAN as a CEP,
use the following command:
configure vman add ports cep on page 1595

The VMAN must already exist before you can add (or delete) ports. VMAN ports can
belong to load-sharing groups.

When a port is configured serve as a CNP for one VMAN and A PNP for another VMAN,
it inspects the VMAN ethertype in received packets. Packets with a matching ethertype
are treated as tagged and switched across the associated PNP VMAN. Packets with a
non-matching ethertype are treated as untagged and forwarded into the associated
CNP VMAN.

When a port is configured only as a CNP (an untagged VMAN member), whether the
VMAN ethertype is 0x8100 or otherwise, all received packets ingress the associated
VMAN regardless of the packet's tagging.

Note
If you use the same name across categories (for example, STPD and EAPS
names), we recommend that you specify the identifying keyword as well as the
actual name. If you do not use the keyword, the system may return an error
message.

The following guidelines apply to all platforms:

• You must enable or disable jumbo frames before configuring VMANs. You can
enable or disable jumbo frames on individual ports or on the entire switch. See
“Configuring Ports on a Switch” in the Switch Engine 32.7.1 User Guide for more
information on configuring jumbo frames.
• Each port can serve in only one VMAN role per VMAN. When multiple roles are
configured on a port, each role must be configured for a different VMAN.
• Multiple VMAN roles can be combined on one port with certain VLAN types as
shown in the following table.

Example
The following example assigns ports 1:1, 1:2, 1:3, and 1:6 to a VMAN named accounting:
configure vman accounting add ports 1:1, 1:2, 1:3, 1:6 tag 100

1594 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.0.

The cvid keyword was added in ExtremeXOS 15.3.2.

The vman_id variable was added in ExtremeXOS 16.1.

The cvid keyword was removed in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vman add ports cep

configure [{vman} vman_name | vman vman_id] add ports port_list
cep cvid cvid_first {- cvid_last} {translate cvid_first_xlate {-
cvid_last_xlate }} | port-cvid port_cvid ]}

Description
Adds one or more switch ports to the specified VMAN as Customer Edge Ports (CEPs),
and configures the CVIDs on those ports to map to the VMAN.

Syntax Description
vman_name Specifies the VMAN to configure.
vman_id Specifies the VMAN ID to configure.
port_list Specifies a list of ports.
cvid_first Specifies a CVLAN ID (CVID) or the first in a range of CVIDs
that the CEP will accept and map to the specified VMAN.
Valid values are 1-4095.
cvid_last Specifies the last in a range of CVIDs that the CEP will
accept and map to the VMAN. Valid values are 1-4095.
translate Enables translation of the specified CEP CVID range to the
specified VMAN CVID range.
cvid_first_xlate Specifies a VMAN CVID or the first in a range of VMAN
CVIDs to which the CEP CVIDs will map. Valid values are
1-4095.
cvid_last_xlate Specifies the last in a range of VMAN CVIDs to which the
CEP CVIDs will map. Valid values are 1-4095. The number of
VMAN CVIDs in this range must equal the number of CEP
CVIDs specified in this command.
port-cvid Port's customer VLAN ID used for untagged packets.
port_cvid Customer VLAN ID assigned to untagged packets from 1.

Switch Engine™ Command Reference Guide for version 32.7.1 1595

Default Commands

Default
N/A.

Usage Guidelines
If you specify only one CVID or a range of CVIDs without translation, the specified CVIDs
are mapped to the specified VMAN and appear unchanged in the VMAN.

If you specify CVID translation, the CEP CVIDs map to different VMAN CVIDs. The
number of CEP CVIDs specified must equal the number of VMAN CVIDs specified. The
first CEP CVID in the specified range maps to the first CVID in the range specified for
the VMAN. The difference between cvid_first and cvid_first_xlate establishes an offset
N that maps CEP CVIDs to VMAN CVIDs. (Offset N = cvid_first_xlate - cvid_first.) The
translated VMAN CVID that corresponds to a CEP CVID can be determined as follows:

VMAN CVID = CEP CVID + N

Note
CVID translation can reduce the number of CVIDs that can be mapped to
VMANs.

After you enable and configure a CEP with this command, you can use the following
command to map additional CVIDs on the port to the VMAN:
configure [ {vman} vman_name | vman vman_id] ports port_list
add cvid cvid_first {- cvid_last} {translate cvid_first_xlate {-
cvid_last_xlate}}

When this command specifies multiple ports, each port gets an independent CVID
map; the ports do not share a common map. Changes to the CVID map affect only
the ports specified in the configuration command. For example, consider the following
commands:

configure vman vman1 add port 1-2 cep cvid 10

configure vman vman1 port 1 add cvid 11

After these commands are entered, port 1 maps CVIDs 10 and 11 to VMAN vman1, and
port 2 maps only CVID 10 to vman1.

You can add the same port as a CEP to multiple VMANs. A port can also support
multiple VMANs in different roles as shown in configure vman vman_name add ports.

To view the CEP CVID configuration for a port, use the show vman command.

ExtremeXOS 21.1 adds an optional port CVID parameter to the existing untagged and
CEP VMAN port configuration options. When present, any untagged packet received
on the port will be double tagged with the configured port CVID and the SVID
associated with the VMAN. If the port is untagged, packets received with a single
CVID will still have the SVID added as usual. If the port is CEP, only untagged and any
specifically configured CVIDs will be allowed. As double tagged packets are received
from tagged VMAN ports and forwarded to untagged VMAN ports, the SVID associated

1596 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

with the VMAN is stripped. Additionally, the CVID associated with the configured Port
CVID is also stripped in the same operation. If the port is CEP and CEP egress filtering is
enabled, only the specified port-cvid and cvids are allowed to egress.

Example
The following example configures port 1 as a CEP for VMAN vman1 and specifies that
CEP CVID 5 maps to CVID 5 on the VMAN:
configure vman vman1 add port 1 cep cvid 5

The following example configures port 1 as a CEP for VMAN vman1 and enables the port
to translate CEP CVIDs 10-19 to VMAN CVIDs 20-29:
configure vman vman1 add port 1 cep cvid 10 - 19 translate 20 - 29

History
This command was first available in ExtremeXOS 12.6.

Platform Availability
This command is available on all Universal switches supported in this document.

The CVID translation feature is available on all platforms.

configure vman delete ports

configure vman [vman_name | vman_list] delete ports [all | port_list]

Description
Deletes one or more ports from a VMAN.

Syntax Description
vman-name Specifies a VMAN name.
vman_list Specifies a VMAN list name.
all Specifies all ports in the VMAN.
port_list Specifies a list of ports.

Default
N/A.

Usage Guidelines
The VMAN must already exist before you can delete ports.

Switch Engine™ Command Reference Guide for version 32.7.1 1597

Example Commands

Example
The following example deletes ports 1, 2, 3, and 6 on a switch for a VMAN named
accounting:
configure vman accounting delete ports 1,2,3,6

History
This command was first available in ExtremeXOS 11.0.

The vman_list variable was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vman ethertype

configure vman ethertype value [primary | secondary]

Description
Changes the default ethertype for the VMAN header.

Syntax Description
value Specifies an ethertype value in the format of 0xffff.
primary Assigns the ethertype as the primary Ethernet value.
secondary Assigns the ethertype as the secondary Ethernet value.

Default
Ethertype value of 0x88a8 and type primary.

Usage Guidelines
The software supports two VMAN ethertype values: a primary value and a secondary
value. By default, the primary ethertype applies to all VMANs. To use the secondary
ethertype, define the ethertype with this command, and then assign the secondary
ethertype to ports with the following command:
configure port port_list ethertype {primary | secondary}

If your VMAN transits a third-party device (other than an Extreme Networks device), you
must configure the ethertype for the VMAN tag as the ethertype that the third-party
device uses. If you configure both primary and secondary ethertypes, you can connect
to devices that use either of the two values assigned.

1598 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

The system supports all VMAN ethertypes, including the standard ethertype of 0x8100.

Example
The following command changes the VMAN ethertype value to 8100:
configure vman ethertype 0x8100

History
This command was first available in ExtremeXOS 11.0.

Support for a secondary ethertype was added in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vman ports add cvid

configure vman vman_name ports [port_list | all] add [cvid cvid_first
{ - cvid_last } { translate cvid_first_xlate { - cvid_last_xlate } }
| port-cvid port_cvid]

Description
Adds one or more CVIDs to a CEP.

Syntax Description
vman_name Specifies the VMAN to configure.
vman_id Specifies the VMAN ID to configure.
port_list Specifies a list of ports.
cvid_first Specifies a Customer VLAN ID (CVID) or the first in a range
of CVIDs that the CEP will accept and map to the specified
VMAN. Valid values are 1-4095.
cvid_last Specifies the last in a range of CVIDs that the CEP will
accept and map to the VMAN. Valid values are 1-4095.
translate Enables translation of the specified CEP CVID range to the
specified VMAN CVID range.
cvid_first_xlate Specifies a VMAN CVID or the first in a range of VMAN
CVIDs to which the CEP CVIDs will map. Valid values are
1-4095.
cvid_last_xlate Specifies the last in a range of VMAN CVIDs to which the
CEP CVIDs will map. Valid values are 1-4095. The number of
VMAN CVIDs in this range must equal the number of CEP
CVIDs specified in this command.

Switch Engine™ Command Reference Guide for version 32.7.1 1599

Default Commands

port-cvid Port's customer VLAN ID used for untagged packets.

port_cvid Customer VLAN ID assigned to untagged packets from 1.

Default
N/A.

Usage Guidelines
Before you can add CVIDs to CEPs, you must configure the target physical ports as
CEPs using the following command:
configure vman add ports on page 1593

If you specify only one CVID or a range of CVIDs without translation, the specified CVIDs
are mapped to the specified VMAN and appear unchanged in the VMAN.

If you specify CVID translation, the CEP CVIDs map to different VMAN CVIDs. The
number of CEP CVIDs specified must equal the number of VMAN CVIDs specified. The
first CEP CVID in the specified range maps to the first CVID in the range specified for
the VMAN. The difference between cvid_first and cvid_first_xlate establishes an offset
N that maps CEP CVIDs to VMAN CVIDs. (Offset N = cvid_first_xlate - cvid_first.) The
translated VMAN CVID that corresponds to a CEP CVID can be determined as follows:

VMAN CVID = CEP CVID + N

Note
CVID translation can reduce the number of CVIDs that can be mapped to
VMANs.

When this command specifies multiple ports, each port gets an independent CVID
map; the ports do not share a common map. Changes to the CVID map affect only
the ports specified in the configuration command. For example, consider the following
commands:
configure vman vman1 add port 1-2 cep cvid 10
configure vman vman1 port 1 add cvid 11

After these commands are entered, port 1 maps CVIDs 10 and 11 to VMAN vman1, and
port 2 maps only CVID 10 to vman1.

To view the CEP CVID configuration for a port, use the show vman command.

Example
The following example adds CVIDs 20-29 to port 1 and VMAN vman1 and enables
translation to CVIDs 30-39:
configure vman vman1 port 1 add cvid 20 - 29 translate 30 - 99

1600 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.6.

The vman_id variable was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all platform.

configure vman ports delete cvid

configure vman vman_name ports [port_list | all] delete [cvid cvid_first
{ - cvid_last } | port-cvid port_cvid]

Description
Deletes one or more CVIDs from a CEP.

Syntax Description
vman_name Specifies the VMAN to configure.
vman_list Specifies the VMAN list to configure.
port_list Specifies a list of ports.
cvid_first Specifies a CVID or the first in a range of CVIDs that are to
be deleted. Valid values are 1-4095.
cvid_last Specifies the last in a range of CVIDs that are to be deleted.
Valid values are 1-4095.

Default
N/A.

Usage Guidelines
Each CEP has its own CVID map, and this command deletes CVIDs only from the ports
specified with this command.

If all the CVIDs are deleted from a CEP, the CEP is deleted from the VMAN.

To view the CEP CVID configuration for a port, use the show vman command.

Example
The following command deletes CVID 15 on port 1 from VMAN vman1:
configure vman vman1 port 1 delete cvid 15

Switch Engine™ Command Reference Guide for version 32.7.1 1601

History Commands

History
This command was first available in ExtremeXOS 12.6.

The vman_list variable was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vman protocol

configure vman [vman_name | vman_list] protocol {filter} filter_name

Description
Configures a VMAN to use a specific protocol filter.

Syntax Description
vman_name Specifies a VMAN name.
vman_list Specifies a VMAN list.
protocol Specifies a protocol filter.
filter Specifies a protocol filter.
filter_name Specifies a protocol filter name.

Default
N/A.

Usage Guidelines
Use this command to configure a VMAN to use a specific protocol filter.

Protocol Filters
These devices do not forward packets with a protocol-based VLAN set to AppleTalk. To
ensure that AppleTalk packets are forwarded on the device, create a protocol-based
VLAN set to “any” and define other protocol-based VLANs for other traffic, such as IP
traffic. The AppleTalk packets pass on the “any” VLAN, and the other protocols pass
traffic on their specific protocol-based VLANs.

Example
The following example configures the protocol filter “my_filter” to vlan v1:
configure vlan v1 protocol my_filter
configure vlan v1 protocol filter my_filter

1602 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 10.1.

The filter keyword was added in ExtremeXOS 15.5.

The vman_list variable was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vman tag

configure vman vman_name tag tag

Description
Assigns a tag to a VMAN.

Syntax Description
vman_name Specifies a VMAN name.
tag Specifies a value to use as the VMAN tag. The valid range is
from 2 to 4094.

Default
N/A.

Usage Guidelines
Every VMAN requires a unique tag.

You can specify a value that is currently used as an internal VLAN ID on another VLAN;
it becomes the VLAN ID for the VLAN you specify, and a new VLAN ID is automatically
assigned to the other untagged VLAN.

Example
The following example assigns a tag of 120 to a VMAN named "accounting":
configure vman accounting tag 120

History
This command was first available in ExtremeXOS 11.0.

Switch Engine™ Command Reference Guide for version 32.7.1 1603

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure vm-tracking authentication database-order

configure vm-tracking authentication database-order [[nms] | [vm-map] |
[local] | [nms local] | [local nms] | [nms vm-map] | [vm‑maplocal] |
[local vm-map] | [nms vm-map local] | [localnmsvm-map]]

Description
Configures the authentication database options and sequence for VM authentication.

Syntax Description
nms Specifies the configured Network Management System
(NMS).
vm-map Specifies the configured VMMAP file.
local Specifies the configured local database.

Default
nms vm-map local.

Usage Guidelines
The switch attempts VM authentication in the sequence specified. For example,
in the default configuration, the switch attempts NMS authentication first, VMMAP
authentication second, and local authentication third. If nms is specified, the switch
always attempts NMS authentication before attempting VMMAP file authentication.

Example
The following command configures the database authentication order:
# configure vm-tracking authentication database-order local nms vm-map

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

1604 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure vm-tracking blackhole

configure vm-tracking blackhole

configure vm-tracking blackhole [policy policy_name | dynamic-rule
rule_name | none]

Description
Specifies a policy file or dynamic ACL rule to apply to VMs during periods that are
outside of the approved time slot for that VM.

Syntax Description
policy_name Specifies the name of a policy file to apply to the VM
authentication request.
rule_name Specifies the name of an ACL rule to apply to the VM
authentication request.

Default
N/A.

Usage Guidelines
This command is not supported in this software release. It will be supported in a future
release.

The none option applies no policy name or ACL rule during periods that are outside of
the approved time slot for that VM.

Note
This command is provided to support future identity management features. It
serves no practical purpose in this release.

Example
The following command applies no policy name or ACL rule during periods that are
outside of the authorized authentication period:
# configure vm-tracking blackhole none

History
This command was first visible in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1605

configure vm-tracking local-vm Commands

configure vm-tracking local-vm

configure vm-tracking local-vm mac-address mac [name name | ip-address
ipaddress | vpp vpp_name] | vlan-tag tag {vr vr_name}]

Description
Configures the parameters associated with a local VM database entry to be used for VM
MAC local authentication.

Syntax Description
mac Specifies the MAC address for the VM database entry you
want to configure.
name Specifies a name to represent this VM in show vm-tracking
command display.
ipaddress Specifies the IP address for the VM. This must match the IP
address configured on the VM.
vpp_name Specifies the name of a VPP to apply to the local VM.
tag VLAN tag between 1 and 4094.
vr_name Virtual router name.

Default
N/A.

Usage Guidelines
Before you configure a VM entry in the local VM database, you must create the entry
with the create vm-tracking local-vm command.

Before you assign an VPP to a VM entry in the local VM database, you must create the
VPP with the create vm-tracking vpp command.

Example
The following command configures an IP address for the VM entry specified by the
MAC address:
# configure vm-tracking local-vm mac-address 00:E0:2B:12:34:56 ip-address 10.10.10.1

History
This command was first available in ExtremeXOS 12.5.

The ingress-vpp and egress-vpp options were replaced with the vpp option in
ExtremeXOS 12.6.

1606 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

The vlan-tag and vr-name options were added in ExtremeXOS15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vm-tracking nms timeout

configure vm-tracking nms timeout seconds

Description
Configures the timeout period for authentication attempts with the configured NMS
servers.

Syntax Description
seconds Specifies the timeout period in seconds.

Default
3 seconds.

Usage Guidelines
None.

Example
The following command configures the switch to allow 1 minute for successful
authentication of a VM with the NMS server:
# configure vm-tracking nms timeout 60

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vm-tracking nms

configure vm-tracking nms [primary | secondary] server [ipaddress |
hostname] {udp_port} client-ip client_ip shared-secret {encrypted
encrypted_secret | secret } {vr vr_name}

Switch Engine™ Command Reference Guide for version 32.7.1 1607

Description Commands

Description
Configures the switch RADIUS client to an NMS for VM authentication.

Syntax Description
primary | secondary Specifies the whether you are configuring the primary or
secondary NMS.
ipaddress Specifies the NMS IP address.
hostname Specifies the NMS DNS hostname.
udp_port Specifies the UDP port number of the NMS application.
client_ip Specifies the client IP address, which is the switch IP
address on the interface leading to the NMS.
encrypted Specifies that the secret key for communications with the
NMS is encrypted.
secret Specifies a key or password for communications with the
NMS.
vr_name Specifies the VR that is used to access the NMS.

Default
N/A.

Usage Guidelines
The NMS is a RADIUS server such as the one provided with Ridgeline.

Example
The following command configures the switch to authenticate VMs through the
primary NMS server Ridgeline using the password password:
# configure vm-tracking nms primary server Ridgeline client-ip 10.10.3.3 shared-secret
password

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

1608 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure vm-tracking repository

configure vm-tracking repository

configure vm-tracking repository [primary | secondary] server [ipaddress
| hostname] {vr vr_name} {refresh-interval seconds} {path-name
path_name} {user user_name {encrypted encrypted_password | password }

Description
Configures FTP file synchronization for NVPP and VMMAP files.

Syntax Description
primary | secondary Specifies the whether you are configuring the primary or
secondary FTP server.
ipaddress Specifies the FTP server IP address.
vr_name Specifies the VR that is used to access the FTP server.
seconds Specifies how often the switch updates the local files that
are synchronized with the FTP server. The range is 40 to
3600 seconds.
path_name Specifies the path to the repository server files from
the FTP server root directory. The default directory for
repository server files is: pub.
user_name Specifies a user name for FTP server access. If no username
is specified, the switch uses user name anonymous.
encrypted This keyword indicates that the specified password is
encrypted.
password Specifies the password for the specified user name.

Default
Refresh interval: 600 seconds.

Usage Guidelines
Some jitter is added to the refresh interval period to prevent all switches from
downloading files at the same time.

Example
The following example configures the switch to refresh the VMMAP and NVPP files
from primary FTP server ftp1 every five minutes:
# configure vm-tracking repository primary server ftp1 refresh-interval 300

History
This command was first available in ExtremeXOS 12.5.

Switch Engine™ Command Reference Guide for version 32.7.1 1609

Platform Availability Commands

Support for specifying an FTP user name was added in ExtremeXOS 12.6.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vm-tracking timers

configure vm-tracking timers reauth-period reauth_period

Description
Configures the RADIUS reauthentication period for VM MAC addresses.

Syntax Description
reauth_period Specifies the reauthentication period in seconds. The
ranges are 0 and 30-7200 seconds.

Default
0 seconds.

Usage Guidelines
One way to periodically apply Virtual Port Profiles (VPPs) to VM MAC addresses is to
configure a reauthentication period. At the end of each reauthentication period, the
switch reauthenticates each VM MAC address and applies any updated VPPs.

This command applies to only those VMs that authenticate through RADIUS.
Reauthentication is disabled when the reauthentication period is set to 0 seconds.
When reauthentication is disabled, the VM MAC address remains authenticated until
the FDB entry for that VM expires.

Example
The following command enables RADIUS server reauthentication at 2 minute intervals:
# configure vm-tracking timers reauth-period 120

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

1610 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure vm-tracking vpp add

configure vm-tracking vpp add

configure vm-tracking vpp vpp_name add [ingress | egress] [policy
policy_name | dynamic-rule rule_name] {policy-order policy_order}

Description
Configures an LVPP to use the specified policy or ACL rule.

Syntax Description
vpp_name Specifies the name of an existing LVPP.
add Specifies whether the LVPP should start using the
specified policy or rule.
ingress Specifies that the policy mapped to the LVPP is for ingress
traffic.
egress Specifies that the policy mapped to the LVPP is for egress
traffic.
policy_name Specifies a policy to add to or delete from the LVPP.
rule_name Specifies a dynamic ACL rule to add to or delete from the
LVPP.

Default
N/A.

Usage Guidelines
Multiple ACL or policy files can be mapped to each LVPP. A maximum of 8 ingress
and 4 egress ACL or policies are available to be mapped to each LVPP. If the policy
file or dynamic rule specified in this command fails to bind, then the CLI command is
rejected.

Before you can configure an LVPP, you must first create it with the create vm-
tracking vpp command.

Example
The following command configures LVPP vpp1 to use the dynamic ACL rule named
rule1 for ingress traffic:
# configure vm-tracking vpp vpp1 add ingress dynamic-rule rule1

History
This command was first available in ExtremeXOS 12.5.

The ingress and egress keywords were added in ExtremeXOS 12.6.

Switch Engine™ Command Reference Guide for version 32.7.1 1611

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure vm-tracking vpp counters

configure vm-tracking vpp vpp_name counters [ingress-only | egress-only
| both | none]

Description
Configures whether counters need to be installed for Virtual Machine MAC which
receives this VPP mapping.

Syntax Description
ingress-only Only counts packets ingressing the switch whose source
MAC address matches VM MAC.
egress-only Only counts packets egressing the switch whose source
MAC address matches VM MAC.
both Counts packets ingressing and egressing the switch whose
source MAC address matches VM MAC.
none No packets will be counted.

Default
N/A.

Usage Guidelines
Use this command to configure whether counters need to be installed for Virtual
Lachine MAC which receives this VPP mapping.

Example
Example output not yet available and will be provided in a future release.

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

1612 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure vm-tracking vpp delete

configure vm-tracking vpp delete

configure vm-tracking vpp vpp_name delete [ingress | egress] [policy
policy_name | dynamic-rule rule_name] {policy-order policy_order}

Description
Specifies that the LVPP should stop using the specified policy or rule.

Syntax Description
vpp_name Specifies the name of an existing LVPP.
delete Specifies whether the LVPP should stop using the specified
policy or rule.
ingress Specifies that the policy mapped to the LVPP is for ingress
traffic.
egress Specifies that the policy mapped to the LVPP is for egress
traffic.
policy_name Specifies a policy to add to or delete from the LVPP.
rule_name Specifies a dynamic ACL rule to add to or delete from the
LVPP.

Default
N/A.

Usage Guidelines
Multiple ACL or policy files can be mapped to each LVPP. A maximum of 8 ingress
and 4 egress ACL or policies are available to be mapped to each LVPP. If the policy
file or dynamic rule specified in this command fails to bind, then the CLI command is
rejected.

Before you can configure an LVPP, you must first create it with the create vm-
tracking vpp command.

Example
The following command configures LVPP vpp1 to use the dynamic ACL rule named
rule1 for ingress traffic:
# configure vm-tracking vpp vpp1 add ingress dynamic-rule rule1

History
This command was first available in ExtremeXOS 12.5.

The ingress and egress keywords were added in ExtremeXOS 12.6.

Switch Engine™ Command Reference Guide for version 32.7.1 1613

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

configure vm-tracking vpp vlan-tag

configure vm-tracking vpp vpp_name vlan-tag tag {vr vr_name}

Description
This command configures the VLAN tag and VR name for VPP. If the detected VM MAC
uses this VPP, then the port in which the VM MAC is detected will be placed on this
VR/VLAN.

Syntax Description
vpp_name Specifies a name for the LVPP.
tag Specifies a name for the VLAN tag.
vr_name Specifies a name for the Virtual Router.

Default
N/A.

Usage Guidelines
Use this command to configure the VLAN tag and VR name for VPP. If the detected VM
MAC uses this VPP, then the port in which the VM MAC is detected will be placed on
this VR/VLAN.

Example
Example output not yet available and will be provided in a future release.

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vpex auto-configuration mlag-id

configure vpex auto-configuration mlag-id [cascade | ring]

1614 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Sets a preference for when Auto-Configuration configures the virtual MLAG ID. The
default (cascade) configures the virtual MLAG ID whenever a 2nd-tier BPE is detected
remotely, but not locally.

Syntax Description
vpex Specifies Virtual Port Extender (VPEX).
auto-configuration Specifies the VPEX Auto-Configuration of cascade ports
and VPEX slots.
mlag-id Specifies setting a unique MLAG identifier of the MLAG
port attached to the bridge port extender (BPE).
cascade Specifies to configure the virtual MLAG identifier when a
2nd-tier BPE is detected on the other controlling bridge,
but not locally (default).
ring Specifies to configure the virtual MLAG identifier when a
ring is detected.

Default
cascade.

Usage Guidelines
The ring option provides more cabling time if you need to cable the chain of BPEs as
duel-homed instead of single-homed.

This command is applicable only when VPEX Auto-Configuration is enabled in MLAG

mode.

Example
The following example configures the default cascade option:
# configure vpex auto-configuration mlag-id cascade

The following example displays output when VPEX Auto-Configuration is not enabled
in MLAG mode:
# configure vpex auto-configuration mlag-id ring
Error: VPEX Auto-Configuration is not in MLAG mode. Bring up MLAG peer, disable then
re-enable VPEX Auto-Configuration.

History
This command was first available in ExtremeXOS 31.7.

Switch Engine™ Command Reference Guide for version 32.7.1 1615

Platform Availability Commands

Platform Availability
This command is available on ExtremeSwitching 5420 and 5520 series switches, and
Extreme 7520-48Y switches.

configure vpex mlag-id peer

configure vpex mlag-id mlag_id peer peer_name slot slot_num

Description
In an Extended Edge Switching topology, allows the bridge port extender (BPE) slot
assignment to be applied to an identifier on the specified MLAG peer when the port
connected to the BPE is physically connected to the MLAG peer switch.

Syntax Description
vpex Specifies Virtual Port Extender (VPEX).
mlag-id Specifies setting a unique MLAG identifier of the MLAG
port attached to the bridge port extender (BPE).
mlag_id Sets the MLAG identifier value of the MLAG port attached
to the BPE. Range is 1–65,000.
peer Specifies naming the MLAG peer switch.
peer_name Name of the MLAG peer switch.
slot Specifies configuring the slot identifier for the attached
BPE.
slot_num Specifies the BPE slot number. Range is 100–162.

Default
N/A

Usage Guidelines
An Extended Edge Switching topology allows the BPE slot assignment to be applied to
an MLAG identifier on the specified MLAG peer when the port connected to the BPE is
physically connected to the MLAG peer switch.

The same Extended Edge Switching slot number must have been declared on the
MLAG peer that has a port in the MLAG. On the peer with the MLAG port, either this
form of the command can be used, or the traditional form where a controlling bridge
port is related to a slot number.

Example
The following example for MLAG peer switch "cb2" declares slot 100 on MLAG "11":
# configure vpex mlag-id 11 peer cb2 slot 100

1616 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 22.7.

Platform Availability
This command is available on ExtremeSwitching 5420 and 5520 series switches, and
Extreme 7520-48Y switches.

configure vpex ports

configure vpex ports port_list slot slot_num

Description
Allows you to associate a bridge port extender (BPE) to a slot.

Syntax Description
vpex Specifies Virtual Port Extender (VPEX).
ports Specifies the switch ports attached to the BPE.
port_list Specifies the switch ports attached to the BPE. Must be in
the format slot:port. Only a single port can be configured
at a time.

Note: If the switch port is a LAG, the port specified must be

the master port.

slot Specifies VPEX BPE slot assignment.

slot_num Specifies VPEX BPE slot assignment. Value must be
between 100–162.

Default
N/A

Usage Guidelines
You must enable VPEX mode (enable vpex) before using this command.

The behavior of this command is similar to assigning slots within a chassis. After
assigning a slot number to the port extender, you can make port-level configuration
choices with the familiar slot:port notation in other commands involving the port
extender's ports (for example, configure vlan v1 add port 100:1).

This command causes jumbo frames to be enabled on the specified ports.

Switch Engine™ Command Reference Guide for version 32.7.1 1617

Example Commands

Example
The following example assigns a BPE attached to switch port 1:23 to slot 100:
# configure vpex ports 1:23 slot 100

History
This command was first available in ExtremeXOS 22.5.

Platform Availability
This command is available on ExtremeSwitching 5420 and 5520 series switches, and
Extreme 7520-48Y switches.

configure vpex ring rebalancing

configure vpex ring rebalancing [auto | off]

Description
In an Extended Edge Switching ring topology, places the "ring common" link between
approximately equal length cascades.

Syntax Description
vpex Specifies Virtual Port Extender (VPEX).
ring Specifies ring topology changes.
rebalancing Places the ring common link between approximately equal
length cascades.
auto Ring re-balancing will automatically run at the next ring
convergence.
off Automatic ring re-balancing is disabled (default).

Default
By default, ring re-balancing is disabled.

Usage Guidelines
This command controls the Extended Edge Switching ring re-balancing operation. Re-
balancing may or may not take place at the time that ring formation is complete,
depending on the setting of this command. An Extended Edge Switching ring consists
of two configured Extended Edge Switching cascades of BPEs that are connected
at their ends. The connected link is called the ring common link. The ring forms
automatically. Two control plane cascades span all bridge port extenders (BPEs) in the
ring, with each originating from a controlling bridge (CB) port and ending at the BPE
that is connected to the other CB port. However, the data plane cascades remain as

1618 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

configured (that is, no data plane traffic crosses the common link). Re-balancing moves
the ring common link so that the data plane cascades are approximately equal in
length. The cost of doing this is a data plane disruption to some BPEs in the ring that is
the same as that which would have occurred had a single link in the ring been broken.
Re-balancing is a dynamic operation. It does not change the cascade configurations.

Changing this setting takes effect the next time that a ring experiences a new ring
formation. There is no immediate effect.

You can view your re-balancing selection with the show vpex command.

Example
The following example turns off ring re-balancing:

# configure vpex ring rebalancing off

History
This command was first available in ExtremeXOS 22.7.

Platform Availability
This command is available on ExtremeSwitching 5420 and 5520 series switches, and
Extreme 7520-48Y switches.

configure vpls
configure vpls vpls_name {dot1q [ethertype hex_number | tag [include |
exclude]]} {mtu number}

Note
This command has been replaced with the following command:
configure l2vpn [vpls vpls_name | vpwsvpws_name] {dot1q
[ethertypehex_number | tag [include | exclude]]} {mtunumber} .
This command is still supported for backward compatibility, but it will be
removed from a future release, so we recommend that you start using the
new command.

Description
Configures VPLS parameters.

Syntax Description
vpls_name Identifies the VPLS within the switch (character string).
dot1q Specifies the action the switch performs with respect to the 802.1Q
ethertype or tag.

Switch Engine™ Command Reference Guide for version 32.7.1 1619

Default Commands

ethertype Overwrites the ethertype value for the customer traffic sent across the
PW.
hex_number Identifies the ethertype, uses the format of 0xN.
tag Specifies the action the switch performs with respect to the 802.1Q
tag.
include Includes the 802.1Q tag when sending packets over the VPLS L2 VPN.
exclude Strips the 802.1Q tag before sending packets over the VPLS L2 VPN.
mtu Specifies the MTU value of the VPLS transport payload packet.
number The size (in bytes) of the MTU value. The configurable MTU range is
1492 through 9216. The default VPLS MTU value is 1500.

Default
dot1q tag - excluded.

ethertype - the configured switch ethertype is used.

number (MTU) - 1500.

Usage Guidelines
This command configures the VPLS parameters. PWs are point-to-point links used
to carry VPN traffic between two devices within the VPLS. Each device must be
configured such that packets transmitted between the endpoints are interpreted and
forwarded to the local service correctly. The optional ethertype keyword may be used
to overwrite the Ethertype value for the customer traffic sent across the PW. By default,
the configured switch ethertype is used. If configured, the ethertype in the outer 802.1q
field of the customer packet is overwritten using the configured ethertype value. The
ethertype value is ignored on receipt.

Optionally, the switch can be configured to strip the 802.1q tag before sending packets
over the VPLS L2 VPN. This capability may be required to provide interoperability with
other vendor products or to emulate port mode services. The default configuration is to
include the 802.1q tag.

The mtu keyword optionally specifies the MTU value of the VPLS transport payload
packet (customer packet). The MTU value is exchanged with VPLS-configured peer
nodes. All VPLS peer nodes must be configured with the same MTU value. If the MTU
values do not match, PWs cannot be established between VPLS peers. The MTU values
are signaled during PW establishment so that endpoints can verify that MTU settings
are equivalent before establishing the PW. By default the VPLS MTU is set to 1500.
The configurable MTU range is 1492 through 9216. Changing the MTU setting causes

1620 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

established PWs to terminate. VPLS payload packets may be dropped if the VPLS MTU
setting is greater than the MPLS MTU setting for the PW interface.

Note
The maximum MTU value supported depends on the current configuration
options. For more information, see Configuring the Layer 2 VPN MTU in the
Switch Engine 32.7.1 User Guide.

Example
The following commands change the various parameters of a particular VPLS:

configure vpls vpls1 dot1q ethertype 0x8508

configure vpls vpls1 dot1q ethertype 0x8509 mtu 2500
configure vpls vpls1 dot1q tag exclude mtu 2430
configure vpls vpls1 dot1q mtu 2500

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure vpls add peer

configure vpls vpls_name add peer ipaddress {core {full-mesh | primary |
secondary} | spoke}

Note
This command has been replaced with the following command: . This
command is still supported for backward compatibility, but it will be
removed from a future release, so we recommend that you start using the
new command.

configure l2vpn [vpls vpls_name | vpws vpws_name] add peer ipaddress

{core {full-mesh | primary | secondary} | spoke}

Description
Configures a VPLS or H-VPLS peer for the node you are configuring.

Syntax Description
vpls_name Specifies the VPLS for which you are configuring a peer.
ipaddress Specifies the IP address of the peer node.

Switch Engine™ Command Reference Guide for version 32.7.1 1621

Default Commands

core Specifies that the peer is a core node.

full-mesh Specifies that the peer is a core full-mesh node. This is the default
setting if neither the core or spoke options are specified.
primary Specifies that the peer is an H-VPLS core node and configures a
primary H-VPLS connection to that core node.
secondary Specifies that the peer is an H-VPLS core node and configures a
secondary H-VPLS connection to that core node.
spoke Specifies that the peer is a H-VPLS spoke node.

Default
N/A.

Usage Guidelines
Up to 32 core nodes can be configured for each VPLS. H-VPLS spoke nodes can
peer with core nodes. Nodes can belong to multiple VPLS instances. The ipaddress
parameter identifies the VPLS node that is the endpoint of the VPLS PW.

Core nodes must be configured in a full-mesh with other core nodes. Thus, all core
nodes in the VPLS must have a configured PW to every other core node serving this
VPLS. By default, the best LSP is chosen for the PW. The underlying LSP used by
the PW can be configured by specifying the named LSP using the CLI command
configure l2vpn [vpls vpls_name | vpwsvpws_name] peeripaddress [add |
delete] mpls lsplsp_name .

Spoke nodes establish up to two point-to-point connections to peer with core nodes. If
both primary and secondary peers are defined for a spoke node, the spoke node uses
one of the peers for all communications. If both peers are available, the spoke node
uses the connection to the primary peer. If the primary peer connection fails, the spoke
node uses the secondary peer. If the primary peer later recovers, the spoke node reverts
back to using the primary peer.

Example
The following command adds a connection from the local core switch to the core
switch at 1.1.1.202:

configure vpls vpls1 add peer 1.1.1.202

The following command adds a connection from the local core switch to the spoke
switch at 1.1.1.201:

configure vpls vpls1 add peer 1.1.1.201 spoke

1622 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The following command adds a primary connection from the local spoke switch to the
core switch at 1.1.1.203:

configure vpls vpls1 add peer 1.1.1.203 core primary

History
This command was first available in ExtremeXOS 11.6.

Support for H-VPLS was first available in ExtremeXOS 12.1.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure vpls delete peer

configure vpls vpls_name delete peer [ipaddress | all]

Note
This command has been replaced with the command below. This command
is still supported for backward compatibility, but it will be removed from a
future release, so we recommend that you start using the new command.

configure l2vpn [vpls vpls_name | vpws vpws_name] delete peer

[ipaddress | all]

Description
Deletes a VPLS peer from the specified vpls_name.

Syntax Description
vpls_name Identifies the VPLS within the switch (character string).
ipaddress Specifies the IP address for the peer node that is the
endpoint of the VC-LSP.
all Deletes all VPLS peers.

Default
N/A.

Usage Guidelines
This command deletes a VPLS peer from the specified vpls_name. When the VPLS peer
is deleted, VPN connectivity to the VPLS peer is terminated. The all keyword may be
used to delete all peers associated with the specified VPLS.

Switch Engine™ Command Reference Guide for version 32.7.1 1623

Example Commands

Example
The following example removes connectivity to 1.1.1.202 from VPLS1:

configure vpls vpls1 delete peer 1.1.1.202

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in in
the Switch Engine 32.7.1 Feature License Requirements document.

configure vpls delete service

configure vpls vpls_name delete service [{vlan} vlan_name | {vman}
vman_name]

Note
This command has been replaced with the following command: configure
l2vpn [vpls vpls_name | vpws vpws_name] delete service [{vlan}
vlan_name | {vman} vman_name] .
This command is still supported for backward compatibility, but it will be
removed from a future release, so we recommend that you start using the
new command.

Description
Deletes local VPLS service from the specified vpls_name.

Syntax Description
vpls_name Identifies the VPLS interface within the switch (character string).
vlan_name Logically binds the VLAN to the specified VPLS.
vman_name Adds the named VMAN to the VPLS.

Default
N/A.

1624 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This command deletes the local VPLS service from the specified vpls_name. Specifying
the vlan_name or vman_name deletes the service from the VPLS. If there are no services
configured for the VPLS, all PWs within the VPLS are terminated from the switch.

Example
The following example removes a service interface from a VPLS:

configure vpls vpls1 delete vman vman1

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure vpls health-check vccv

configure vpls [vpls_name | all] health-check vccv {interval
interval_seconds} {fault-multiplier fault_multiplier_number}

Note
This command has been replaced with the following command:
configure l2vpn [vpls [vpls_name | all] | vpws [vpws_name
| all]] health-check vccv {intervalinterval_seconds} {fault-
multiplierfault_multiplier_number} .
This command is still supported for backward compatibility, but it will be
removed from a future release, so we recommend that you start using the
new command.

Description
Configures the VCCV health check test and fault notification intervals for the specified
VPLS instance.

Syntax Description
vpls_name Identifies the VPLS instance for which health check is to be
configured.
all Specifies that the configuration applies to all VPLS instances on the
local node.

Switch Engine™ Command Reference Guide for version 32.7.1 1625

Default Commands

interval_secon Defines the interval between health check tests. The range is 1 to 10
ds seconds.
fault_multipli Specifies how long health check waits before a warning
er_ number level message is logged. The wait period is the
interval_seconds multiplied by the fault_multiplier_number.
The fault_multiplier_number range is 2 to 6.

Default
Interval is 5 seconds.

Fault mulitplier is 4.

Usage Guidelines
The VCCV health-check configuration parameters can be configured at anytime after
the VPLS has been created.

The show l2vpn {vpls {{vpls_name} | vpws {{vpws_name}} {peeripaddress}

{detail} | summary} command displays the configured interval_seconds and
fault-multiplier_number values for the VPLS and the VCCV activity state.

Example
The following command configures the health check feature on the VPLS instance
myvpls:

configure vpls myvpls health-check vccv interval 10 fault-notification 40

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure vpls peer l2pt profile

configure {l2vpn} vpls vpls_name peer ipaddress l2pt profile [none |
profile_name]

Description
Configures L2PT profiles on service interfaces.

1626 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
l2vpn Specifies the Layer 2 Virtual Private Network.
vplsvpls_name Specifies Virtual Private LAN Service over MPLS, and the
alphanumeric string identifying the VPLS VPN.
peer ipaddress Specifies the VPLS peer, and the IPv4 address.
l2pt profile Specifies Layer 2 protocol tunneling and the L2PT profile
for the PW.
none Specifies that no L2PT profile should be bound to the PW
(default).
profile_name Specifies the L2PT profile to be bound to the PW.

Default
Disabled.

Usage Guidelines
Use this command to configure L2PT profiles on service interfaces.

Example
The following example unbind the L2PT profile from peer 1.1.1.1 of VPLS cust2:
configure l2vpn vpls cust2 peer 1.1.1.1 l2pt profile none

The following example binds my_l2pt_prof with peer 1.1.1.1 of VPLS cust1. my_l2pt_prof
specifies tunneling actions:
configure l2vpn vpls cust1 peer 1.1.1.1 l2pt profile my_l2pt_prof
Error: Tunnel action may be applied only to ports.

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1627

configure vpls peer mpls lsp Commands

configure vpls peer mpls lsp

configure vpls vpls_name peer ipaddress [add | delete] mpls lsp lsp_name

Note
This command has been replaced with the following command: configure
l2vpn [vpls vpls_name | vpwsvpws_name] peer ipaddress [add |
delete] mpls lsplsp_name .
This command is still supported for backward compatibility, but it will be
removed from a future release, so we recommend that you start using the
new command.

Description
Configures a named LSP to be used for the PW to the specified VPLS peer.

Syntax Description
vpls_name Identifies the VPLS within the switch (character string).
ipaddress Specifies the IP address for the peer node that is the
endpoint of the PW-LSP.
add Permits addition of up to four RSVP-TE LSPs to the VPLS
peer.
delete Removes the LSP specified by the lsp_name parameter
from the PW-LSP aggregation list.
lsp_name Removes the specified lsp.

Default
N/A.

Usage Guidelines
This command configures a named LSP to be used for the PW to the specified VPLS
peer. The delete keyword removes the LSP specified by the lsp_name. If all the named
LSPs are deleted to the configured VPLS peer, VPLS attempts to use the best-routed
path LSP, if one exists. The delete portion of this command cannot be used to remove a
named LSP that was selected by the switch as the best LSP. If no LSPs exist to the VPLS
peer, VPN connectivity to the VPLS peer is lost. Currently, the VPLS PW uses only one
LSP.

In ExtremeXOS 15.4, this command is modified to display an informational message

when multiple transport LSPs are configured for a VPLS PW, when LSP sharing is not
enabled. This message is only displayed once per switch boot.

1628 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following examples add and remove a named LSP:
configure vpls vpls1 peer 1.1.1.202 add mpls lsp "to-olympic4"
configure vpls vpls1 peer 1.1.1.202 delete mpls lsp "to-olympic4"
configure vpls vpls1 peer 20.20.20.83 add mpls lsp lsp2

Note
To share LSPs in HW, use the enable l2vpn sharing command.

History
This command was first available in ExtremeXOS 11.6.

This command was modified, in ExtremeXOS 15.4, to display an informational message

when multiple transport LSPs are configured for a VPLS PW, and LSP sharing is not
enabled.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure vpls peer

configure vpls vpls_name peer ipaddress [limit-learning number |
unlimited-learning]

Note
This command has been replaced with the following command: configure
l2vpn [vpls vpls_name | vpwsvpws_name] peeripaddress [limit-
learningnumber | unlimited-learning] .
This command is still supported for backward compatibility, but it will be
removed from a future release, so we recommend that you start using the
new command.

Description
Configures the maximum number of MAC SAs (Source Addresses) that can be learned
for a given VPLS and peer.

Syntax Description
vpls_name Identifies the VPLS within the switch (character string).
ipaddress Specifies the IP address for the peer node that is the
endpoint of the PW-LSP.

Switch Engine™ Command Reference Guide for version 32.7.1 1629

Default Commands

limit-learning Specifies a limit to the number of MAC SAs to be learned

for the specified VPLS and peer.
number The maximum number of MAC SAs that can be learned for
the specified VPLS and peer.
unlimited-learning Specifies no limit to the number of MAC SAs to be learned
for the specified VPLS and peer.

Default
Unlimited.

Usage Guidelines
This command configures the maximum number of MAC SAs (Source Addresses)
that can be learned for a given VPLS and peer. This parameter can only be modified
when the specified VPLS is disabled. The unlimited-learning keyword can be used to
specify that there is no limit. The default value is unlimited-learning.

Example
The following example causes no more than 20 MAC addresses to be learned on
VPLS1’s PW to 1.1.1.202:

configure vpls vpls1 peer 1.1.1.202 limit-learning 20

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure vpls snmp-vpn-identifier

configure vpls vpls_name snmp-vpn-identifier identifier

Description
Configures a SNMP VPN identifier for traps from the specified VLPLS.

1630 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vpls_name Specifies the VPLS for which you are configuring the identification
string.
identifier Specifies a text string to identify the VPLS in SNMP traps.

Default
N/A.

Usage Guidelines
None.

Example
The following command configures the identifier vpls1trap for SNMP VPN traps on VPLS
vpls1:

configure vpls vpls1 snmp-vpn-identifier vpls1trap

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

configure vr add ports

configure vr vr-name add ports port_list

Description
Assigns a list of ports to the specified VR.

Syntax Description
vr-name Specifies the name of the VR.
port_list Specifies the ports to add to the VR.

Default
By default, all ports are assigned to VR-Default.

Switch Engine™ Command Reference Guide for version 32.7.1 1631

Usage Guidelines Commands

Usage Guidelines
When a new VR is created, by default, no ports are assigned, no VLAN interface is
created, and no support for any routing protocols is added. Use this command to assign
ports to a VR. Since all ports are initially assigned to VR-Default, you might need to
delete the desired ports first from the VR where they reside before you add them to the
desired VR.

If you plan to assign VR ports to a VLAN, be aware that the ports that you add to a VLAN
and the VLAN itself cannot be explicitly assigned to different VRs. When multiple VRs
are defined, consider the following guidelines while adding ports to a VR:
• A VLAN can belong (either through explicit or implicit assignment) to only one VR.
• If a VLAN is not explicitly assigned to a VR, then the ports added to the VLAN must
be explicitly assigned to a single VR.
• If a VLAN is explicitly assigned to a VR, then the ports added to the VLAN must be
explicitly assigned to the same VR or to no VR.
• If a port is added to VLANs that are explicitly assigned to different VRs, the port must
be explicitly assigned to no VR.

Example
The following example adds all the ports on slot 2 to the VR "vr-acme":
configure vr vr-acme add ports 2:*

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vr add protocol

configure vr vr_name [add | delete] protocol [ospf | ospfv3 | rip |
ripng | bgp | isis | pim | mpls]

Description
Starts a Layer 3 protocol instance for a VR or VRF.

Syntax Description
vr_name Specifies the name of a VR or a VRF.
protocol Specifies a Layer 3 protocol that you can add or delete.

1632 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

name Specifies the name of a VR or a VRF. The following

protocols are supported on VRs: RIP, RIPng, OSPF,
OSPFv3, BGP, PIM. IS-IS, and MPLS. The following
protocols are supported on VRFs: BGP, OSPFv3.
add Adds a routing protocol to VRF for PE – CE
communication .
delete Specifies the name of a VR or a VRF.

Default
By default, none of the dynamic protocols are added to a User VR or a VRF.

Usage Guidelines
When a new VR or VRF is created, by default, no ports are assigned, no VLAN interface
is created, and no support for any routing protocols is added.

MPLS is the only protocol that you can add to or delete from VR-Default. When MPLS
is enabled on a switch, the default configuration adds MPLS to VR-Default. You cannot
add or delete any other protocols from VR-Default, and you cannot add or delete any
protocols from the other system VRs, VR-Mgmt and VR-Control.

Note
You must delete the MPLS protocol from VR-Default before you can add it to a
user VR. MPLS can be active on only one VR within a switch.

When you add a protocol to a VRF, the parent VR starts that protocol, if it was not
already running, and adds a protocol instance to support the VRF.

Note
OSPFv3 protocol can be added only to the user VR and non-VPN VRF.

If a previously configured protocol instance is deleted, the CE routes imported from

that protocol into the VRF RIB is removed.

Example
The following example starts RIP on the VR "vr-acme":
configure vr vr-acme add protocol rip

The following example starts a BGP protocol instance for VRF "vr-widget":
configure vr vr-widget add protocol bgp

History
This command was first available in ExtremeXOS 11.0.

MPLS protocol support was added in ExtremeXOS 12.4.

Switch Engine™ Command Reference Guide for version 32.7.1 1633

Platform Availability Commands

Support for the OSPFv3 and RIPng protocols on user VRs was added in ExtremeXOS
12.5.

Support for the BGP protocol on VRFs was added in ExtremeXOS 12.6.0-BGP.

Platform Availability
This command is available on ExtremeSwitching 5420, 5520, 5720 series switches.

configure vr delete ports

configure vr vr-name delete ports port_list

Description
Removes a list of ports from the VR specified.

Syntax Description
vr-name Specifies the name of the VR.
port_list Specifies the ports to remove from the VR.

Default
By default, all ports are assigned to VR-Default.

Usage Guidelines
When a new VR is created, by default, no ports are assigned, no VLAN interface is
created, and no support for any routing protocols is added. Use this command to
remove ports from a VR. Since all ports are initially assigned to VR-Default, you might
need to delete the desired ports first from the VR where they reside before you add
them to the desired VR.

Example
The following example removes all the ports on slot 2 from the VR "vr-acme":
configure vr vr-acme delete ports 2:*

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

1634 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure vr description

configure vr description
configure vr vr_name {description desc_string }

Description
Use this command to configure a description for the specified VR or VRF.

Syntax Description
vr_name Specifies the name of a user VR or a VRF.
desc_string Specifies a text string to describe the VR. If the text
string contains space characters, the entire string must be
enclosed with double quotes (" ").

Default
No description.

Usage Guidelines
This command allows you to add comments about a VRF/VR entity. Entering a
NULL string on the CLI will unconfigure the description string for the VRF/VR. If the
description string has spaces in it, then the string must be enclosed within double
quotes (" ").

This text message appears in the show virtual-router command display when
the command specifies a VR name. For VPN VRFs, this message is returned for a
mplsL3VPN MIB query of the MIB variable mplsL3VpnVrfDescription.

Example
The following example configures a description for the VRF "corporate":
configure vr corporate description "VRF for the corporate intranet"

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

configure vrrp group

configure vrrp group group_name add [primary-vr | secondary-vr] [{vlan}
vlan_name vrid vridval | vlan vlan_list {vrid vrid_list}]

Switch Engine™ Command Reference Guide for version 32.7.1 1635

Description Commands

configure vrrp group group_name delete [primary-vr | secondary-vr

[{vlan} vlan_name vrid vridval | vlan vlan_list {vrid vrid_list} |
all] ]

Description
The first version of this command adds a primary VR or secondary VR to a specified
group by supplying a VLAN name and VRID. The second version of the command
deletes a primary VR or secondary VR from a specified group by supplying a VLAN
name and VRID.

Syntax Description
group Form a group of VRRP VRs to operate in high-scale mode.
group_name Specifies the VRRP group name.
add Adds a VR to a VRRP group.
primary-vr Specifies adding/deleting a primary VR of the VRRP group
that sends VRRP advertisement at configured intervals.
secondary-vr Specifies adding/deleting a secondary VR of the VRRP
group that sends VRRP advertisement at a slower rate
than the primary VR.
vlan Specifies a VLAN for the VR.
vlan_name Specifies the VLAN name for the VR.
vrid Specifies a VRID for the VR.
vridval Specifies the VRID for the VR.
delete Deletes VR(s) from the VRRP group.
all Specifies that all VRs (secondary and primary) are deleted
from the VRRP group.
vlan_list List of VLAN ID tags (1–4,094).

Default
When adding multiple secondary VRs at once, if no VRIDs are specified, all VRs
configured on the specified VLANs are added to the group.

Example
The following example adds a primary VR VLAN "v1", VRID "1" for VRRP group
"ExtremeNet":
configure vrrp group ExtremeNet add primary-vr vlan v1 vrid 1

1636 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The following example adds a set of VRRP VRs configured on VLANs having VLAN IDs
ranging from 11 to 20. Out of all of the VRs configured on these VLANs only VRs with
VRID ranging from 1 to 2 are added to the VRRP group:
Configure vrrp group ExtremeNet add secondary-vr vlan 11-20 vrid 1-2

The following example adds all VRs configured on given VLANs to the group as
secondary VRs:
configure vrrp group ExtremeNet add secondary-vr vlan 11-20

History
This command was first available in ExtremeXOS 22.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure vrrp fabric-routing

configure vrrp vlan [vlan_name | vlan_list] vrid [vridval | vrid_list]
{group group_name }fabric-routing [on | off]

Description
This command configures fabric routing.

Syntax Description
group Specifies VRRP VRs information that form the group.
group_name Name of the specific VRRP group.
fabric-routing Configures fabric routing on all members of the group.
on Enables fabric routing capability.
off Disables fabric routing capability.
port_list Port list separated by a comma or –.
vlan_name Specifies the name of a VRRP VLAN.
vlan_list VLAN list (1–4,094).
vridval Specifies the VRID for the VRRP instance. To display the
configured VRRP router instances, enter the show vrrp
command.
vrid_list List of virtual router IDs (1–255).

Switch Engine™ Command Reference Guide for version 32.7.1 1637

Default Commands

Default
N/A

Usage Guidelines
This configuration can be present on all VRRP routers, regardless of the VRRP state of
the router. Fabric routing is enabled only when the VRRP router is in backup state.

You need to configure fabric routing on all members of group when a member’s VRID
is reused in another group.

Example
The following command turns on fabric routing capability on all VR members of the
group "ExtremeNet":
configure vrrp group ExtremeNet fabric-routing on

History
This command was first available in ExtremeXOS 22.2.

VLAN and VR list options added in ExtremeXOS 22.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure vrrp vlan vrid accept-mode

configure vrrp vlan vlan_name vrid vridval accept-mode [on | off]

Description
Configures a backup VRRP router instance to accept or reject packets addressed to the
IP address owner when operating as the VRRP master.

Additionally, this command provides capability for switches to configure the VRRP
virtual IP as NTP server address.

1638 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vridval Specifies the VRID of a VRRP instance. To display the
configured VRRP router instances, enter the show vrrp
command.
on Specifies that the VRRP instance is to accept packets
addressed to the IP address owner.
off Specifies that the VRRP instance not accept packets
addressed to the IP address owner.

Note:
Ping packets are accepted, regardless of the configuration
for this command.

Default
Off.

Usage Guidelines
When a backup VRRP router operates as master, it accepts VRRP traffic and routes
traffic. The backup router in master mode also accepts ping packets and IPv6 neighbor
solicitations and advertisements. However, because the backup router is not the IP
address owner, the default configuration rejects all other traffic addressed to the IP
address owner.

If your network requires that a backup VRRP router in master mode accept all traffic
addressed to the IP address owner, use this command to configure accept-mode on.

In the ExtremeXOS 15.3 release, NTP VRRP Virtual IP support is added. This feature
allows you to configure the VRRP virtual IP as NTP server address. The NTP server
when configured on the VRRP master will listen on the physical and virtual IP address
for NTP clients. For this feature to work correctly, you need to enable accept mode in
VRRP. Enabling accept mode allows the switch to process non-ping packets that have a
destination IP set to the virtual IP address.

Example
The following example configures a backup VRRP router in master mode to accept
packets addressed to the IP address owner:

configure vrrp vlan vlan-1 vrid 1 accept-mode on

History
This command was first available in ExtremeXOS 12.7.

NTP VRRP Virtual IP support was added in ExtremXOS 15.3.

Switch Engine™ Command Reference Guide for version 32.7.1 1639

Platform Availability Commands

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure vrrp vlan vrid add ipaddress

configure vrrp vlan [vlan_name | vlan_id] vrid vridval add ipaddress

Description
Associates a virtual IP address with a specific VRRP instance.

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vlan_id VLAN ID tag (1–4,094).
vridval Specifies the VRID of a VRRP instance. To display the
configured VRRP router instances, enter the show vrrp
command.
ipaddress Specifies a virtual IPv4 or IPv6 address to be assigned to
the VRRP instance.

Default
N/A.

Usage Guidelines
Each VRRP instance is identified by an ID number, VLAN name, and virtual IP address.
When two or more routers are configured with the same VRRP ID number, VLAN
name, and virtual IP address, the routers with matching parameters are all part of the
same VRRP instance. One router within the instance will become the VRRP instance
master, and the others will become backup routers for the VRRP instance.

Most routers within a VRRP instance will have a virtual IP address that is different
from the actual IP addresses configured on the router. If the virtual IP address for a
VRRP instance matches an IP address configured on a host router, the VRRP instance
is known as the IP address owner. On the IP address owner, the VRRP instance priority
defaults to 255, and by default, the IP address owner becomes the VRRP master when
VRRP is enabled.

Note
There is no requirement to configure an IP address owner within a VRRP
instance.

1640 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Before each VRRP router is enabled, it must be configured with at least one virtual IPv4
or IPv6 address. You can repeat this command to add additional virtual IP addresses to
the VRRP router. If a virtual IPv4 address is added to a VRRP router, you cannot later
add a virtual IPv6 address. Similarly, if a virtual IPv6 address is added to a VRRP router,
you cannot later add a virtual IPv4 address.

Each IPv6 VRRP instance is associated with one and only one virtual link local address,
which serves as the source IP address for subsequent router announcement packets
generated by the master VRRP router. The virtual link local address can be explicitly
configured or generated automatically. One way to explicitly configure the virtual link
local address is to add it to the virtual IP address list with this command.

Example
The following example associates virtual IPv4 address 10.1.2.3 to VRRP router instance 1:
configure vrrp vlan vlan-1 vrid 1 add 10.1.2.3

The following example associates virtual IPv6 address 2001:db8::3452 to VRRP router
instance 2:
configure vrrp vlan vlan-1 vrid 2 add 2001:db8::3452

History
This command was first available in ExtremeXOS 10.1.

Support for IPv6 addresses was added in ExtremeXOS 12.7.

The vlan_id option was added in ExtremeXOS 22.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure vrrp vlan vrid add track-iproute

configure vrrp vlan vlan_name vrid vridval add track-iproute ipaddress/
masklength

Description
Creates a tracking entry for the specified route. When this route becomes unreachable,
this entry is considered to be failing.

Switch Engine™ Command Reference Guide for version 32.7.1 1641

Syntax Description Commands

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vridval Specifies the VRID of the target VRRP instance. To display
the configured VRRP router instances, enter the show vrrp
command.
ipaddress Specifies the IPv4 or IPv6 prefix of the route to track.
masklength Specifies the length of the route's prefix.

Default
N/A.

Usage Guidelines
The route specified in this command might not exist in the IP routing table. When you
create the entry for a route, an immediate VRRP failover might occur.

Note
VRRP tracking is not supported on MPLS LSPs.

Example
The following command enables IP route failure tracking for routes to the specified
subnet:

configure vrrp vlan vlan-1 vrid 1 add track-iproute 3.1.0.0/24

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure vrrp vlan vrid add track-ping

configure vrrp vlan vlan_name vrid vridval add track-ping ipaddress
frequency seconds miss misses {success successes}

1642 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Creates a tracking entry for the specified IP address. The entry is tracked using pings to
the IP address, sent at the specified frequency.

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vrid vridval Specifies the VRID of the target VRRP instance. To display
the configured VRRP router instances, enter the show vrrp
command.
ipaddress Specifies the IPv4 or IPv6 address to be tracked.
frequency seconds Specifies the number of seconds between pings to the
target IP address. The range is 1 to 600 seconds.
miss misses Specifies the number of misses allowed before this entry is
considered to be failing. The range is 1 to 255 pings.
success successes Sets how many ping successes are required for tracking
success. Range is 1–255. (Default is 10 × misses.)

Default
If the number of successes is not specified, the default is ten times the number of
misses specified.

Usage Guidelines
Adding an entry with the same IP address as an existing entry causes the new values to
overwrite the existing entry's frequency and miss number.

Example
The following command enables ping tracking for the external gateway at 3.1.0.1,
pinging every 3 seconds, and considering the gateway to be unreachable if no response
is received to 5 consecutive pings:

configure vrrp vlan vlan-1 vrid 1 add track-ping 3.1.0.1 frequency 3 miss 5

History
This command was first available in ExtremeXOS 10.1.

The success option was added in ExtremeXOS 22.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade

Switch Engine™ Command Reference Guide for version 32.7.1 1643

configure vrrp vlan vrid add track-vlan Commands

your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document. /ph "/>

configure vrrp vlan vrid add track-vlan

configure vrrp vlan vlan_name vrid vridval add track-vlan
target_vlan_name

Description
Configures a VRRP VLAN to track port connectivity to a specified VLAN. When this
VLAN is in the down state, this entry is considered to be failing.

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vridval Specifies the VRID of the target VRRP instance. To display
the configured VRRP router instances, enter the show vrrp
command.
target_vlan_name Specifies the name of the VLAN to track.

Default
N/A.

Usage Guidelines
Up to eight VLANs can be tracked.

Deleting a tracked VLAN does not constitute a failover event for the VRRP VLAN
tracking it, and the tracking entry is deleted.

Example
The following command enables VRRP VLAN vlan-1 to track port connectivity to VLAN
vlan-2:

configure vrrp vlan vlan-1 vrid 1 add track-vlan vlan-2

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade

1644 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure vrrp vlan vrid add virtual-link-local

your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure vrrp vlan vrid add virtual-link-local

configure vrrp vlan vlan_name vrid vridval add virtual-link-local
vll_addr

Description
Specifies a virtual IPv6 link local address for the VRRP router instance.

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vridval Specifies the VRID of a VRRP instance. To display the
configured VRRP router instances, enter the show vrrp
command.
vll_addr Specifies a virtual link local address to be assigned to the
VRRP instance.

Usage Guidelines
Each IPv6 VRRP instance is associated with one and only one virtual link local address,
which serves as the source IP address for subsequent router announcement packets
generated by the master VRRP router. The virtual link local address can be explicitly
configured or generated automatically.

One way to explicitly configure the virtual link local address is to add it to the virtual IP
address list with this command. The new link local address must match the FE80::/64
subnet, and it must match the address in use on all other router in this VRRP instance.

If no virtual link local address is configured, an appropriate address is generated

automatically.

Note
If an IPv4 address has been added to a VRRP router, you cannot later add any
IPv6 address, so you cannot add a link local address.

Example
The following example associates virtual IPv6 link local address fe80::1111 to VLAN vlan-1:

configure vrrp vlan vlan-1 vrid 1 add virtual-link-local fe80::1111

Switch Engine™ Command Reference Guide for version 32.7.1 1645

History Commands

History
This command was first available in ExtremeXOS 12.7.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure vrrp vlan vrid advertisement-interval

configure vrrp vlan vlan_name vrid vridval advertisement-interval
interval [{seconds} | centiseconds]

Description
Configures the time between VRRP advertisements in seconds or centiseconds.

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vridval Specifies the VRID of a VRRP instance. To display the
configured VRRP router instances, enter the show vrrp
command.
interval Specifies an interval value for the time between
advertisements. The range is 1 through 40 seconds or 10
through 4095 centiseconds.
seconds Specifies that the interval value is in seconds. If you do
not specify seconds or centiseconds, the interval value is
applied as seconds.
centiseconds Specifies that the interval value is in centiseconds.

Default
The advertisement interval is 1 second.

Usage Guidelines
The advertisement interval specifies the interval between advertisements sent by the
master router to inform the backup routers that its alive. You must use whole integers
when configuring the advertisement interval.

1646 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

An extremely busy CPU can create a short dual master situation. To avoid this, increase
the advertisement interval.

Note
The milliseconds keyword is replaced by the centiseconds keyword, but the
milliseconds keyword is still recognized to support existing configurations and
scripts. Any values specified in milliseconds are converted to centiseconds. All
new configurations and scripts should specify the interval in either seconds or
centiseconds. The maximum value for an interval specified in seconds is 40.
However, the software supports older configurations and scripts that specify
values up to 255, which were supported prior to ExtremeXOS Release 12.7.

To view your VRRP configuration, including the configured advertisement interval, use
one of the following commands:
• show vrrp {virtual-router {vr-name}} {detail}
• show vrrp vlan vlan_name {stats}

If you enter a number that is out of the seconds or centiseconds range, the switch
displays an error message. For example, if the interval value is set to 999 and the
centiseconds keyword is missing, the switch displays an error message similar to the
following:
configure vrrp blue vrid 250 advertisement-interval 999 Error:
Advertisement interval must be between 1 and 255 seconds. 999 out of
range

Example
The following command configures the advertisement interval for 15 seconds:

configure vrrp vlan vrrp-1 vrid 1 advertisement-interval 15

The following command configures the advertisement interval for 200 centiseconds:

configure vrrp vlan vrrp-1 vrid 1 advertisement-interval 200 centiseconds

History
This command was first available in ExtremeXOS 10.1.

The milliseconds and seconds keywords were added in ExtremeXOS 11.5.

The centiseconds keyword replaced the milliseconds keyword, and the maximum value
for intervals specified in seconds was reduced to 40 in ExtremeXOS 12.7.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade

Switch Engine™ Command Reference Guide for version 32.7.1 1647

configure vrrp vlan vrid delete track-iproute Commands

your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure vrrp vlan vrid delete track-iproute

configure vrrp vlan vlan_name vrid vridval delete track-iproute
ipaddress/masklength

Description
Deletes a tracking entry for the specified route.

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vridval Specifies the VRID of the target VRRP instance. To display
the configured VRRP router instances, enter the show vrrp
command.
ipaddress Specifies the IPv4 or IPv6 prefix of the route.
masklength Specifies the length of the route's prefix.

Default
N/A.

Usage Guidelines
Deleting a tracking entry while VRRP is enabled causes the VRRP VRs state to be
re-evaluated for failover.

Example
The following command disables tracking of routes to the specified subnet for VLAN
vlan-1:

configure vrrp vlan vlan-1 vrid 1 delete track-iproute 3.1.0.0/24

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade

1648 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure vrrp vlan vrid delete track-ping

your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure vrrp vlan vrid delete track-ping

configure vrrp vlan vlan_name vrid vridval delete track-ping ipaddress

Descriptioin
Deletes a tracking entry for the specified IP address.

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vridval Specifies the VRID of the target VRRP instance. To display
the configured VRRP router instances, enter the show vrrp
command.
ipaddress Specifies the IP address to be tracked.

Default
N/A.

Usage Guidelines
Deleting a tracking entry while VRRP is enabled causes the VRRP VRs state to be
re-evaluated for failover.

A VRRP node with a priority of 255 might not recover from a ping-tracking failure if
there is a Layer 2 switch between it and another VRRP node. In cases where a Layer 2
switch is used to connect VRRP nodes, we recommend that those nodes have priorities
of less than 255.

Example
The following command disables ping tracking for the external gateway at 3.1.0.1:

configure vrrp vlan vlan-1 vrid 1 delete track-ping 3.1.0.1

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade

Switch Engine™ Command Reference Guide for version 32.7.1 1649

configure vrrp vlan vrid delete track-vlan Commands

your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure vrrp vlan vrid delete track-vlan

configure vrrp vlan vlan_name vrid vridval delete track-vlan
target_vlan_name

Description
Deletes the tracking of port connectivity to a specified VLAN.

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vridval Specifies the VRID of the VRRP instance. To display the
configured VRRP router instances, enter the show vrrp
command.
target_vlan_name Specifies the name of the tracked VLAN.

Default
N/A.

Usage Guidelines
Deleting a tracking entry while VRRP is enabled causes the VRRP VRs state to be
re-evaluated for failover.

Example
The following command disables the tracking of port connectivity to VLAN vlan-2:

configure vrrp vlan vlan-1 vrid 1 delete track-vlan vlan-2

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

1650 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure vrrp vlan vrid delete ipaddress

configure vrrp vlan vrid delete ipaddress

configure vrrp vlan [vlan_name |vlan_id] vrid vridval delete ipaddress

Description
Deletes a virtual IPv4 or IPv6 address from a specific VRRP router.

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vlan_id VLAN ID tag (1–4,094).
vridval Specifies the VRID of the VRRP instance. To display the
configured VRRP router instances, enter the show vrrp
command.
ipaddress Specifies the virtual IP address to be deleted from the
VRRP instance. This is common for IPv4/IPv6 addresses.

Usage Guidelines
When a VRRP router is enabled, it must have at least one virtual IP address. When the
VRRP router is not enabled, there are no restrictions on deleting the IP address.

Example
The following command removes IP address 10.1.2.3 from VLAN vlan-1:
configure vrrp vlan vlan-1 vrid 1 delete 10.1.2.3

History
This command was first available in ExtremeXOS 10.1.

The vlan_id option was added in ExtremeXOS 22.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure vrrp vlan vrid dont-preempt

configure vrrp vlan vlan_name vrid vridval dont-preempt

Switch Engine™ Command Reference Guide for version 32.7.1 1651

Description Commands

Description
Specifies that a higher priority backup router does not preempt a lower priority master.

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vridval Specifies the VRID of a VRRP instance. To display the
configured VRRP router instances, enter the show vrrp
command.

Default
The default setting is preempt.

Usage Guidelines
The preempt mode controls whether a higher priority backup router preempts a lower
priority master. dont-preempt prohibits preemption. The router that owns the virtual IP
address always preempts, independent of the setting of this parameter.

Example
The following command disallows preemption:

configure vrrp vlan vlan-1 vrid 1 dont-preempt

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure vrrp vlan vrid host-mobility

configure vrrp [{vlan} [vlan_name | vlan_list] vrid [vridval | vrid_list
| all]] host-mobility [{on | off} {exclude-ports [add | delete]
port_list}]

Description
All instances of VRRP have host-mobility off by default. Configuring host-mobility to
“on” state starts ARP route learning. By default, all ports perform the route learning.

1652 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Configuring host-mobility excluded-ports will disable the route learning on the port list
provided. All ports of the VRRP VLAN that are connected to another router should be
excluded. If ports are not excluded, routes are created for devices as if they are directly
connected and this may cause traffic to take a longer route.

Syntax Description
host-mobility Exportable Host Route learning via ARP/ND on the
specified VLAN and VRID.
on Advertise host routes for hosts learned via ARP/ND.
off Do not advertise host routes for hosts learned via ARP/ND.
exclude-ports Exclude ports from host-mobility route learning (Default:
no ports are excluded).
add Add ports to host-mobility exclude list; host-mobility routes
will not be learned on the ports.
delete Delete ports from host-mobility exclude list.
port_list Port list separated by a comma or –“ .
vlan_name Specifies the name of a VRRP VLAN.
vlan_list VLAN list (1–4,094).
vridval Specifies the VRID for the VRRP instance. To display the
configured VRRP router instances, enter the show vrrp
command.
vrid_list List of virtual router IDs (1–255).
all Selects all VRRP virtual routers.

Default
Off.

Usage Guidelines
Configuring host-mobility excluded-ports will disable the route learning on the port list
provided. All ports that are connected to another router should be excluded. If ports are
not excluded, routes will be created for devices as if they are directly connected and
may cause traffic to take a longer route.

Example
configure vrrp vlan vlan1 vrid 1 host-mobility on excluded-ports add 1,10

History
This command was first available in ExtremeXOS 21.1.

VLAN and VR list options added in ExtremeXOS 22.3.

Switch Engine™ Command Reference Guide for version 32.7.1 1653

Platform Availability Commands

The all option was added in ExtremeXOS 22.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure vrrp vlan vrid ipv4 checksum

configure vrrp {vlan} vlan_name vrid vridval ipv4 checksum [include-
pseudo-header | exclude-pseudo-header]

Description
This command allows you to eliminate the pseudo header for VRRPv3 IPv4 Checksum
calculation.

Default
Include.

Example
configure vrrp vlan "v1" vrid 1 ipv4 checksum exclude-pseudo-header

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure vrrp vlan vrid preempt

configure vrrp vlan vlan_name vrid vridval preempt {delay seconds}

Description
Specifies that a higher priority backup router preempts a lower priority master.

1654 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vridval Specifies the VRID for a VRRP instance. To display the
configured VRRP router instances, enter the show vrrp
command.
seconds Specifies a preempt delay period in seconds. The value
range is 1 to 3600 seconds, or 0, which selects the original
preempt delay period.

Default
Preempt enabled.

Delay configuration: 0.

Usage Guidelines
The preempt option enables a higher-priority backup router to preempt a master
with a lower priority. When a VRRP enabled router receives a lower priority VRRP
advertisement and preemption is enabled, the higher-priority VRRP enabled router
takes over as master. The new master starts sending VRRP advertisements and the old,
lower-priority master relinquishes mastership.

Note
The router that owns the virtual IP address always preempts, independent of
the setting of this parameter.

When a VRRP enabled router preempts the master, it does so in one of the following
ways:
• If the preempt delay timer is configured for between 1 and 3600 seconds and the
lower-priority master is still operating, the router preempts the master when the
timer expires.
• If the preempt delay timer is configured for 0, the router preempts the master after 3
times the hello interval.
• If the higher priority router stops receiving advertisements from the current master
for 3 times the hello interval, it takes over mastership immediately.

Note
The preempt feature can be disabled with the configure vrrp vlan vrid
dont-preempt command.

Example
The following command allows preemption:

configure vrrp vlan vlan-1 vrid 1 preempt

Switch Engine™ Command Reference Guide for version 32.7.1 1655

History Commands

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure vrrp vlan vrid priority

configure vrrp vlan [vlan_name | vlan_list] vrid [vridval | vrid_list]
priority priorityval

Description
Configures the priority value of a VRRP router instance.

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vlan_list VLAN list (1–4,094).
vridval Specifies the VRID for the VRRP instance. To display the
configured VRRP router instances, enter the show vrrp
command.
vrid_list List of virtual router IDs (1–255).
priorityval Specifies the priority value of the router. The default is 100.
The priority range is 1-255.

Default
The default priority is 100.

Usage Guidelines
This command changes the priority of a VRRP router. If the VRRP router is the IP
address owner (which means that the VRRP router IP address matches the VRRP VLAN
IP address), the priority is 255 and cannot be changed. If the VRRP router is not the IP
address owner, the priority can be changed to values in the range of 1 to 254.

To change the priority of the IP address owner or to make a different VRRP router the IP
address owner, disable VRRP and reconfigure the affected switches to use VRRP router
addresses that support the priorities you want to assign.

1656 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command configures a priority of 150 for VLAN vrrp-1:

configure vrrp vlan vrrp-1 vrid 1 priority 150

History
This command was first available in ExtremeXOS 10.1.

VLAN and VR list options added in ExtremeXOS 22.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure vrrp vlan vrid track-mode

configure vrrp vlan vlan_name vrid vridval track-mode [all | any]

Description
Defines the conditions under which the router automatically relinquishes master status
when the tracked entities fail.

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vridval Specifies the VRID for the VRRP instance. To display the
configured VRRP router instances, enter the show vrrp
command.
all Specifies that the mastership is relinquished when one of
the following events occur:
All of the tracked VLANs failAll of the tracked routes failAll
of the tracked PINGs fail
any Specifies that the mastership is relinquished when any of
the tracked VLANs, routes, or PINGs fail.

Default
The default setting is all.

Usage Guidelines
None.

Switch Engine™ Command Reference Guide for version 32.7.1 1657

Example Commands

Example
The following command configures the track mode to any:

configure vrrp vlan vrrp-1 vrid 1 track-mode any

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure vrrp vlan vrid version

configure vrrp vlan vlan_name vrid vridval version [v3-v2 | v3 | v2]

Description
Selects the VRRP version to apply to the VRRP router instance.

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vridval Specifies the VRID for the VRRP instance. To display the
configured VRRP router instances, enter the show vrrp
command.
v3-v2 Specifies VRRP v3 with VRRP v2 compatibility.
v3 Selects VRRP v3.
v2 Specifies VRRP v2.

Default
VRRP v3 with VRRP v2 compatibility.

Note
Configurations created by earlier ExtremeXOS software releases have an
implied version of v2. If the configuration is subsequently saved, the version
is explicitly set to v2.

Usage Guidelines
None.

1658 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command configures the VRRP router instance to use VRRP v3 only:

configure vrrp vlan vrrp-1 vrid 1 version v3

History
This command was first available in ExtremeXOS 12.7.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

configure web http access-profile

configure web http access-profile [[[add rule ] [first | [[before |
after] previous_rule]]] | delete rule | none ]

Description
Configures HTTP to use an ACL rule for access control.

Syntax Description
add Specifies that an ACL rule is to be added to the website.
rule Specifies an ACL rule.
first Specifies that the new rule is to be added before all other
rules.
before Specifies that the new rule is to be added before a previous
rule.
after Specifies that the new rule is to be added after a previous
rule.
previous_rule Specifies an existing rule in the application.
delete Specifies that one particular rule is to be deleted.
none Specifies that all the rules or a policy file is to be deleted.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 1659

Usage Guidelines Commands

Usage Guidelines
You must be logged in as administrator to configure HTTP parameters.

Use this command to restrict HTTP access by adding an ACL rule to the HTTP
application. Once an ACL is associated with HTTP, all the packets that reach a HTTP
module are evaluated with this ACL and appropriate action (permit or deny) is taken, as
is done using policy files.

The permit or deny counters are also updated accordingly regardless of whether the
ACL is configured to add counters. To display counter statistics, use the tftp put on
page 3526 http command.

Only the following match conditions and actions are copied to the client memory.
Others that may be in the rule are not copied.

Match conditions
• Source-address—IPv4 and IPv6

Actions
• Permit
• Deny

When adding a new rule, use the first, before, and after previous_rule parameters to
position it within the existing rules.

If the SNMP traffic does not match any of the rules, the default behavior is permit. To
deny SNMP traffic that does not match any of the rules, add a deny all rule at the end or
the rule list.

Example
The following example copies the ACL rule, DenyAccess to the HTTP application in first
place:
configure web http access-profile add DenyAccess first

The following example removes the association of the ACL rule DenyAccess from the
HTTP application:
configure web http access-profile delete DenyAccess

The following example removes the association of all ACL rules from the HTTP
application:
configure web http access-profile none

History
This command was first available in ExtremeXOS 12.5.

1660 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

configure xml-notification target add/delete

configure xml-notification target target [add | delete] module

Description
Adds or deletes an ExtremeXOS module to or from the Web server target.

Syntax Description
target Specifies an alpha numeric string that identifies the
configured target.
module Specifies the name of the ExtremeXOS module.

Default
N/A.

Usage Guidelines
Use the add option to attach a module to the Web server target in order to receive
events from that application and send them to the targeted Web server. There is no
limitation to the number of modules that can be attached.

Only Identity Management and EMS are supported targets.

Use the delete option to detach ExtremeXOS modules from the Web server target in
order to stop receiving events from that module.

Example
The following command deleted the target test2 from EMS:
configure xml-notification target test2 ems

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1661

configure xml-notification target Commands

configure xml-notification target

configure xml-notification target target [url url {vr vr_name} | user
[none | user] | [encrypted-auth encrypted-auth] | [queue-size queue-
size]]

Description
Configures the Web server target in the XML client.

Syntax Description
target Specifies an alpha numeric string that identifies the
configured target.
url Specifies the Web server URL.
vr_name Specifies the virtual router over which the XML client
process can connect to a Web server to send push
notifications.
user Specifies the alpha numeric string identifying the Web
server user.
encrypted-auth Specifies the encrypted user authentication string.
queue-size Specifies in numeric format, the size of the buffer that
stores incoming events from ExtremeXOS software.

Default
N/A.

Usage Guidelines
Use this command to configure the Web server target in XML client process.

Example
The following command configures the target target2 for the user admin:

configure xml-notification target target2 user admin

History
This command was first available in ExtremeXOS 12.4.

The virtual router option was added in ExtremeXOS 12.4.2.

Platform Availability
This command is available on all Universal switches supported in this document.

1662 Switch Engine™ Command Reference Guide for version 32.7.1

Commands configure l2pt encapsulation dest-mac

configure l2pt encapsulation dest-mac

configure l2pt encapsulation dest-mac mac_address

Description
Configures the destination address MAC that L2PT encapsulated packets use.

Syntax Description
encapsulation Specifies Layer 2 protocol tunneling encapsulation.
dest-mac Specifies the destination MAC address to use for
encapsulated PDUs.
mac_addr Specifies the MAC address.

Default

Usage Guidelines
NA

Example
The following example sets the L2PT destination address MAC to 01:00:00:01:01:02:
configure l2pt encapsulation dest-mac 01:00:00:01:01:02

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

cp
cp old_name new_name

Description
Copies a file from the specified file system or relative to the current working directory to
another file on the specified file system or relative to the current working directory.

Switch Engine™ Command Reference Guide for version 32.7.1 1663

Syntax Description Commands

Syntax Description
old_name Specifies the name of the file that you want to copy.
new_name Specifies the name of the newly copied configuration or
policy file.

Default
N/A.

Usage Guidelines
Use this command to copy a file from the specified file system, or relative to the current
working directory to another file on the specified file system, or relative to the current
working directory. If you provide a different name, the new file can be created in the
same directory as the existing file.

When you copy a configuration or policy file, remember the following:

• XML-formatted configuration files have a .cfg file extension. The switch only
runs .cfg files.
• ASCII-formatted configuration files have a .xsf file extension. For more information,
see Software Upgrade and Boot Options in the Switch Engine 32.7.1 User Guide .
• Policy files have a .pol file extension.
• Core dump files have a .gz file extension.

When you copy a configuration or policy file from the system, make sure you specify
the appropriate file extension. For example, when you want to copy a policy file, specify
the file name and .pol.

When you copy a file on the switch, the switch displays a message similar to the
following:
Copy config test.cfg to config test1.cfg on switch? (y/n)

Type y to copy the file. Type n to cancel this process and not copy the file.

When you type y, the switch copies the file with the new name and keeps a backup
of the original file with the original name. After the switch copies the file, use the ls
command to display a complete list of files. In this example, the switch displays the
original file named test.cfg and the copied file named test_rev2.cfg.

The following is sample output from the ls command:

...
-rw-r--r-- 1 root root 100980 Sep 23 09:16 test.cfg
-rw-r--r-- 1 root root 100980 Oct 13 08:47 test_rev2.cfg
...

When you enter n, the switch displays a message similar to the following:
Copy cancelled.

1664 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Case-sensitive Filenames

Case-sensitive Filenames
File names are case-sensitive. In this example, you have a configuration file named
Test.cfg. If you attempt to copy the file with the incorrect case, for example test.cfg,
the switch displays a message similar to the following:
Error: cp: /config/test.cfg: No such file or directory

Since the switch is unable to locate test.cfg, the file is not copied.

Local File Name Character Restrictions

When specifying a local file name, the switch permits only the following characters:
• Alphabetical letters, upper case and lower case (A-Z, a-z).
• Numerals (0-9).
• Period ( . ).
• Dash ( - ).
• Underscore ( _ ).

Internal Memory and Core Dump Files

Core dump files have a .gz file extension. The file name format is: core.process-
name.pid.gz where process-name indicates the name of the process that failed and
pid is the numerical identifier of that process.

By making a copy of a core dump file you can easily compare new debug information
with the old file if needed.

If you have a USB 2.0 storage device installed, you can copy the core dump file to that
location. To copy files to a USB device, specify the file path /usr/local/ext.

For information about configuring and sending core dump information to the internal
memory card, see the configure debug core-dumps [ off | directory_path] and
save debug tracefiles directory_path commands.

For more detailed information about core dump files, see Troubleshooting in the
Switch Engine 32.7.1 User Guide.

Example
The following example makes a copy of a configuration file named test.cfg and gives
the copied file a new name of test_rev2.cfg:
# cp test.cfg test_rev2.cfg

The following example makes a copy of a configuration file named primary.cfg on the
switch and stores the copy on the removable storage device with the same name,
primary.cfg:
# cp primary.cfg /usr/local/ext

Switch Engine™ Command Reference Guide for version 32.7.1 1665

History Commands

The above command performs the same action as entering:

# cp primary.cfg /usr/local/ext

Or
# cp primary.cfg /usr/local/ext/primary.cfg

History
This command was first available in ExtremeXOS 11.0.

The memorycard option was added in ExtremeXOS 11.1.

The internal-memory option was added in ExtremeXOS 11.4.

Support for USB 2.0 storage devices was added in ExtremeXOS 12.5.3.

Pathname support was added in ExtremeXOS 15.5.1.

Platform Availability
This command is available on all Universal switches supported in this document.

create access-list
create access-list dynamic_rule conditions actions {non_permanent}

Description
Creates a dynamic ACL.

Syntax Description
dynamic_rule Specifies the dynamic ACL name. The name can be from
1-32 characters long.
conditions Specifies the match conditions for the dynamic ACL.
actions Specifies the actions for the dynamic ACLs.
non_permanent Specifies that the ACL is not to be saved.

Default
By default, ACLs are permanent.

Usage Guidelines
This command creates a dynamic ACL rule. Use the configure access-list add
command to apply the ACL to an interface.

1666 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

The conditions parameter is a quoted string of match conditions, and the actions
parameter is a quoted string of actions. Multiple match conditions or actions are
separated by semi-colons. A complete listing of the match conditions and actions is
in the ACLs section of the Switch Engine 32.7.1 User Guide.

Dynamic ACL rule names must be unique, but can be the same as used in a policy-
file based ACL. Any dynamic rule counter names must be unique. For name creation
guidelines and a list of reserved names, see Object Names in the Switch Engine 32.7.1
User Guide.

By default, ACL rules are saved when the save command is executed, and persist across
system reboots. Configuring the optional keyword non-permanent means the ACL will
not be saved.

Example
The following example creates a dynamic ACL that drops all ICMP echo-request
packets on the interface:
create access-list icmp-echo "protocol icmp;icmp-type echo-request" "deny"

The created dynamic ACL will take effect after it has been configured on the interface.
The previous example creates a dynamic ACL named icmp-echo that is equivalent to
the following ACL policy file entry:

entry icmp-echo {
if {
protocol icmp;
icmp-type echo-request;
} then {
deny;
}

The following example creates a dynamic ACL that accepts all the UDP packets from
the 10.203.134.0/24 subnet that are destined for the host 140.158.18.16, with source port
190 and a destination port in the range of 1200 to 1250:
create access-list udpacl "source-address 10.203.134.0/24;destination-address
140.158.18.16/32;protocol udp;source-port 190;destination-port 1200 - 1250;" "permit"

The previous example creates a dynamic ACL entry named udpacl that is equivalent to
the following ACL policy file entry:

entry udpacl {
if {
source-address 10.203.134.0/24;
destination-address 140.158.18.16/32;
protocol udp;
source-port 190;
destination-port 1200 - 1250;
} then {
permit;
}
}

Switch Engine™ Command Reference Guide for version 32.7.1 1667

History Commands

History
This command was first available in ExtremeXOS 11.3.

The non_permanent option was added in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

create access-list network-zone

create access-list network-zone zone_name

Description
Creates a network-zone with a specified name.

Syntax Description
access-list Access list
network-zone Network zone
zone_name Network zone name

Default
N/A.

Usage Guidelines
Use this command to create a network-zone with a specified name. The network-
zone can then be associated with the policy file using either the "source-zone" or
"destination-zone" attribute.

Example

Switch# create access-list network-zone zone1

If the user tries to create a network-zone that was already created, the following error
message will be displayed on the console, and the command will be rejected.

Switch#create access-list network-zone zone1

Error: Network Zone "zone1" already exists.

History
This command was first available in ExtremeXOS 15.2.

1668 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

create access-list zone

create access-list zone name zone-priority number

Description
Creates a dynamic ACL zone, and sets the priority of the zone.

Syntax Description
name Specifies the dynamic ACL zone name. The name can be
from 1-32 characters long.
zone-priority number Specifies priority of the zone. The range is from 1 (highest
priority) to 4294967295 (lowest priority).

Default
The denial of service, system, and security zones are configured by default, and cannot
be deleted.

Usage Guidelines
This command creates a dynamic ACL zone. You can configure the priority of the zone
in relation to the default zones or to other configured zones.

Example
The following command creates a new zone, called myzone, with a priority of 2:

create access-list myzone zone-priority 2

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

create account
create account [admin | user | lawful-intercept] account-name {encrypted
encrypted_password | password}

Switch Engine™ Command Reference Guide for version 32.7.1 1669

Description Commands

Description
Creates a new user account.

Syntax Description
admin Specifies an access level for admin account type. This user
has read and write privileges.
user Specifies an access level for user account type. This user
has read-only privileges.
lawful-intercept Specifies an access level for lawful intercept account type.
account-name Specifies a new user account name.
encrypted
Caution: Using this option incorrectly can result in you
being locked out of your switch account.

This option specifies that the entered password is in

encrypted hash format, not that the resulting password
will be stored in encrypted form. Generally, this option
should not be used. Using this option with a plain text
password, as opposed to a hashed version of a password,
can result in the user being locked out of the account.
password Specifies a user password.

Default
N/A.

User Account Levels

By default, the switch is configured with two accounts with the access levels shown in
the table below.

Account Name Access Level

admin You can access and change all manageable parameters.
The admin account cannot be deleted.
user You can view (but not change) all manageable parameters,
with the following exceptions:
• You cannot view the user account database.
• You cannot view the SNMP community strings.
• You cannot view SSL settings.
This user has access to the ping command.
lawful-intercept This user has special lawful intercept and read-only
privileges.

Note: Only a single lawful-intercept account can exist at

any one time on the system.

1670 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

You can use the default names (admin and user), or you can create new names and
passwords for the accounts. Default accounts do not have passwords assigned to them.
For name creation guidelines and a list of reserved names, see Object Names in the
Switch Engine 32.7.1 User Guide.

Usage Guidelines
The switch can have a total of 16 user accounts.

The system must have one administrator account.

When you use the encrypted keyword, the following password that you specify should
be in encrypted hash format. Administrators should not use the encrypted option and
should enter the password in plain text. Using this option with a plain text password,
as opposed to a hashed version of a password, can result in the user being locked out
of the account. Generally, this option should not be used. A valid use of this option
would be when transferring account information between switches using the output
of the show configuration on page 2682 command, where the displayed password is in
hashed form. You can copy this hashed password and enter it as the password with
the encrypted option. The switch will de-crypt the hashed password into the plain text
password that as specified for the original account.

The system prompts you to specify a password after you enter this command and to
reenter the password. If you do not want a password associated with the specified
account, press [Enter] twice.

You must have administrator privileges to change passwords for accounts other
than your own. User names are not case-sensitive. Passwords are case-sensitive. User
account names must have a minimum of 1 character and can have a maximum of 32
characters. Passwords must have a minimum of 0 characters and can have a maximum
of 32 characters. For user names, only alphanumeric, dash (-), and underscore (_)
characters may be used. If you use a hashtag (#), everything after it is ignored.

Note
User names cannot begin with a number.

Note
If the account is configured to require a specific password format, the
minimum is eight characters. See configure account password-policy
char-validation for more information.

Example
The following example creates a new account named "John2" with administrator
privileges:
create account admin John2

Switch Engine™ Command Reference Guide for version 32.7.1 1671

History Commands

History
This command was first available in ExtremeXOS 10.1.

The encrypted option was added in ExtremeXOS 11.5.

The lawful intercept option was added in ExtremeXOS 15.3.2.

Platform Availability
This command is available on all Universal switches supported in this document.

create auto-peering bgp

create auto-peering bgp routerid ipaddress AS-number asNumber

Description
This command creates and enables BGP auto-peering using specified BGP router ID
and AS number.

Syntax Description
routerid Designates a BGP router ID.
ipaddress Specifies the BGP router ID as an IP address in IPv4 format
(x.y.z.w).
AS-number Designates unique BGP Autonomous System (AS) number.
asNumber Specifies the AS number (1–4,294,967,295).

Default
N/A

Usage Guidelines
This command creates VLANs dynamically. It also creates a loopback VLAN with an
IP address of the BGP router ID. Within BGP, the router ID, AS number, and easyBGP
capability are configured along with redistribution of host-mobility routes. Dynamic
VLANs are created if no VLANs are specified.

A save and reboot is required if ECMP exceeds 16.

To view BGP auto-peering status, use the command show auto-peering {bgp |
ospf}.

1672 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example creates auto-peering using BGP router ID at 10.3.4.2 with AS 52:
# create auto-peering bgp routerid 10.3.4.2 AS-number 52

History
This command was first available in ExtremeXOS 22.5.

The requirement to specify a VLAN range was made optional in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

This feature requires the Advanced Edge license. For more information about licenses,
see the Switch Engine 32.7.1 Feature License Requirements.

create auto-peering ospf

create auto-peering ospf routerid ipaddress

Description
Creates and enables OSPFv2 auto-peering.

Syntax Description
auto-peering Specifies configuring Auto-peering.
ospf Specifies configuring OSPF Auto-peering.
routerid Specifies providing an OSPF router ID.
ipaddress Sets the OSPF router IP address in IPv4 format (x.y.z.w).

Default
N/A.

Usage Guidelines
This command creates a loopback VLAN with the IP address of the supplied OSPF
router ID. Within OSPF, the router ID, VXLAN-extensions are configured along with
redistribution of host-mobility routes.

ECMP between two switches is not supported with OSPFv2 auto-peering. Only one
link forms an adjacency, and traffic is lost on failover. Link aggregation is the preferred
configuration for the topology.

Switch Engine™ Command Reference Guide for version 32.7.1 1673

Example Commands

To view OSPFv2 auto-peering status, use the command show auto-peering {bgp |
ospf}.

Example
The following example creates and enables OSPFv2 auto-peering using with the OSPF
router ID set to "10.3.4.2":
# create auto-peering ospf routerid 10.3.4.2

History
This command was first available in ExtremeXOS 30.6.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the OSPFv2 Auto-peering feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

create bgp evpn instance

create bgp evpn instance evpn_instance_name

Description
Creates an EVPN instance.

Syntax Description
bgp BGP capability.
evpn EVPN protocol.
instance Specifies creating an EVPN instance
evpn_instance_name Name of the EVPN instance.

Default
N/A.

Usage Guidelines
The EVPN instance will become active if the configured VNI matches the configured
VNI of a virtual network.

1674 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example creates an EVPN instance named "my_evpn":
# create bgp evpn instance my_evpn

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

create bgp neighbor peer-group

create bgp neighbor remoteaddr peer-group peer-group-name {multi-hop}

Description
Creates a new neighbor and makes it part of the peer group.

Syntax Description
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor.
peer-group-name Specifies a peer group.
multi-hop Specifies to allow connections to EBGP peers that are not
directly connected.

Default
N/A.

Usage Guidelines
You can specify an IPv4 or IPv6 address for the BGP peer. The address can be a global
unicast or a link-local address. IPv6 link-local remote addresses are supported only for
EBGP single-hop peerings.

If you are adding an IPv4 peer to a peer group and no IPv4 address family capabilities
are assigned to the specified peer group, the IPv4 unicast and multicast address
families are automatically enabled for that peer group. If you adding an IPv6 peer to

Switch Engine™ Command Reference Guide for version 32.7.1 1675

Example Commands

a peer group and no IPv6 address family capabilities are assigned to the peer group,
you must explicitly enable the IPv6 address family capabilities you want to support.

Note
If the peer group or any member of the peer group has been configured with
an IPv4 or IPv6 address family, the peer group only accepts peers that are
configured to use that family. For example, if a peer group is configured for the
IPv4 unicast address family, the switch will not allow you to add an IPv6 peer.
LIkewise, an IPv6 peer group cannot accept an IPv4 peer.

If the multihop keyword is not specified, the IP addresses of the EBGP speaker and peer
must belong to the same subnet.

All the parameters of the neighbor are inherited from the peer group. The peer group
should have the remote AS configured.

To add an existing neighbor to a peer group, use the following command:

configure bgp neighbor [all | remoteaddr] peer-group [peer-group-name |
none] {acquire-all}

If you do not specify acquire-all, only the mandatory parameters are inherited from
the peer group. If you specify acquire-all, all of the parameters of the peer group are
inherited. This command disables the neighbor before adding it to the peer group.

Example
The following command creates a new neighbor and makes it part of the peer group
outer:
create bgp neighbor 192.1.1.22 peer-group outer

The following example specifies how to create a neighbor peer group in a VRF (PE – CE
neighbor session):
virtual-router <vr_vrf_name>
create bgp neighbor <remoteaddr> remote-AS-number <asNumber> {multi-hop}
create bgp neighbor <remoteaddr> peer-group <peer-group-name> {multi-hop}
delete bgp [{neighbor} <remoteaddr> | neighbor all ]
[create | delete] bgp peer-group <peer-group-name>

BGP maintains a separate RIB (RIB-In, RIB-Loc and RIB-Out) for each of the VRF it
is configured to run. So routes received from a peer in VRF1 are not mixed up with
routes from a peer in VRF2. Additionally, BGP routes in a VRF are regular IPv4 routes
of address family ipv4. The BGP decision algorithm occurs inside a VRF and is not
impacted by any BGP activity in other VRF.There can be two BGP neighbors with the
same peer IP address in two different VRFs.

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

1676 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for L3 VPN was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature,see the Switch Engine 32.7.1
Feature License Requirements document.

create bgp neighbor remote-AS-number

create bgp neighbor remoteaddr remote-AS-number as-number {multi-hop}

Description
Creates a new BGP peer.

Syntax Description
remoteaddr Specifies an IP address of the BGP neighbor.
as-number Specifies a remote AS number. The range is 1 to
4294967295.
multi-hop Specifies to allow connections to EBGP peers that are not
directly connected.

Default
N/A.

Usage Guidelines
You can specify an IPv4 or IPv6 address for the BGP peer. The address can be a global
unicast or a link-local address. IPv6 link-local remote addresses are supported only for
EBGP single-hop peerings.

If the multihop keyword is not specified, the IP addresses of the EBGP speaker and peer
must belong to the same subnet.

The AS number is a 4-byte AS number in either the ASPLAIN or the ASDOT format as
described in RFC 5396, Textual Representation of Autonomous System (AS) Numbers.

If the AS number is the same as the AS number provided in the configure bgp as
command, then the peer is consider an IBGP peer, otherwise the neighbor is an EBGP
peer. The BGP session to a newly created peer is not started until the enable bgp
neighbor command is issued.

Switch Engine™ Command Reference Guide for version 32.7.1 1677

Example Commands

Example
The following command specifies a BGP peer AS number using the ASPLAIN 4-byte AS
number format:

create bgp neighbor 10.0.0.1 remote-AS-number 65540

The following command specifies a BGP peer AS number using the ASDOT 4-byte AS
number format:

create bgp neighbor 10.0.0.1 remote-AS-number 1.5

The following command specifies a BGP peer using an IPv6 address:

create bgp neighbor fe80::204:96ff:fe1e:a8f1%vlan1 remote-AS-number 200

The following example specifies how to create a neighbor peer group in a VRF (PE – CE
neighbor session):

virtual-router <vr_vrf_name>
create bgp neighbor <remoteaddr> remote-AS-number <asNumber> {multi-hop}
create bgp neighbor <remoteaddr> peer-group <peer-group-name> {multi-hop}
delete bgp [{neighbor} <remoteaddr> | neighbor all ]
[create | delete] bgp peer-group <peer-group-name>

BGP maintains a separate RIB (RIB-In, RIB-Loc and RIB-Out) for each of the VRF it
is configured to run. So routes received from a peer in VRF1 are not mixed up with
routes from a peer in VRF2. Additionally, BGP routes in a VRF are regular IPv4 routes
of address family ipv4. The BGP decision algorithm occurs inside a VRF and is not
impacted by any BGP activity in other VRF.There can be two BGP neighbors with the
same peer IP address in two different VRFs.

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for 4-byte AS numbers was first available in ExtremeXOS 12.4.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for L3 VPN was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

1678 Switch Engine™ Command Reference Guide for version 32.7.1

Commands create bgp peer-group

create bgp peer-group

create bgp peer-group peer-group-name

Description
Creates a new peer group.

Syntax Description
peer-group-name Specifies a peer group.

Default
N/A.

Usage Guidelines
You can use BGP peer groups to group together up to 512 BGP neighbors. All neighbors
within the peer group inherit the parameters of the BGP peer group. The following
mandatory parameters are shared by all neighbors in a peer group:
• source-interface
• out-nlri-filter
• out-aspath-filter
• out-route-policy
• send-community
• next-hop-self

The BGP peer group name must begin with an alphabetical character and may
contain alphanumeric characters and underscores ( _ ), but it cannot contain spaces.
The maximum allowed length for a name is 32 characters. For name creation
guidelines and a list of reserved names, see the Switch Engine 32.7.1 Feature License
Requirements document..

No IPv4 or IPv6 address family capabilities are added a to a new peer group. When
the first IPv4 peer is added to a peer group, the IPv4 unicast and multicast families are
enabled by default. No IPv6 address family capabilities are automatically added when
an IPv6 peer is added to a peer group; you must explicitly add any IPv6 address family
capabilities that you want for a peer group.

Example
The following command creates a new peer group named outer:
create bgp peer-group outer

Switch Engine™ Command Reference Guide for version 32.7.1 1679

History Commands

The following example specifies how to create a neighbor peer group in a VRF (PE – CE
neighbor session):
virtual-router <vr_vrf_name>
create bgp neighbor <remoteaddr> remote-AS-number <asNumber> {multi-hop}
create bgp neighbor <remoteaddr> peer-group <peer-group-name> {multi-hop}
delete bgp [{neighbor} <remoteaddr> | neighbor all ]
[create | delete] bgp peer-group <peer-group-name>

BGP maintains a separate RIB (RIB-In, RIB-Loc and RIB-Out) for each of the VRF it
is configured to run. So routes received from a peer in VRF1 are not mixed up with
routes from a peer in VRF2. Additionally, BGP routes in a VRF are regular IPv4 routes
of address family ipv4. The BGP decision algorithm occurs inside a VRF and is not
impacted by any BGP activity in other VRF.There can be two BGP neighbors with the
same peer IP address in two different VRFs.

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for L3 VPN was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

create cfm domain dns md-level

create cfm domain dns name md-level level

Description
Creates a maintenance domain (MD) in the DNS name format and assigns an MD level
to that domain.

Syntax Description
name Assigns the name you want for this domain, using the
DNS name format. Enter alphanumeric characters for this
format; the maximum is 43 characters.
level Specifies the MD level you are assigning to this domain.
Enter a value between 0 and 7.

1680 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
You can have up to 8 domains on a switch, and each one must have a unique MD level.

You assign each domain a maintenance domain (MD) level, which function in a
hierarchy for forwarding CFM messages. The levels are from 0 to 7; with the highest
number being superior in the hierarchy.

The IEEE standard 801.2ag specifies different levels for different network users, as
follows:
• 5 to 7 for end users
• 3 and 4 for Internet service providers (ISPs)
• 0 to 2 for operators (entities carrying the information for the ISPs)

Note
MEPs with intervals 3 and 10 cannot be created in this domain as the
domain name format is of dns type.

Example
The following command creates a domain, using the DNS name format, named
extreme and assigns that domain an MD level of 2:

create cfm domain dns extreme md-level 2

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

create cfm domain mac md-level

create cfm domain mac mac-addr int md-level level

Description
Creates a maintenance domain (MD) in the MAC address + 2-octet integer format and
assigns an MD level to that domain.

Switch Engine™ Command Reference Guide for version 32.7.1 1681

Syntax Description Commands

Syntax Description
mac-addr Enter a MAC address in the format XX:XX:XX:XX:XX:XX to specify part of
the domain name.
int Enter the 2-octet integer you want to append to the MAC address to
specify the domain name.
level Specifies the MD level you are assigning to this domain. Enter a value
between 0 and 7.

Default
N/A.

Usage Guidelines
You can have up to 8 domains on a switch, and each one must have a unique MD level.

You assign each domain a maintenance domain (MD) level, which function in a
hierarchy for forwarding CFM messages. The levels are from 0 to 7; with the highest
number being superior in the hierarchy.

The IEEE standard 801.2ag specifies different levels for different network users, as
follows:
• 5 to 7 for end users
• 3 and 4 for Internet service providers (ISPs)
• 0 to 2 for operators (entities carrying the information for the ISPs)

Example
The following command creates a domain, using the MAC + 2-octet integer format,
with the MAC address of 11:22:33:44:55:66 and an integer value of 63; it also assigns that
domain an MD level of 2:

create cfm domain mac 11:22:33:44:55:66 63 md-level 2

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

create cfm domain string md-level

create cfm domain string str_name md-level level

1682 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Creates a maintenance domain (MD) in the string name format and assigns an MD
level to that domain.

Syntax Description
str_name Enter a character string to specify part of the domain name. The
maximum length is 43 characters.
level Specifies the MD level you are assigning to this domain. Enter a value
between 0 and 7.

Default
N/A.

Usage Guidelines
You can have up to 8 domains on a switch, and each one must have a unique MD level.

You assign each domain a maintenance domain (MD) level, which function in a
hierarchy for forwarding CFM messages. The levels are from 0 to 7; with the highest
number being superior in the hierarchy.

The IEEE standard 801.2ag specifies different levels for different network users, as
follows:
• 5 to 7 for end users
• 3 and 4 for Internet service providers (ISPs)
• 0 to 2 for operators (entities carrying the information for the ISPs)

Example
The following command creates a domain, using the string format having a value of
extreme; it also assigns that domain an MD level of 2:

create cfm domain string extreme md-level 2

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1683

create cfm segment destination Commands

create cfm segment destination

create cfm segment segment_name destination mac_addr {copy
segment_name_to_copy}

Description
Creates a CFM segment.

Syntax Description
segment_name An alpha numeric string identifying the segment name.
mac_addr Specifies the MAC address.
segment_name_to_copy Specifies the CFM segment whose configuration is to be
copied.

Default
N/A.

Usage Guidelines
Use this command to explicitly create a CFM segment where the segment name is a
32-byte long alpha-numeric character string.

Example
The following command creates a CFM segment named segment-new using MAC
address 00:11:22:11:33:11 and copying segment-old:

create cfm segment segment-new destination 00:11:22:11:33:11 copy segment-old

Here, the copy existing cfm segment is an optional parameter, and if used, the
following configurations from the existing CFM segment are copied to the newly
created segment:
• DMM transmission interval
• Class of service
• Threshold values
• Measurement window size
• Timeout value

Note
The copy option is not shown in "show config" as it is used only for copying
the existing values when creating a segment.

1684 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

If you later configure any of the above mentioned information in segment-new, the
old value(s) which were copied from segment-old will be overwritten with the new one
in segment-new, as is done for any other commands. The same will not be true on
the reverse case. If you modify the values of segment-old, the modified value will NOT
be propagated to the CFM segments which use segment-old's configurations. In other
words, the configurations of segment-old that are at the time of creating segment-new
will alone be copied and not any other changes that are made to segment-old later on.

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is available on all Universal switches supported in this document.

create database
create database database_name

Description
Creates an Automation Edge remote VXLAN network identifier (VNI)-device database.

Syntax Description
database Creates a remote VNI-database.
database_name Specifies the name of the new database.

Default
N/A.

Usage Guidelines
You can only create one VNI-device database.

Example
The following example creates a database called "database1":
# create database database1

History
This command was first available in ExtremeXOS 31.1 as a demonstration feature.

This command is fully supported in ExtremeXOS 31.2.

Switch Engine™ Command Reference Guide for version 32.7.1 1685

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

create eaps shared-port

create eaps shared-port ports

Description
Creates an EAPS shared port on the switch.

Syntax Description
ports Specifies the port number of the common link port.

Default
N/A.

Usage Guidelines
To configure a common link, you must create a shared port on each switch on either
end of the common link.

Example
The following command creates a shared port on the EAPS domain.

create eaps shared-port 1:2

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all platforms with the appropriate license. For complete
information about software licensing, including how to obtain and upgrade your
license and what licenses are appropriate for this feature, see the Switch Engine 32.7.1
Feature License Requirements document.

create eaps
create eaps name

1686 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Creates an EAPS domain with the specified name.

Syntax Description
name Specifies the name of an EAPS domain to be created. Can
be up to 32 characters in length.

Default
N/A.

Usage Guidelines
An EAPS domain name must begin with an alphabetical character and may contain
alphanumeric characters and underscores (_), but it cannot contain spaces. The
maximum allowed length for a name is 32 characters. For name creation guidelines
and a list of reserved names, see Object Names in the ExtremeXOS Concepts Guide.

Example
The following command creates EAPS domain eaps_1:

create eaps eaps_1

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

create erps ring

create erps ring-name {ring-id ring_id}

Description
Creates an ERPS ring.

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
ring-id Specifies configuring a unique integer ID for ERPS ring.
ring_id Sets the ERPS ring ID value. Range is 1 to 239.

Switch Engine™ Command Reference Guide for version 32.7.1 1687

Default Commands

Default
N/A.

Usage Guidelines
Use this command to create an ERPS ring, and optionally the ring ID.

Example
The following command creates an ERPS ring named “ring1” with ring ID "50":
create erps ring1 ring-id 50

History
This command was first available in ExtremeXOS 15.1.

Ring ID was added in ExtremeXOS 32.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

create esrp
create esrp esrp_domain {type [vpls-redundancy | standard]}

Description
Creates an ESRP domain with the specified name on the switch.

Syntax Description
esrp_domain Specifies the name of an ESRP domain to be created. Can
be up to 32 characters in length.

Default
The ESRP domain is disabled and in the “Aware” state.

When you create an ESRP domain, it has the following default parameters:
• Operational version—Extended
• Priority—0
• VLAN interface—none
• VLAN tag—0
• Hello timer—2 seconds
• Neighbor timer—8 seconds

1688 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

• Premaster timer—6 seconds

• Neutral timer—4 seconds
• Neighbor restart timer—30 seconds
• VLAN tracking—none
• Ping tracking—none
• IP route tracking—none

Usage Guidelines
The type keyword specifies the type of ESRP domain when a new ESRP domain is
created. The only types supported are vpls-redundancy and standard. Not specifying
the optional ESRP domain type results in the creation of an ESRP domain of type
standard. The standard ESRP domain is equivalent to the legacy ESRP domain type
that was implicitly created. The vpls-redundancy domain type is only specified when
redundant access to an MPLS VPLS network is desired.

An ESRP domain name must begin with an alphabetical character and may contain
alphanumeric characters and underscores ( _ ), but it cannot contain spaces. The
maximum allowed length for a name is 32 characters. For ESRP domain name
guidelines and a list of reserved names, see Object Names in the Switch Engine 32.7.1
User Guide.

Each ESRP domain name must be unique and cannot duplicate any other named
ESRP domains on the switch. If you are uncertain about the ESRP names on the switch,
use the show esrp command to view the ESRP domain names.

You can create a maximum of 128 ESRP domains.

Configuring ESRP-Aware Switches

For an Extreme Networks switch to be ESRP-aware, you must create an ESRP domain
on the aware switch, add a master VLAN to that ESRP domain, add a member VLAN to
that ESRP domain if configured, and configure a domain ID if necessary.

For complete information about software licensing, including how to obtain and
upgrade your license and what licenses are appropriate for this feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

Example
The following command creates ESRP domain esrp1 on the switch:

create esrp esrp1

History
This command was first available in ExtremeXOS 11.0.

Switch Engine™ Command Reference Guide for version 32.7.1 1689

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

create fdb mac-tracking entry

create fdb mac-tracking entry mac_addr

Description
Adds a MAC address to the MAC address tracking table.

Syntax Description
mac_addr Specifies a device MAC address, using colon-separated
bytes.

Default
The MAC address tracking table is empty.

Usage Guidelines
None.

Example
The following command adds a MAC address to the MAC address tracking table:
create fdb mac-tracking entry 00:E0:2B:12:34:56

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is available on all Universal switches supported in this document.

create fdb vlan ports

create fdb mac_addr vlan vlan_name [ports port_list {tagged tag} |
blackhole | vxlan { vr vr_name } {ipaddress} remote_ipaddress ]
| broadcast vlan vlan_name vxlan { vr vr_name } {ipaddress}
remote_ipaddress | unknown-multicast vlan vlan_name vxlan { vr
vr_name } {ipaddress} remote_ipaddress | unknown-unicast vlan
vlan_name vxlan { vr vr_name } {ipaddress} remote_ipaddress ]

1690 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Creates a permanent static FDB entry.

Syntax Description
mac_addr Specifies a device MAC address, using colon-separated
bytes.
vlan_name Specifies a VLAN name associated with a MAC address.
port_list Specifies one or more ports or slots and ports associated
with the MAC address.
tagged tag Specifies the port-specific VLAN tag. When there are
multiple ports specified in port_list, the same tag is used
for all of them.
blackhole Enables the blackhole option. Any packets with either
a source MAC address or a destination MAC address
matching the FDB entry are dropped.
broadcast Forwarding destination(s) for broadcast traffic.
unknown-unicast Forwarding destination(s) for unknown unicast traffic.
unknown-unicast Forwarding destination(s) for unknown multicast traffic.
vxlan The MAC address is reachable through a VXLAN Tunnel.
vr VR/VRF instance the IPv4 address is configured on.
vr_name An existing VR/VRF name.
ipaddress Configure the IP address of the remote tunnel endpoint to
which the MAC needs to be bound.
remote_ipaddress IPv4 address of the remote tunnel endpoint.

Default
N/A.

Usage Guidelines
Permanent entries are retained in the database if the switch is reset or a power
off/on cycle occurs. A permanent static entry can either be a unicast or multicast
MAC address. After they have been created, permanent static entries stay the same
as when they were created. If the same MAC address and VLAN is encountered on
another virtual port that is not included in the permanent MAC entry, it is handled as a
blackhole entry. The static entry is not updated when any of the following take place:
• A VLAN identifier (VLANid) is changed.
• A port is disabled.
• A port enters blocking state.
• A port goes down (link down).

Switch Engine™ Command Reference Guide for version 32.7.1 1691

Example Commands

A permanent static FDB entry is deleted when any of the following take place:
• A VLAN is deleted.
• A port mode is changed (tagged/untagged).
• A port is deleted from a VLAN.

Permanent static entries are designated by spm in the flags field of the show fdb
output. You can use the show fdb command to display permanent FDB entries.

If the static entry is for a PVLAN VLAN that requires more than one underlying entry,
the system automatically adds the required entries. For example, if the static entry is for
a PVLAN network VLAN, the system automatically adds all required extra entries for the
subscriber VLANs.

You can create FDB entries to multicast MAC addresses and list one or more ports. If
more than one port number is associated with a permanent MAC entry, packets are
multicast to the multiple destinations.

IGMP snooping rules take precedence over static multicast MAC addresses in the IP
multicast range (01:00:5e:xx:xx:xx) unless IGMP snooping is disabled.

Note
When a multiport list is assigned to a unicast MAC address, load sharing is not
supported on the ports in the multiport list.

In ExtremeXOS 21.1, this command was extended to add a remote VTEP as a destination
to a MAC address. Three new tokens “broadcast”, “unknown-multicast” and “unknown-
unicast” have been added to this command. When you want to specify a destination
to forward all broadcast or unknown unicast traffic on that VLAN, these token are used.
For “broadcast”, “unknown-multicast” and “unknown-unicast” only remote VTEPs (and
not port_list or blackhole) can be specified in this release of ExtremeXOS. These entries
can only be created when the virtual-network is in explicit-remote flooding mode.

Example
The following command adds a permanent, static entry to the FDB for MAC address 00
E0 2B 12 34 56, in VLAN marketing on port 4 on a switch:
create fdb 00:E0:2B:12:34:56 vlan marketing port 4

The following example adds a permanent, static entry to the FDB for MAC address
00:01:02:03:04:05, in VLAN marketing, on a VLAN port that has tag 100 on port 3 on a
switch:
create fdb 00:01:02:03:04:05 vlan msk ports 3 tag 100

History
This command was first available in ExtremeXOS 10.1.

The ability to create a multicast FDB with multiple entry ports was added in
ExtremeXOS 11.3.

1692 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

The blackhole option was first available for all platforms in ExtremeXOS 12.1.

In ExtremeXOS 12.3, the fdb keyword was introduced as an alias to the fdbentry
keyword to avoid interference with the syntax of the MAC-Tracking feature commands.
Both keywords execute; however, the syntax helper (tab completion) does not
recognize the fdbentry keyword.

The tag keyword and example was added in ExtremeXOS 15.4.

Three new tokens “broadcast”, “unknown-multicast” and “unknown-unicast” were

added to this command in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

create flow-redirect
create flow-redirect flow_redirect_name

Description
Creates a named flow redirection policy.

Syntax Description
flow_redirect_name Specifies the name of the flow redirection policy.

Default
N/A.

Usage Guidelines
Use this command to create a named flow redirection policy to which nexthop
information can be added.

For name creation guidelines and a list of reserved names, see Object Names in the
Switch Engine 32.7.1 User Guide.

Example
The following example creates a flow redirection policy names flow3:
create flow-redirect flow3

History
This command was first available in ExtremeXOS 12.1.

Switch Engine™ Command Reference Guide for version 32.7.1 1693

Platform Availability Commands

The maximum number of flow redirects was increased to 4096 in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

create flowmon collector

create flowmon collector collector_name

Description
Creates a collector where Flow Monitor sends information.

Syntax Description
collector Specifies to send flow information to a collector.
collector_name Specifies the name of the created collector. Range is 32
characters.

Default
N/A.

Usage Guidelines
Up to eight external collectors are supported. The created collector must be configured
before it can be added to a group, and a collector can be used by many groups.

The system will reject any attempt to create a collector that already exists.

Example
The following command creates a collector with the name 'src-ipv4-address':
# create flowmon collector src-ipv4-address

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on ExtremeSwitching 5420, 5520, and 5720 series switches.

1694 Switch Engine™ Command Reference Guide for version 32.7.1

Commands create flowmon group

create flowmon group

create flowmon group group_name

Description
Creates a Flow Monitor group.

Syntax Description
group Specifies the Flow Monitor group.
group_name Specifies the assigned name of the Flow Monitor group.
Range is 32 characters.

Default
N/A.

Usage Guidelines
The system will reject any attempt to create a group that already exists.

Example
The following command creates a group with the name 'max-flow-age':
# create flowmon group max-flow-age

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on ExtremeSwitching 5420, 5520, and 5720 series switches.

create flowmon key

create flowmon key key_name

Description
Creates a Flow Monitor key.

Switch Engine™ Command Reference Guide for version 32.7.1 1695

Syntax Description Commands

Syntax Description
key Specifies the Flow Monitor key.
key_name Specifies the assigned name of the Flow Monitor key.
Range is 32 characters.

Default
N/A.

Usage Guidelines
The system will reject any attempt to create a key that already exists.

Example
The following command creates a key with the name 'src-ipv4-addr':
# create flowmon key src-ipv4-addr

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on ExtremeSwitching 5420, 5520, and 5720 series switches.

create identity-management role

create identity-management role role_name match-criteria match_criteria
{priority pri_value}

Description
Creates and configures an identity management role.

Syntax Description
role_name Specifies a name for the new role (up to 32 characters).
match_criteria Specifies an expression that identifies the users to be
assigned to the new role.
pri_value Specifies the role priority; the lower the priority number,
the higher the priority. The range of values is 1 to 255. Value
1 represents the highest priority, and value 255 represents
the lowest priority.

1696 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Priority=255.

Usage Guidelines
The identity management feature supports a maximum of 64 roles.

The role name can include up to 32 characters. Role names must begin with an
alphabetical letter, and only alphanumeric, underscore (_), and hyphen (-) characters
are allowed in the remainder of the name. Role names cannot match reserved
keywords, or the default role names reserved by identity manager. For more
information on role name requirements and a list of reserved keywords, see Object
Names in the Switch Engine 32.7.1 User Guide. The role names reserved by identity
manager are:
• authenticated.
• blacklist.
• unauthenticated.
• whitelist.

The match-criteria is an expression or group of expressions consisting of identity

attributes, operators and attribute values. The maximum number of attribute value
pairs in a role match criteria is 16. The variables in the match criteria can be matched
to attributes retrieved for the identity from an LDAP server, or they can be matched to
attributes learned locally by identity manager.

Table 19 lists match criteria attributes that can be retrieved from an LDAP server.

Table 20 on page 1698 lists locally learned attributes that can be used for match criteria.

Table 21 on page 1698 lists the match criteria operators.

Table 19: LDAP Match Criteria Attributes

LDAP Attribute Name Value Type
l or location String
company String
co or country String
department String
employeeID String
st or state String
title String

Switch Engine™ Command Reference Guide for version 32.7.1 1697

Usage Guidelines Commands

Table 19: LDAP Match Criteria Attributes (continued)

LDAP Attribute Name Value Type
mail or email String
memberOf String

Table 20: Locally Learned Match Criteria Attributes

Attribute Attribute Name Value Type Example
Description
LLDP device name device-model String device-name ==
Avaya4300

LLDP device device-capability String:OtherRepeate device-

capabilities rBridgeWLAN capability ==
access Telephone
portRouterPhoneD
OCSIS cable
deviceStation only
LLDP device device- String device-
manufacturer name manufacturer-name manufacturer-
name == Avaya

LLPD system device-description String device-

description description==Del
l EqualLogic
Storage Array

MAC address mac MAC mac ==

00:01:e6:00:00:0
0/
ff:ff:ff:00:00:0
0

MAC OUI mac-oui MAC mac-oui ==

00:04:96

IP address ip-address IP ip-address ==

10.1.1.0/20

User name username String userName == adam

Port list ports Portlist ports == 1,5-8

Table 21: Match Criteria Operators

Operator Description
== Equal. Creates a match when the value returned for the
specified attribute matches the value specified in the role.
!= Not equal. Creates a match when the value returned for the
specified attribute does not match the value specified in the
role.

1698 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Table 21: Match Criteria Operators (continued)

Operator Description
AND And. Creates a match when the two expressions joined by this
operator are both true.
contains Contains. Creates a match when the specified attribute contains
the text specified in the role definition.
; Semicolon. This delimiter separates expressions within the
match criteria.

The role priority determines which role a user is mapped to when the user’s attributes
match the match-criteria of more than 1 role. If the user’s attributes match multiple
roles, the highest priority (lowest numerical value) role applies. If the priority is the same
for all matching roles, the role for which the priority was most recently set or modified is
used.

Example
The following examples create roles for the conditions described in the comments that
precede the commands:

# Creates a role named "India-Engr" that matches employees from the Engineering
# department who work in India
* Switch.22 # create identity-management role "India-Engr" match-criteria
"country==India; AND department==Engineering;"
# Creates a role named “US-Engr” that matches employees whose title is Engineer and
# who work in United States
* Switch.23 # create identity-management role US-Engr match-criteria "title contains
Engineer; AND country == US;" priority 100
# Creates a role named "Avaya4300Device" for Avaya phones of type 4300 that are
# manufactured by Avaya
* Switch.24 # create identity-management role "Avaya4300Device" match-criteria "device-
capability == Phone; AND device-name == Avaya4300; AND device-manufacturer-name == Avaya;"
# Creates a role for all Extreme Networks switches with MAC-OUI "00:04:96"
* Switch.25 # create identity-management role "ExtremeSwitch" match-criteria "mac-oui ==
00:04:96;"
# Creates a role for all identities with IP address 1.2.3.1 - 1.2.3.255
* Switch.26 # create identity-management role "EngineeringDomain" match-criteria "ip-
Address == 1.2.3.0/255.255.255.0;"
# Creates a role for all phone devices with MAC_OUI of "00:01:e6"
* Switch.27 # create identity-management role "Printer" match-criteria "mac ==
00:01:e6:00:00:00/ff:ff:ff:00:00:00; device-capability == Phone;"
# Creates a role for the user name "adam" when he logs in from IP address 1.2.3.1 -
# 1.2.3.255.
* Switch.28 # create identity-management role "NotAccessibleUser" match-criteria
"userName == adam; AND "ip-Address == 1.2.3.0/24;"
# Creates a role named "secureAccess" for users who log in on ports 1, 5, 6, 7, and 8
# with IP addresses in the range of 10.1.1.1 to 10.1.1.255
create identity-management role "SecureAccess" match-criteria "ports == 1,5-8; AND ip-
address == 10.1.1.0/20;"
# Creates a role named “Prod-Engineers” for all the engineers who are under LDAP group
'Production'.
Create identity-management role “Prod-Engineers” match-criteria “title==Engineer; AND
memberOf==Production;”

Switch Engine™ Command Reference Guide for version 32.7.1 1699

History Commands

History
This command was first available in ExtremeXOS 12.5.

Support for matching locally learned attributes was added in ExtremeXOS 12.7.

Platform Availability
This command is available on all Universal switches supported in this document.

create ip nat rule

create ip nat rule rule_name type [ source-nat | napt | destination-
napt]

Description
Creates an IP Network Address Translation (NAT) rule.

Syntax Description
ip Specifies Internet Protocol (IP).
nat Specifies NAT.
rule Specifies creating a NAT rule.
rule_name Specifies the NAT rule name.
type Specifies the NAT translation type.
source-nat Specifies modifying the source IP address for outbound
traffic.
napt Specifies modifying the source IP address and transport
identifier for outbound traffic (Network Address Port
Translation).
destination-napt Specifies modifying the destination IP address and
transport identifier for inbound traffic.

Default
N/A.

Usage Guidelines
The type option specifies the kind of translation that is carried out for the NAT rule.

To delete a rule, run the command delete ip nat rule rule_name.

User-created rules cannot be created with a name starting with “SYS_NAT_RULE_”.

1700 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example creates an IP NAT rule named "rule1" where the translation
modifies the source IP address for outbound traffic:
# create ip nat rule rule1 type source-nat

History
This command was first available in ExtremeXOS 31.2.

Platform Availability
This command is available on the switches that support the IP NAT feature.
For information about which switches support this and other features, see the
Switch Engine 32.7.1 Feature License Requirements document.

create isis area

create isis area area_name

Description
This command creates an IS-IS router process in the current virtual router.

Syntax Description
area_name Defines a name for the new IS-IS router process.

Default
N/A.

Usage Guidelines
No PDUs are sent until after the following events:
• The router process has been enabled
• The router process has been assigned a system ID and area address
• The router process has at least one interface (VLAN) that has IPv4 or IPv6 forwarding
enabled.

By default, newly created IS-IS router processes are Level 1/Level 2 routers if a level
2 router process does not already exist in the current virtual router. No more than
one IS-IS router process may be configured as a level 2 router. IS-IS router processes
on different virtual routers may have the same name, but this is not recommended
as it may cause confusion when administering the switch. The router process name
supplied with this command may be optionally used as the hostname for this router
process when dynamic hostname exchange support is enabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1701

Example Commands

The area name must begin with an alphabetical character and may contain
alphanumeric characters and underscores ( _ ), but it cannot contain spaces. The
maximum allowed length for a name is 32 characters. For name creation guidelines
and a list of reserved names, see Object Names in the ExtremeXOS Concepts Guide.

A maximum of one area can be created per VR in this release.

Example
The following command creates a new IS-IS router process named areax:

create isis area areax

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

create keychain
create keychain keychain_name

Description
This command creates a keychain.

Syntax Description
keychain_name Defines a name for the new keychain. The range is 1-31.

Default
N/A.

Usage Guidelines
Use this command to create a keychain.

Example
The following command creates a new OSPFv3 keychain:

create keychain ospfv3-keys1

1702 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 31.3.

Platform Availability
This command is available on all Universal switches supported in this document.

create l2pt profile

create l2pt profile profile_name

Description
Creates an L2PT profile.

Syntax Description
l2pt Creates a Layer 2 protocol tunneling profile.
profile Profile that defines L2PT configuration for L2 protocols.
profile_name Specifies a profile name (maximum 32 characters).

Default
Disabled.

Usage Guidelines
Use this command to create an L2PT profile.

Example
The following example create a new L2PT profile named "my_l2pt_prof":
create l2pt profile my_l2pt_prof

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1703

create l2vpn fec-id-type pseudo-wire Commands

create l2vpn fec-id-type pseudo-wire

create l2vpn [vpls vpls_name | vpws vpws_name] fec-id-type pseudo-wire
pwid

Description
Creates a Layer 2 VPN, which can be either a VPLS or VPWS.

Syntax Description
vpls_name Identifies the VPLS within the switch (character string). The
vpls_name string must begin with an alphabetic character, and may
contain up to 31 additional alphanumeric characters.
vpws_name Identifies the VPWS within the switch (character string). The
vpws_name string must begin with an alphabetic character, and may
contain up to 31 additional alphanumeric characters.
pwid Specifies a PW ID. Must be a non-zero 32-bit value that has network-
wide significance.

Default
For the VPLS dot1q tag, the default value is exclude.

Usage Guidelines
Each VPLS or VPWS is a member of a single VPN, and each VPN can have only one
associated VPLS or VPWS per switch. External to the switch, each VPN has an identifier.

A VPLS or VPWS name must begin with an alphabetical character and may contain
alphanumeric characters and underscores (_), but it cannot contain spaces. The
maximum allowed length for a name is 32 characters. For name creation guidelines
and a list of reserved names, see Object Names in the Switch Engine 32.7.1 User Guide.

Any non-zero 32-bit value that has network-wide significance can be specified for the
identifier. This pwid is used on all pseudo-wires in the VPLS.

The l2vpn keyword is introduced in ExtremeXOS Release 12.4 and is required when
creating a VPWS. For backward compatibility, the l2vpn keyword is optional when
creating a VPLS. However, this keyword will be required in a future release, so we
recommend that you use this keyword for new configurations and scripts.

Note
The switch's LSR ID must be configured before a VPLS or VPWS can be created.

1704 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
This example creates a VPLS with 99 as the PW ID:

create vpls vpls1 fec-id-type pseudo-wire 99

The following example creates a VPWS with 101 as the PW ID:

create l2vpn vpws vpws1 fec-id-type pseudo-wire 101

History
This command was first available in ExtremeXOS 11.6.

The l2vpn and vpws keywords were first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

create ldap domain

create ldap domain domain_name {default}

Description
This command is used to add an LDAP domain. The new domain can be added as the
default. Older default domains, if any, will no longer be the default since once only one
domain can be default at a time.

Syntax Description
domain_name Name of new LDAP domain to be added

Default
N/A.

Usage Guidelines
Use this command to add an LDAP domain.

You can see the LDAP domains added by using the show ldap domain command.

Supporting multiple domains gives ExtremeXOS the capabilty to send LDAP queries to
gather information about users belonging to different domains but connected to the
same switch.

Switch Engine™ Command Reference Guide for version 32.7.1 1705

Example Commands

You can add upto 8 LDAP domains.

Example
The following command creates an LDAP domain with the name "sales.XYZCorp.com
and marks it as the default domain:

create ldap domain sales.XYZCorp.com default

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on all Universal switches supported in this document.

create log filter

create log filter name {copy filter_name}

Description
Creates a log filter with the specified name.

Syntax Description
name Specifies the name of the filter to create.
copy Specifies that the new filter is to be copied from an existing
one.
filter_name Specifies the existing filter to copy.

Default
N/A.

Usage Guidelines
This command creates a filter with the name specified. A filter is a customizable list
of events to include or exclude, and optional parameter values. The list of events can
be configured by component or subcomponent with optional severity, or individual
condition, each with optional parameter values. See the commands configure log
filter events and configure log filter events match for details on how to add
items to the filter.

1706 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

The filter can be associated with one or more targets using the configure log target
filter command to control the messages sent to those targets. The system has
one built-in filter named DefaultFilter, which itself may be customized. Therefore, the
create log filter command can be used if a filter other than DefaultFilter is desired.
As its name implies, DefaultFilter initially contains the default level of logging in which
every ExtremeXOS component and subcomponent has a pre-assigned severity level.

If another filter needs to be created that will be similar to an existing filter, use the copy
option to populate the new filter with the configuration of the existing filter. If the copy
option is not specified, the new filter will have no events configured and therefore no
incidents will pass through it.

The total number of supported filters, including DefaultFilter, is 20.

Example
The following command creates the filter named fdb2, copying its configuration from
the filter DefaultFilter:

create log filter fdb2 copy DefaultFilter

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

create log message

create log message text

Description
This command logs an event using the text provided as the message.

Syntax Description
log Configure log service.
message Message to be logged.
text Text of log message.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 1707

Usage Guidelines Commands

Usage Guidelines
Use this command to log an event using the text as provided as the message.

Example
# create log message "Creating the test VLAN"
# show log
08/06/2012 14:11:28.28 <Info:System.userComment> Creating the test VLAN

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

create log target upm

create log target upm {upm_profile_name}

Description
Creates a new UPM target profile.

Syntax Description
upm_profile_name Specifies the name of an existing UPM profile.

Default
N/A.

Usage Guidelines
After configuration, a UPM log target links an EMS filter with a UPM profile. This
command creates the UPM log target.

The default configuration for a new log target binds the target to the EMS filter
defaultFilter, which is used for all system events. To configure the log target, use the
command: configure log target upm {upm_profile_name} filterfilter-name
{severity [[severity] {only}]}.

The default status of a new UPM log target is disabled. To enable the log target, use the
command: enable log target upm {upm_profile_name}.

1708 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

To view the log target, use the command: show log configuration target upm
{upm_profile_name}.

Example
The following example creates a new UPM log target named testprofile1:
create log target upm testprofile1

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the Universal Port feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

create log target xml-notification

create log target xml-notification [ target_name | xml_target_name ]

Description
Creates a Web server XML-notification target name.

Syntax Description
target_name Specifies the name of a non-existing XML notification
target.
xml_target_name Specifies the name of an already existing XML notification
target.

Default
N/A.

Usage Guidelines
Use this command to create a web server XML-notification target name for EMS.

Example
The following command creates the target name test2:
create log target xml-notification text2

Switch Engine™ Command Reference Guide for version 32.7.1 1709

History Commands

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

create macsec connectivity-association

create macsec connectivity-association ca_name pre-shared-key ckn ckn
cak [encrypted encrypted_cak | cak]

Description
Creates a named connectivity-association (CA) object that holds MAC Security
(MACsec) key authentication data.

Syntax Description
connectivity- Secures connectivity provided between MACsec stations.
association
ca_name Defines CA object name.
pre-shared-key Selects static MACsec key consisting of both a CKN and
CAK:
ckn Selects CA key name.
This public (non-secret) key name allows each of the MKA
participants to select which connectivity association k ey
(CAK) to use to process a received MACsec key agreement
(MKA) protocol packets (MKPDU).
ckn Sets the CA key name. Length allowed is 1–32 characters,
entered as ASCII or an octet string preceded with 0x.
cak Sets the connectivity association key (CAK). If you are using
256-bit cipher suite, then the CAK must be 32 octets. The
128-bit cipher suite can use either a 16- or 32-octet CAK.
This is a long-lived secret key used to derive short-lived
lower-layer keys (ICK, KEK, and SAK) which are used for key
distribution and data encryption.
cak Sets the non-encrypted CAK value. Must be entered as
an octet string (for example: “0x859e72f0…”). A 128-bit (16
octet) CAK requires 32 hexadecimal digits, and a 256-bit (32
octet) CAK requires 64 hexadecimal digits. These values are
secret and should be generated off switch with a suitable
pseudorandom number generator.
encrypted Designates that secret key value is in encrypted format.
encrypted_cak Sets the value for the secret key. The encrypted CAK
value is generated by the show configuration macsec
command for previously configured CAKs.

1710 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
Up to 64 unique CA profiles can be created.

Example
The following example creates the CA object "testca" with a CKN of "the blue key" and
128-bit CAK of “0x01020304050607080910111213141516”:
# create macsec connectivity-association testca pre-shared-key ckn “the blue key” cak
“0x01020304050607080910111213141516”

The following example creates the CA object "testca2"

with a CKN of "the red key" and 256-bit CAK of
“0x0102030405060708091011121314151617181920212223242526272829303132”:
# create macsec connectivity-association testca2 pre-shared-key ckn “the red key” cak
“0x0102030405060708091011121314151617181920212223242526272829303132”

# show macsec connectivity-association

MACsec CAK Bit
CA Name Ports Length CAK Name (CKN)
-------------------------------- --------------------
testca None 128 the blue key
testca2 None 256 the red key

Note
The CAKs shown here are examples. Use your own random number for
maximum security.

History
This command was first available in ExtremeXOS 30.1.

Platform Availability
This command is available on the following platforms.

Note
The MACsec feature requires the installation of the MAC Security feature pack
license.

Platform Ports
ExtremeSwitching 5320 All ports of all models except stacking ports.
ExtremeSwitching 5420 All ports of all models except stacking ports.
ExtremeSwitching 5520 All ports, except 5520-VIM-4X and 5520-24X 10G
ports

Switch Engine™ Command Reference Guide for version 32.7.1 1711

create meter Commands

Platform Ports
ExtremeSwitching 5720 All ports of all models except stacking ports.
Extreme 7520-48YE-8CE All front-panel ports.

create meter
create meter meter-name

Description
This command creates a meter for ingress traffic rate limiting.

Syntax Description
meter-name Specifies the meter name.

Default
N/A.

Usage Guidelines
Meter names must begin with an alphabetical character and may contain
alphanumeric characters and underscores ( _ ), but they cannot contain spaces. The
maximum allowed length for a name is 32 characters. For meter name guidelines and a
list of reserved names, see Object Names in the Switch Engine 32.7.1 User Guide.

Example
The following command creates the meter maximum_bandwidth:

create meter maximum_bandwidth

History
This command was available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

create mirror control_index

create mirror control_index

1712 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Creates a "control group" mirror referenced by a unique control index.

Syntax Description
control_index Mirror destination control index in the form of a number 1–
4. Also know as. etsysMirrorDestinationControlIndex. Each
comprises a group of mirror names.

Default
N/A.

Usage Guidelines
You can apply mirrors to policy profile rules by using a "control group" mirror
referenced by a unique control index number (1–4). These control group mirrors are
etsysMirrorDestinationControlEntry entries in the ENTERASYS-MIRROR-CONFIG-MIB
(Mirror MIB). A Mirror MIB instance (designated by a control index) can be associated
with up to four "physical" mirrors, each being one destination port (or tunnel). To
create physical mirrors, use the command create mirror mirror_name {to [port
port | port-list port_list loopback-port port] { remote-tag rtag } |
remote-ip remote_ip_address {{ vr } {vr_name } {from [ source_ip_address
| auto-source-ip]}{ping-check [on | off]} priority priority_value ]}
{description mirror-desc}.

Example
The following example creates a control group mirror with control index number of "1":
# create mirror 1

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

create mirror
create mirror mirror_name {to [port port | port-list port_list loopback-
port port] { remote-tag rtag } | remote-ip remote_ip_address {{ vr }
{vr_name } {from [ source_ip_address | auto-source-ip]}{ping-check
[on | off]} priority priority_value ]} {description mirror-desc}

Switch Engine™ Command Reference Guide for version 32.7.1 1713

Description Commands

Description
Creates a named mirror instance with an optional description, and optional "to port"
definition, or remote IP address destination.

Syntax Description
mirror_name Specifies the mirror name.
port Specifies the mirror output port.
port_list Specifies the list of ports where traffic is to be mirrored.
loopback-port Specifies an otherwise unused port required when
mirroring to a port_list. The loopback-port is not available
for switching user data traffic.
port Specifies a single loopback port that is used internally to
provide this feature.
remote-tag Specifies the value of the VLAN ID used by the mirrored
packets when egressing the monitor port.
description Specifies a description of the named mirror instance.
mirror-desc The specified mirror description.
remote-ip Specifies to send mirrored packets to specified remote
destination IP address.
remote_ip_address Specifies the destination remote IP address for mirrored
packets.
vr Specifies a virtual router of the remote IP address.
vr_name Specifies the virtual router name. If not specified, VR of
current command context is used.
from Configures source IP address of encapsulated mirrored
packets.
source_ip_address Specifies the local source IPv4 address for encapsulated
mirrored packets.
auto-source-ip Automatically use source IP address of egress VLAN to be
used to reach remote IP address.
ping-check Configure ping health check for remote IP address.
on Only send mirrored packets to remote IP address if
periodic pings to remote IP address are successful
(default).
off Send mirrored packets to remote IP address without any
ping health check, assuming MAC address and port of next
hop IP address are static or learned.

1714 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

priority Configures a unique priority value for each redundant

remote IP address of a mirror instance.
priority_value Sets the unique priority value for the remote IP address.
The priority value must be unique for each remote IP
address in the mirror instance.
The range is from 1 (least preferred) to 100 (most preferred).
The default is 50.

Default
Disabled.

Ping health check of the remote IP address is enabled unless otherwise specified.

If a VR is not specified, the VR of the current command context is used.

The default priority value is 50.

Usage Guidelines
Use this command to create a named mirror instance with an optional description and
optional "to port" or remote IP address definitions. You can create 15 named instances
(the instance "DefaultMirror" is created automatically).

For high availability, you can add up to four redundant remote IP addresses.
When creating a mirror with this command, you can add one IP address. To
add additional remote IP addresses, use the configure mirror mirror_name {to
[port port | port-list port_list | loopback port port] | remote-ip
{add} remote_ip_address {{vr} vr_name } {from [source_ip_address | auto-
source-ip]} {ping-check [on | off]}] {remote-tag rtag | port none}
{priority priority_value}command.

Example
The following example creates a mirror instance on port 3, slot 4 :
create mirror to port 3:4

History
This command was first available in ExtremeXOS 15.3.

The remote IP address option was added in ExtremeXOS 22.4.

Redundant remote IP addresses capability was added in ExtremeXOS 30.4.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1715

create mlag peer Commands

create mlag peer

create mlag peer peer_name { authentication [ md5 key {encrypted
encrypted_auth_key | auth_key ]}] }

Description
Creates an peer switch association structure.

Syntax Description
peer_name Specifies an alpha numeric string identifying the MLAG
peer.
authentication Authentication for MLAG checkpoint connection.
md5 MD5 authentication type.
key Authentication key for checkpoint connection to the MLAG
peer.
encrypted Authentication key in in encrypted format.
auth_key Authetication key used for checkpoint connection.

Default
N/A.

Usage Guidelines
This command creates an MLAG peer switch association structure.

You must use a unique name for the peer switch. If you attempt to create an MLAG
peer with a name that already exists, the following error message is displayed:
ERROR: MLAG peer with specified name already exists

Example
The following command creates a peer switch structure switch101:
# create mlag peer switch101

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

1716 Switch Engine™ Command Reference Guide for version 32.7.1

Commands create mpls rsvp-te path

create mpls rsvp-te path

create mpls rsvp-te path path_name

Description
Creates an RSVP-TE routed path resource.

Syntax Description
path_name Identifies the path within the switch. The character string must
begin with an alphabetic character, and may contain up to 31
additional alphanumeric characters.

Default
N/A.

Usage Guidelines
This command creates an RSVP-TE path resource.

The path_name parameter must begin with an alphabetical character and may contain
alphanumeric characters and underscores (_), but it cannot contain spaces. The
maximum allowed length for a name is 32 characters. For name creation guidelines
and a list of reserved names, see Object Names in the Switch Engine 32.7.1 User Guide.

The maximum number of configurable paths is 255.

Note
The RSVP-TE LSP is not signaled along the path until an LSP is created and
then configured with the specified path_name.

Example
The following example creates an RSVP-TE path:

create mpls rsvp-te path path598

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 1717

create mpls rsvp-te lsp Commands

create mpls rsvp-te lsp

create mpls rsvp-te lsp lsp_name destination ipaddress

Description
Creates internal resources for an RSVP-TE LSP.

Syntax Description
lsp_name Specifies a name for the LSP you are creating. The character string
must begin with an alphabetic character, and may contain up to
31 additional alphanumeric characters.
ipaddress Specifies the endpoint of the LSP.

Default
N/A.

Usage Guidelines
This command creates internal resources for an RSVP-TE LSP.

The LSP name must begin with an alphabetical character and may contain
alphanumeric characters and underscores (_), but it cannot contain spaces. The
maximum allowed length for a name is 32 characters. For name creation guidelines
and a list of reserved names, see Object Names in the Switch Engine 32.7.1 User Guide.

The ipaddress specifies the endpoint of the LSP. The LSP is not signaled until a path
is specified for the LSP using the configure mpls rsvp-te lsp lsp_name add path
command. When multiple LSPs are configured to the same destination, IP traffic is
load-shared across active LSPs that have IP transport enabled. The maximum number
of RSVP-TE LSPs that can be created is 1024.

Note
The LSP must be created before it can be configured.

Example
The following command creates an RSVP-TE LSP:

create mpls rsvp-te lsp lsp598 destination 11.100.100.8

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

1718 Switch Engine™ Command Reference Guide for version 32.7.1

Commands create mpls rsvp-te profile fast-reroute

create mpls rsvp-te profile fast-reroute

create mpls rsvp-te profile profile_name fast-reroute

Description
Creates an LSP container to hold FRR configuration parameters.

Syntax Description
profile_name Specifies a name for the new RSVP-TE fast-reroute profile. The
character string must begin with an alphabetic character and
may contain up to 31 additional alphanumeric characters.

Default
N/A.

Usage Guidelines
A profile name must begin with an alphabetical character and may contain
alphanumeric characters and underscores (_), but it cannot contain spaces. The
maximum allowed length for a name is 32 characters. For name creation guidelines
and a list of reserved names, see Object Names in the Switch Engine 32.7.1 User Guide.

Example
The following command creates a new FRR profile named frrprofile:

create mpls rsvp-te profile frrprofile fast-reroute

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

create mpls rsvp-te profile

create mpls rsvp-te profile profile_name {standard}

Description
Creates configured RSVP-TE profile with the specified profile name.

Switch Engine™ Command Reference Guide for version 32.7.1 1719

Syntax Description Commands

Syntax Description
profile_name Identifies the RSVP-TE profile. The character string must begin
with an alphabetic character and may contain up to 31 additional
alphanumeric characters.
standard The standard option differentiates this command version from the
command that creates a fast-reroute profile. If you do not specify
an option, a standard RSVP-TE profile is created.

Default
N/A.

Usage Guidelines
This command creates a configured RSVP-TE profile with the specified profile name.
The default profile cannot be deleted. If a profile is associated with a configured LSP,
the profile cannot be deleted.

A profile name must begin with an alphabetical character and may contain
alphanumeric characters and underscores ( _ ), but it cannot contain spaces. The
maximum allowed length for a name is 32 characters. For name creation guidelines
and a list of reserved names, see Object Names in the Switch Engine 32.7.1 User Guide.

Example
The following command creates an RSVP-TE profile:

create mpls rsvp-te profile prof598

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

create mpls static lsp

create mpls static lsp lsp_name destination ipaddress

Description
Creates internal resources for a static LSP and assigns a name to the LSP.

1720 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
lsp_name Identifies the LSP to be created.
ipaddress Specifies the endpoint of the LSP.

Default
N/A.

Usage Guidelines
An LSP name must begin with an alphabetical character and may contain
alphanumeric characters and underscores (_), but it cannot contain spaces. The
maximum allowed length for a name is 32 characters. For name creation guidelines
and a list of reserved names, see Object Names in the Switch Engine 32.7.1 User Guide.

Example
The following command creates a static LSP:

create mpls static lsp lsp598 destination 11.100.100.8

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

create msdp mesh-group

create msdp mesh-group mesh-group-name {vr vrname}

Description
Creates an MSDP mesh-group.

Syntax Description
mesh-group-name Specifies the name for the MSDP mesh-group.
vrname Specifies the name of the virtual router to which this
command applies. If a name is not specified, it is extracted
from the current CLI context.

Switch Engine™ Command Reference Guide for version 32.7.1 1721

Default Commands

Default
N/A.

Usage Guidelines
A mesh-group is a group of MSDP peers with fully meshed MSDP connectivity. Create a
mesh-group to:
• Reduce SA message flooding.
• Simplify peer-RPF flooding.

SA messages received from a peer in a mesh-group are not forwarded to other peers in
the same mesh-group, which reduces SA message flooding.

A mesh group name must begin with an alphabetical character and may contain
alphanumeric characters and underscores ( _ ), but it cannot contain spaces. The
maximum allowed length for a name is 32 characters. For name creation guidelines
and a list of reserved names, see Object Names in the Switch Engine 32.7.1 User Guide.

Example
The following example creates a mesh-group called "verizon:":
create msdp mesh-group verizon

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

create msdp peer

create msdp peer remoteaddr {remote-as remote-AS} {vr vrname}

Description
Creates an MSDP peer.

1722 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
remoteaddr Specifies the IP address of the MSDP router to configure as an
MSDP peer.
remote-AS Specifies the autonomous system (AS) number of the MSDP peer.
This optional parameter is deprecated in ExtremeXOS 12.1, though
the option is still available in the CLI for backward compatibility. The
software ignores this parameter.
vrname Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current CLI
context.

Default
N/A.

Usage Guidelines
The BGP route database is used by MSDP to determine the AS number for the peer.
You can display the AS number (which can be a 2-byte for 4-byte AS number) using the
command:

show msdp [peer {detail} | {peer} remoteaddr] {vrvrname}.

Example
The following example creates an MSDP peer:
create msdp peer 192.168.45.43 remote-as 65001

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

create netlogin local-user

create netlogin local-user user-name {encrypted} encrypted_password |
password } {vlan-vsa [[{tagged | untagged} [vlan_name] | vlan_tag]]}
{security-profile security_profile}

Switch Engine™ Command Reference Guide for version 32.7.1 1723

Description Commands

Description
Creates a local network login user name and password.

Syntax Description
user-name Specifies a new local network login user name. User names
must have a minimum of 1 character and a maximum of 32
characters.
encrypted The encrypted option is used by the switch to encrypt the
password. Do not use this option through the command
line interface (CLI).
password Specifies a local network login user password. Passwords
must have a minimum of 0 characters and a maximum of
32 characters.
tagged Specifies that the client be added as tagged.
untagged Specifies that the client be added as untagged.
vlan_name Specifies the name of the destination VLAN.
vlan_tag Specifies the VLAN ID, tag, of the destination VLAN.
security_profile Specifies a security profile string during account creation.

Default
N/A.

Usage Guidelines
Use this command to create a local network login account and to configure the
switch to use its local database for network login authentication. This method of
authentication is useful in the following situations:
• If both the primary and secondary (if configured) RADIUS servers timeout or are
unable to respond to authentication requests.
• If no RADIUS servers are configured.
• If the RADIUS server used for network login authentication is disabled.

If any of the above conditions are met, the switch checks for a local user account and
attempts to authenticate against that local account.

Extreme Networks recommends creating a maximum of 64 local accounts. If you need

more than 64 local accounts, we recommend using RADIUS for authentication. For
more information about RADIUS authentication, see the Switch Engine 32.7.1 User
Guide.

1724 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Additional Requirements

You can also specify the destination VLAN to enter upon a successful authentication.

Note
If you do not specify a password or the keyword encrypted, you are prompted
for one.

Additional Requirements
This command applies only to the web-based and MAC-based modes of network login.
802.1X network login does not support local database authentication.

You must have administrator privileges to use this command. If you do not have
administrator privileges, the switch displays a message similar to the following:
This user does not have permissions for this command.

User names are not case-sensitive. Passwords are case-sensitive. User names must
have a minimum of 1 character and a maximum of 32 characters. Passwords must have
a minimum of 0 characters and a maximum of 32 characters. If you use RADIUS for
authentication, we recommend that you use the same user name and password for
both local authentication and RADIUS authentication.

If you attempt to create a user name with more than 32 characters, the switch displays
the following messages:
%% Invalid name detected at '^' marker. %% Name cannot exceed 32 characters.

If you attempt to create a password with more than 32 characters, the switch displays
the following message after you re-enter the password:
Password cannot exceed 32 characters

Modifying an Existing Account

To modify an existing local network login account, use the following command:
configure netlogin local-user user-name {vlan-vsa [[{tagged | untagged}
[vlan_name | vlan_tagw]] | none]}

Displaying Local Network Login Accounts

To display a list of local network login accounts on the switch, including VLAN
information, use the following command:
show netlogin local-users

Example
The following command creates a local network login user name and password:
create netlogin local-user megtest

Switch Engine™ Command Reference Guide for version 32.7.1 1725

History Commands

After you enter the local network login user name, press [Enter]. The switch prompts
you to enter a password (the switch does not display the password):
password:

After you enter the password, press [Enter]. The switch then prompts you to re-enter
the password:
Reenter password:

The following command creates a local network login user name, password, and
associates a destination VLAN with this account:
create netlogin local-user accounting vlan-vsa blue

As previously described, the switch prompts you to enter and confirm the password.

History
This command was first available in ExtremeXOS 11.2.

The vlan-vsa parameter and associated options were added in ExtremeXOS 11.3.

The security-profile parameter was added in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

create network-clock ptp

create network-clock ptp [boundary | ordinary] {domain domain_number} |
end-to-end-transparent]

Description
Creates PTP clock instance and defines the mode of operation.

Syntax Description
boundary Create the clock instance as a boundary clock.
ordinary Create the clock instance as an ordinary clock.
domain_number PTP domain number (default 0, range 0 to 255).
end-to-end- Create the clock instance as an end-to-end transparent clock.
transparent

Default
The PTP domain number defaults to 0 for boundary and ordinary clock instances.

1726 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use this command to create a PTP clock instance, and administratively configure the
mode of operation of PTP on this instance. You can provision a boundary or ordinary
clock instance to synchronize the node with another node with the most precise clock.
In boundary clock configuration, the device synchronizes with the grand-master, or
another boundary clock, and operates as a master clock for downstream nodes. In
ordinary clock configuration, the device synchronizes with the grand-master, or another
boundary clock, and acts as a slave. The ordinary clock is by default in the slave-only
mode of operation, and does not propagate the clock downstream. The ordinary clock
cannot have more than one clock port.

The end-to-end-transparent clock can be provisioned to correct for the residence delay
incurred by PTP event packets passing through the switch (referred as residence time).

Note
You can create a maximum of two clock instances in the switch—one
boundary clock and one end-to-end transparent clock, or one ordinary clock
and one end-to-end transparent clock. The boundary and ordinary clock
instances cannot be simultaneously provisioned in the switch.

After you enable a boundary clock, you cannot create an ordinary clock. However, you
can delete the boundary clock instance and create a new one in order to change
the domain number. To create an ordinary clock instance in the switch that has
the boundary clock instance enabled, delete the boundary clock instance, save the
configuration and reboot the switch. After the reboot, you can create and enable the
ordinary clock instance.

Similarly, to create and enable a boundary clock in a switch that has an ordinary clock
enabled, delete the ordinary clock instance, save the configuration and reboot the
switch. After the reboot you can create and enable a boundary clock.

The following message is displayed when you create the boundary clock instance in a
device with no prior clock instances:
Warning: The ordinary clock cannot be created after enabling the
boundary clock. A delete followed by save and reboot are required to
create the ordinary clock.

After you enable a boundary clock instance, if you delete the instance and try to create
an ordinary clock instance, the above message is displayed as an error, and the ordinary
clock instance is not created.

Example
The following command creates an ordinary clock on domain 5:

create network-clock ptp ordinary domain 5

Switch Engine™ Command Reference Guide for version 32.7.1 1727

History Commands

The following command creates a boundary clock on default domain (domain 0):

create network-clock ptp boundary domain 0

The following command creates an end-to-end transparent clock:

create network-clock ptp end-to-end-transparent

History
This command was first available in ExtremeXOS 15.1.

The ordinary clock parameter was added in ExtremeXOS 15.1 Revision 2.

Platform Availability
This command is available on the ExtremeSwitching 5520 and 5720 platforms.

create ntp key

create ntp key keyid [md5 | sha256] {encrypted encrypted_key_string |
key_string}

Description
Enables an NTP key for an NTP session.

Syntax Description
keyid Specifies the key ID as a value from 1 to 65534.
key_string Specifies an alphanumeric key string, from 5 to 20
numbers or characters, or a combination of both.
md5 Specifies MD5 authentication type. This authentication
type is not allowed when FIPS mode is on.
sha256 Specifies SHA-265 authentication type.

Default
N/A.

Usage Guidelines
N/A.

1728 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command enables an NTP key using RSA Data Security, Inc. MD5
Message-Digest Algorithm encryption on the switch:
create ntp key 1 md5 oklahoma

History
This command was first available in ExtremeXOS 12.7.

Key string length was changed to 20 in ExtremeXOS 30.3.

SHA-256 option was added in ExtremeXOS 30.4.

The md5 option is not allowed when FIPS mode is on in ExtremeXOS 30.6.

Platform Availability
This command is available on all Universal switches supported in this document.

create ospf area

create ospf area area-identifier

Description
Creates an OSPF area.

Syntax Description
area-identifier Specifies an OSPF area.

Default
Area 0.0.0.0.

Usage Guidelines
Area 0.0.0.0 does not need to be created. It exists by default.

Example
The following command creates an OSPF area:

create ospf area 1.2.3.4

Switch Engine™ Command Reference Guide for version 32.7.1 1729

History Commands

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

create ospfv3 area

create ospfv3 area area_identifier

Description
Creates an OSPFv3 area.

Syntax Description
area_identifier Specifies an OSPFv3 area, a four-byte, dotted decimal
number.

Default
Area 0.0.0.0.

Usage Guidelines
Area 0.0.0.0 does not need to be created. It exists by default.

Example
The following command creates a non-backbone OSPFv3 area:

create ospfv3 area 1.2.3.4

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

1730 Switch Engine™ Command Reference Guide for version 32.7.1

Commands create policy access-list

create policy access-list

create policy access-list list_dot_rule {matches [ {app-signature
group group name name} {ether ether {mask ether_mask}} {icmp6type
icmp6type {mask icmp6_mask}} {icmptype icmptype {mask icmp_mask}}
{ipdestsocket ipdestsocket {mask ipdest_mask}} {ipfrag} {ipproto
ipproto {mask ipproto_mask}} {ipsourcesocket ipsourcesocket {mask
ipsrc_mask}} {iptos iptos {mask iptos_mask}} {ipttl ipttl {mask
ipttl_mask} {tcpdestportIP tcpdestportIP {mask tcpdest_mask}}
{tcpsourceportIP tcpsourceportIP {mask tcpsrc_mask}} {udpdestportIP
udpdestportIP {mask udpdest_mask}} {udpsourceportIP udpsourceportIP
{mask udpsrc_mask}} ] } {actions [ {cos cos} {drop | forward}
{mirror-destination control_index} {syslog}]}

Description
Creates policy access-list match criteria.

Syntax Description
access-list Specifies access-list rule model to select multiple match
criteria per rule.
list_dot_rule Specifies the access-list name and rule name in the format
list_name.rule_name.
matches Selects up to 5 match criteria.
app-signature Associates an application signature to a policy profile.
group Associates an application signature group to a policy
profile.
group Defines the application signature group name.
name Associates an application signature name to a policy
profile.
name Defines the name assigned to the application signature
(range 1–32).
ether Selects the type field in Ethernet II packet.
ether Defines the type field in Ethernet II packet (data: 0–65535
or 0x0–0xFFFF; mask: 1–16).
mask Selects a mask.
ether_mask Selects the number of most significant bits to match data
value (range 1–16).
icmp6type Selects ICMPv6 type.code.
icmp6type Defines the ICMPv6 type.code (data: 123.456 (dotted-
decimal) or AB-CD (dashed-hexadecimal)).
icmp6_mask Specifies the number of most significant bits to match
data value (range 1–16).
icmptype Selects an ICMP type.code.

Switch Engine™ Command Reference Guide for version 32.7.1 1731

Syntax Description Commands

icmptype Specifies the ICMP type.code - (data: a.b; mask: 1-16).

icmp_mask Specifies the number of most significant bits to match
data value (range 1–16).
ipdestsocket Specifies a destination IP address with optional post-fixed
port or port-range.
ipdestsocket Defines the destination IP address with optional post-
fixed port or port-range - (data: a.b.c.d [:ab (0-65535) [-cd
(0-65535)]]; mask: 1-48,64).
ipdest_mask Specifies the number of most significant bits to match
data value (range 1–64).
ipfrag Selects IP fragmentation flag.
ipproto Specifies protocol field in IP packet.
ipproto Defines the protocol field in IP packet (data: 0–255 or
0x0-0xFF; mask: 1–8). IPv4 only (ICMP).
ipproto_mask Specifies the number of most significant bits to match the
data value (range 1–8).
ipsourcesocket Specifies the source IP address with optional post-fixed
port or port-range.
ipsourcesocket Defines the source IP address with optional post-fixed port
or port-range - (data: a.b.c.d [:ab (0–65535) [-cd (0-65535)]];
mask: 1-48, 64).
ipsrc_mask Specifies the number of most significant bits to match
data value (range 1–64).
iptos Specifies IPv4 type of service/IPv6 traffic class field.
iptos Defines the IPv4 type of service/IPv6 traffic class field (data:
0–255; mask: 1–8).
iptos_mask Specifies the number of most significant bits to match
data value (range 1–8).
ipttl Specifies IP time to live.
ipttl Defines the IP time to live (data: 0–255 or 0x0–0xFF; mask:1–
8).
ipttl_mask Specifies the number of most significant bits to match
data value (range 1–8).
tcpdestportIP Specifies TCP port/port-range destination with optional
post-fix IPv4 address.
tcpdestportIP Defines the TCP port/port-range destination with optional
post-fix IPv4 address (data: ab [-cd] [:c.d.e.f]); mask: 1–64).
tcpdest_mask Specifies the number of most significant bits to match
data value (range 1–64).
tcpsourceportIP Specifies TCP port/port-range source with optional post-fix
IPv4 address.
tcpsourceportIP Defines the TCP port/port-range source with optional post-
fix IPv4 address (data: ab [-cd] [:c.d.e.f]); mask: 1–64).

1732 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

tcpsrc_mask Specifies the number of most significant bits to match

data value (range 1–64).
udpdestportIP Specifies UDP port/port-range destination with optional
post-fix IPv4 address.
udpdestportIP Defines the UDP port/port-range destination with optional
post-fix IPv4 address (data: ab [-cd] [:c.d.e.f]); mask:1-64).
udpdest_mask Specifies the number of most significant bits to match
data value (range 1–64).
udpsourceportIP Specifies UDP port/port-range source with optional post-fix
IPv4 address.
udpsourceportIP Defines the UDP port/port-range source with optional
post-fix IPv4 address (data: ab [-cd] [:c.d.e.f]).
udpsrc_mask Specifies the number of most significant bits to match
data value (range 1–64).
actions Specifies selecting one or more actions to occur when
there is a match.
cos Specifies Class of Service (CoS) as an action.
cos Defines the CoS (0–255), or -1 for no CoS, or CoS with
no forwarding behavior to remove the existing forwarding
settings.
drop Specifies dropping any packets that match this rule.
forward Specifies forwarding any packets that match this rule.
mirror-destination Specifies mirroring any packets that match this rule.
control_index Defines which mirror destination control index (1–4).
syslog Enables, disables, or prohibits Syslog using event
Policy.LogRuleHit on first rule use.

Default
N/A.

Usage Guidelines
To use this command, the policy rule model must be set to access-list (use command
configure policy rule-model [access-list | hierarchical]).

The following combinations are not allowed:

• ipfrag with icmp, tcp, udp or ip with port rules
• tcp/udp source rules with ipSrc rule with port
• tcp/udp rules dest rule with ipDest rule with port
• icmp with tcp, udp or ip with port rules

Switch Engine™ Command Reference Guide for version 32.7.1 1733

Example Commands

Example
The following example creates the policy access list "ACL1.ace3" with match criteria of IP
source address "10.1.1.1" and mask "32" with the action to forward with Class of Service
level "2":
# create policy access-list ACL1.ace3 matches ipsource 10.1.1.1 mask 32 actions forward
cos 2

History
This command was first available in ExtremeXOS 30.5.

Platform Availability
This command is available on all Universal switches supported in this document.

create policy access-list action-set

create policy access-list action-set set-id [{drop | forward} {cos cos}
{mirror-destination control_index} {syslog}]

Description
Creates a pre-defined set for use in RADIUS Change of Authorization (CoA) and
Extreme Dynamic ACL via Radius VSA 232.

Syntax Description
access-list Specifies access-list features.
action-set Defines a set of actions that can be applied to multiple sets
of match conditions.
set-id Identifies the global action-set ID (range 1–63).
drop Specifies dropping any packets that match this rule.
forward Specifies forwarding any packets that match this rule.
cos Specifies setting Class of Service (CoS).
cos Specifies the CoS value: 0–255, or -1 for no CoS, or CoS with
no forwarding behavior to remove forwarding behavior.
mirror-destination Specifies setting a mirror destination control index.
control_index Specifies setting the mirror destination control index (1–4).
syslog Specifies Syslog logging using event Policy.LogRuleHit
when first rule use occurs.

Default
N/A.

1734 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
You can view your configurations made with this command using the show policy
access-list action-set {set_id} command.

Example
The following example creates an action set "1" with CoS level of 3 and Syslog behavior:
# create policy access-list action-set 1 cos 3 syslog

This command will be accepted only if the mode is set to access-list and slices must
be shared by entering the command configure policy slices shared 2 and
configure policy slices tci-overwrite 2.

History
This command was first available in ExtremeXOS 30.5.

Platform Availability
This command is available on all Universal switches supported in this document.

create ports group

create ports group port_group

Description
This command creates a generic port-group name that can be associated with a list of
ports. The port_group option could be implemented in configure or show commands
that currently accept a port_list. The QoS commands are expanded to accept the
port_group option. QoS commands that use port groups are updated automatically if
the ports group is removed or if ports are added or removed from the group.

Syntax Description
port_group Specifies a port group name.

Default
N/A.

Usage Guidelines
Use this command to create a generic port-group name to be associated with a list of
ports.

Switch Engine™ Command Reference Guide for version 32.7.1 1735

Example Commands

Example
create ports group testGroup

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

create private-vlan
create private-vlan name {vr vr_name}

Description
Creates a PVLAN framework with the specified name.

Syntax Description
name Specifies a name for the new PVLAN.
vr_name Specifies the VR in which the PVLAN is created.

Default
N/A.

Usage Guidelines
The PVLAN is a framework that links network and subscriber VLANs; it is not an actual
VLAN.

A private VLAN name must begin with an alphabetical character and may contain
alphanumeric characters and underscores ( _ ), but it cannot contain spaces. The
maximum allowed length for a name is 32 characters. For private VLAN naming
guidelines and a list of reserved names, see Object Names in the Switch Engine 32.7.1
User Guide.

If no VR is specified, the PVLAN is created in the default VR context.

Example
The following example creates a PVLAN named "companyx":
create private-vlan companyx

1736 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all platforms that support the Private VLAN feature. For
features and the platforms that support them, see the Switch Engine 32.7.1 Feature
License Requirements document.

create process executable

create process name executable exe {start [auto | on-demand]} {node
node} {vr vr-name} {description description} {arg1 {arg2 { arg3
{ arg4 { arg5 { arg6 { arg7 { arg8 { arg9 }}}}}}}}}

Description
Adds a C executable process compiled using the C-based SDK.

Syntax Description
process User application process.
name Name of the user application process. Range 1-31.
executable Executable.
exe Name of the executable relative to /usr/local/cfg.
start Startup behavior.
auto Create a daemon process and start it immediately
on-demand Create a run-to-completion process and use \"start
process\.
node Node in stack in which to create the process.
node Primary node, backup node, or both (default is primary).
vr Virtual router in which to start the process.
vr-name Virtual router name (Default is VR-Mgmt).
description Description.
arg1-9 Variable value.

Default
VR-Mgmt is the default VR used if not specified.

If no selection is made, the process runs on-demand.

If no node is selected, the default is the primary node.

Switch Engine™ Command Reference Guide for version 32.7.1 1737

Usage Guidelines Commands

Usage Guidelines
The executable must be uploaded to /usr/local/cfg using the normal mechanisms
(for example, TFTP).

Fields are provided by the user and passed directly into an epmrc entry. Not all epmrc
fields are available.

This command adds C executable processes. To add a Python module, use the create
process python-module on page 1738 command.

A process must first exist on the primary node if you are creating it only on the backup
node, If a process already exists on the primary node, you cannot create it on both the
primary and secondary node. Also, if the backup node is down, a new process cannot
be created on it.

Example
create process foo_userd executable foobard start auto vr VR-Default description “Run
foobard on the default VR” “arg1” “arg2 with spaces”

The following error is displayed if an attempt is made to create a process with an invalid
name:
Error: Process name %s is invalid. Process names must begin with a letter, contain only
alphanumeric and
“_” characters, and be less than 32 characters long.

History
This command was first available in ExtremeXOS 15.7.

Platform Availability
This command is available on all Universal switches supported in this document.

create process python-module

create process name python-module python-module {start [auto | on-
demand]} {node node} {vr vr-name} {description description} {arg1
{arg2 {arg3 {arg4 {arg5 {arg6 {arg7 {arg8 {arg9}}}}}}}}}

Description
Adds a Python module process.

Syntax Description
process User application process.
name Name of the user application process. Range 1-31.

1738 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

python-module The Python module to import and run.

python-module The module relative to /usr/local/cfg.
start Startup behavior.
auto Create a daemon process and start it immediately.
on-demand Create a run-to-completion process and use \start
process\.
node Node in stack in which to create the process.
node Primary node, backup node, or both (default is primary).
vr Virtual router in which to start the process.
vr-name Virtual router name.
description Description.
arg1-9 Variable value.

Default
VR-Mgmt is the default VR used if not specified.

If no selection is made, the process runs on-demand.

If no node is selected, the default is the primary node.

Usage Guidelines
The executable must be uploaded to /usr/local/cfg using the normal mechanisms
(for example, TFTP).

From EPM’s perspective, a Python-based process is an instance of the “expy”

executable with some arguments, namely the Python module.

This command adds a Python module. To add a C executable processes, use the create
process executable on page 1737 command.

A process must first exist on the primary node if you are creating it only on the backup
node, If a process already exists on the primary node, you cannot create it on both the
primary and secondary node. Also, if the backup node is down, a new process cannot
be created on it.

Example
The following are examples of create process python-module commands.
python-module foo_program start auto vr vr-default
create process foo_user1 python-module “foo.run” “arg1 to foo.main”
create process foo_user2 python-module “foo.noargs.needed”
create process foo_user3 python-module “foo.daemon” start auto “arg1 to foo.main”

Switch Engine™ Command Reference Guide for version 32.7.1 1739

History Commands

The following error is displayed if an attempt is made to create a process with an invalid
name:
Error: Process name %s is invalid. Process names must begin with a letter, contain only
alphanumeric and
“_” characters, and be less than 32 characters long.

History
This command was first available in ExtremeXOS 15.7.

Platform Availability
This command is available on all Universal switches supported in this document.

create protocol
create protocol {filter} filter_name

Description
Creates a user-defined protocol filter.

Syntax Description
filter Specifies a protocol filter.
filter_name Specifies a protocol filter name. The protocol filter name
can have a maximum of 31 characters.

Default
N/A.

Usage Guidelines
Protocol-based VLANs enable you to define packet filters that the switch can use as the
matching criteria to determine if a particular packet belongs to a particular VLAN.

After you create the protocol, you must configure it using the configure protocol
command. To assign it to a VLAN, use the configure {vlan} vlan_name protocol
{filter} filter_name command.

Example
The following command creates a protocol named "my_filter", and a protocol filter
named "my_other_filter":

create protocol “my_filter”

create protocol filter “my_other_filter”

1740 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 10.1.

The filter keyword was added in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

create qosprofile
create qosprofile [QP2| QP3 | QP4 | QP5 | QP6 | QP7]

Description
Creates a QoS profile.

Syntax Description
QP2....QP7 Specifies the QoS profile you want to create.

Default
N/A.

Usage Guidelines
ExtremeSwitching series switches allow dynamic creation and deletion of QoS profiles
QP2 to QP7. Creating a QoS profile dynamically does not cause loss of traffic.

QoS profiles QP1 and QP8 are part of the default configuration and cannot be deleted.
You must create a QoS profile in the range of QP2 to QP7 before you can configure it or
assign it to traffic groups.

Qos profile QP7 cannot be created in a SummitStack; this queue is reserved for control
traffic.

Note
The sFlow application uses QP2 to sample traffic on SummitStack and
ExtremeSwitching series switches; any traffic grouping using QP2 can
encounter unexpected results when sFlow is enabled on these specific devices.

Example
The following command creates QoS profile QP3:

create qosprofile qp3

Switch Engine™ Command Reference Guide for version 32.7.1 1741

History Commands

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

create sshd2 key-file

create sshd2 key-file {host-key | user-key} key_name

Description
Creates a file for the user-key or host-key.

Syntax Description
host-key Specifies the name of the host-key.
user-key Specifies the name of the user-key.
key_name Specifies the name of the public key.

Default
N/A.

Usage Guidelines
This command is used to write the user or the host public key in a file. The key files will
be created with a .ssh file extension; this enables the administrator to copy the public
key files to another server.

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

create sshd2 user-key

create sshd2 user-key key_name key {subject subject} {comment comment}

Description
Creates a user key.

1742 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
key_name Specifies the name of the public key.
key Specifies the key.
Note: The key cannot have any spaces in it.
subject Specifies the subject.
comment Specifies the comment (an optional field).

Default
N/A.

Usage Guidelines
This command is used to enter, or cut and paste, your public key. You can also enter
the public key into the switch by using the SCP or SFTP client that is connected to the
switch.

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

create stpd
create stpd stpd_name {description stpd-description}

Description
Creates a user-defined STPD.

Syntax Description
stpd_name Specifies a user-defined STPD name to be created. May be
up to 32 characters in length.
stpd-description Specifies an STP domain description string.

Default
The default device configuration contains a single STPD called s0.

Switch Engine™ Command Reference Guide for version 32.7.1 1743

Usage Guidelines Commands

When an STPD is created, the STPD has the following default parameters:
• State—disabled.
• StpdID—none.
• Assigned VLANs—none.
• Bridge priority—32,768.
• Maximum BPDU age—20 seconds.
• Hello time—2 seconds.
• Forward delay—15 seconds.
• Operational mode—802.1D.
• Rapid Root Failover—disabled.
• Default Binding Mode (encapsulation mode)—Ports in the default STPD (s0) are in
802.1d mode. Ports in user-created STPDs are in emistp mode.
• Maximum hop count (when configured for MSTP)—20 hops.
• STP domain description string—empty.

Usage Guidelines
The maximum length for a name is 32 characters. Names can contain alphanumeric
characters and underscores ( _ ) but cannot be any reserved keywords, for example, stp
or stpd. Names must start with an alphabetical character, for example, a, Z. For name
creation guidelines and a list of reserved names, see Object Names on page 12.

Each STPD name must be unique and cannot duplicate any other named STPDs on the
switch. If you are uncertain about the STPD names on the switch, use the show stpd
command to view the STPD names.

You can, however, re-use names across multiple categories of switch configuration. For
example, you can use the name Test for an STPD and a VLAN. If you use the same
name, we recommend that you specify the appropriate keyword when configuring the
STPD. If you do not specify the appropriate keyword, the switch displays a message
similar to the following:
%% Ambiguous command: "configure Test"

To view the names of the STPDs on the switch, enter configure and press [Tab]. Scroll to
the end of the output to view the names.

The maximum length for an STPD description is 180 characters. The description must
be in quotes if the string contains any spaces. To display the description, use the show
stpd stpd_name command.

Each STPD has its own Root Bridge and active path. After the STPD is created, one or
more VLANs can be assigned to it.

1744 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example creates an STPD named purple_st:
create stpd purple_st

History
This command was first available in ExtremeXOS 10.1.

The STPD description option was added in ExtremeXOS 12.4.4.

Platform Availability
This command is available on all Universal switches supported in this document.

create tunnel 6to4

create tunnel tunnel_name 6to4 source source-address

Description
Creates an IPv6-to-IPv4 (6to4) tunnel.

Syntax Description
tunnel_name Specifies an IPv6 tunnel.
source-address Specifies an IPv4 address for the tunnel.

Default
N/A.

Usage Guidelines
This command will create a new IPv6-to-IPv4 (also known as a 6to4 tunnel), and add it
to the system. Only one 6to4 tunnel can be configured on any particular VR.

The tunnel name must be unique and cannot overlap the same name space as VLANs,
other tunnels, or VRs. The name must begin with an alphabetical character and may
contain alphanumeric characters and underscores ( _ ), but it cannot contain spaces.
The maximum allowed lengthfor a name is 32 characters. For name creation guidelines
and a list of reserved names, see Object Names in the Switch Engine 32.7.1 User Guide.

The source address of the tunnel must be one of the IPv4 addresses already configured
on the switch. You cannot remove an IPv4 address from the switch if a tunnel that uses
it still exists.

Switch Engine™ Command Reference Guide for version 32.7.1 1745

Example Commands

Example
The following example creates the 6to4 tunnel "link35" with source address 192.168.10.1:
create tunnel link35 6to4 source 192.168.10.1

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 interworking feature in
the Switch Engine 32.7.1 Feature License Requirements document.

create tunnel gre destination source

create tunnel tunnel_name gre destination destination-address source
source-address {vr vr_name} {payload-vr payload_vr_name}

Description
Allows you to add a GRE tunnel. This command is in-line with adding an ipv6-in-ipv4
tunnel.

Syntax Description
gre Generic Routing Encapsulation tunnel.
destination-address IPv4 destination address of the tunnel.
source-address IPv4 source address of the tunnel.
vr Specifies configuring the tunnel on specific VR.
vr_name Specifies which VR to configure the tunnel on. This VR
if the VR of the tunnel itself, where source-address is
configured. It is the underlay/delivery. This is the source
outer IP address. The default is the VR of the current
context.
payload-vr Specifies a tunnel payload VR (VR of the tunnel interface).
payload_vr_name Specifies the tunnel payload VR name. It is the VR of the
L3 interface of the tunnel, that is, the payload/overlay. The
default is the VR of the tunnel.

Default
No GRE tunnels exist in the system.

When adding tunnels, the VR of the current context is the default unless otherwise
specified.

1746 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

By default, the payload VR is the VR of the tunnel.

Usage Guidelines
Use this command to add a GRE tunnel.

Example
create tunnel myGREtunnel gre destination 10.0.0.2 source 10.0.0.1

History
This command was first available in ExtremeXOS 15.3.

Ability to configure GRE tunnels on user VRs was added in ExtremeXOS 31.3.

Platform Availability
This command is available on the platforms listed for the GRE feature in the
Switch Engine 32.7.1 Feature License Requirements document.

create tunnel ipv6-in-ipv4

create tunnel tunnel_name ipv6-in-ipv4 destination destination-address
source source-address

Description
Creates an IPv6-in-IPv4 (6in4) tunnel.

Syntax Description
tunnel_name Specifies an IPv6 tunnel.
source-address Specifies an IPv4 address for the tunnel.

Default
N/A.

Usage Guidelines
This command creates a new IPv6-in-IPv4 (otherwise known as a configured tunnel or
a 6in4 tunnel) and add it to the system. A maximum of 255 tunnels (including one 6to4
tunnel) can be configured on the system.

The tunnel name must be unique and cannot overlap the same name space as VLANs,
other tunnels, or VRs. The name must begin with an alphabetical character and may

Switch Engine™ Command Reference Guide for version 32.7.1 1747

Example Commands

contain alphanumeric characters and underscores ( _ ), but it cannot contain spaces.

The maximum allowed length for a name is 32 characters. For name creation guidelines
and a list of reserved names, see Object Names in the Switch Engine 32.7.1 User Guide.

The source address of the tunnel must be one of the IPv4 addresses already configured
on the switch. You cannot remove an IPv4 address from the switch if a tunnel is still
exists that uses it.

Example
The following example creates the 6in4 tunnel "link39" with destination address
10.10.10.10 and source address 192.168.10.15:
create tunnel link39 ipv6-in-ipv4 destination 10.10.10.10 source 192.168.10.15

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 interworking feature in
the Switch Engine 32.7.1 Feature License Requirements document.

create upm profile

create upm profile profile-name

Description
Creates a new profile of a specified type.

Syntax Description
profile-name Specifies the UPM profile to be created.

Default
N/A.

Usage Guidelines
Use this command to create a profile and name it. The maximum profile size is 5000
characters.

A UPM profile name must begin with an alphabetical character and may contain
alphanumeric characters and underscores (_), but it cannot contain spaces. The
maximum allowed length for a name is 32 characters. For name creation guidelines
and a list of reserved names, see Object Names on page 12.

1748 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

There is a limited capability to edit the profile with this command. If you enter a period
(.) as the first and the only character on a line, you terminate the editing of the file. Use
the command: edit upm profile profile-name for block mode capability.

Example
The following example shows how to create a profile named "P2":
# create upm profile p2
enable port 2:*
disable port 3:1

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the Universal Port feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

create upm timer

create upm timer timer-name

Description
Creates and names a UPM timer.

Syntax Description
timer-name Specifies the name of the UPM timer to be created.

Default
N/A.

Usage Guidelines
You can create UPM timers with a name. A profile can be associated with eight timers,
but a timer can be bound to only one profile at any point in time. You can create a
maximum of 32 timers. A name space for the timers is available to help when you are
typing the commands.

A UPM timer name must begin with an alphabetical character and may contain
alphanumeric characters and underscores ( _ ), but it cannot contain spaces. The

Switch Engine™ Command Reference Guide for version 32.7.1 1749

History Commands

maximum allowed length for a name is 32 characters. For name creation guidelines
and a list of reserved names, see Object Names in the Switch Engine 32.7.1 User Guide.

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the Universal Port feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

create virtual-network
create virtual-network vn_name {flooding [standard | explicit-remotes|
multicast {group grpipaddress]}

Description
This command creates a virtual network instance in ExtremeXOS. The virtual network
instance maps to a bridge instance within ExtremeXOS.

Syntax Description
vn_name Alphanumeric string identifying the Virtual Network to be
created.
flooding Configure flooding method for unknown-destination
frames.
standard Standard L2 flooding behavior to remote endpoints and
tenant ports.
explicit-remotes Explicitly configured flooding to remote endpoints with
standard L2 flooding to tenant ports.
multicast Multicast flooding to remote endpoints with standard L2
flooding to tenant ports.
group Configure multicast group for flooding of unknown-
destination frames.
grpipaddress IPv4 multicast group address to be used for flooding
(Automatically assigned if unspecified).

Default
Standard.

1750 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
For auto-assigning multicast groups, you must configure the following command:
configure virtual-network multicast group.

This bridge instance is not dependent on the overlay encapsulation scheme. The
virtual network name can be a maximum of 32 characters. The current restrictions
on naming objects in ExtremeXOS apply. Virtual network names are added to a new
namespace within ExtremeXOS. Virtual networks may use one of two flooding methods
for flooding to remote endpoints. The “standard” mode offers handling of unknown
destination frames very similar to standard Layer 2. The unknown destination frames
are flooded to all local ports and remote endpoints. The “explicit-remotes” mode
offers granular control of which remote endpoints receive certain types of unknown
destination frames. Different remote endpoint sets may be configured for; broadcast,
unknown unicast, and unknown multicast. These sets are configured with create fdb
and configure fdb commands

Example
The following example creates the virtual network "my_virtual_network":
create virtual-network my_virtual_network

The following example deletes the virtual network "my_virtual_network":

delete virtual-network my_virtual_network

History
This command was first available in ExtremeXOS 21.1.

Multicast flooding support was made available in ExtremeXOS 31.2.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

create virtual-network remote-endpoint vxlan ipaddress

create virtual-network remote-endpoint vxlan ipaddress ipaddress {vr
vr_name}

Description
This command creates a remote endpoint.

Switch Engine™ Command Reference Guide for version 32.7.1 1751

Syntax Description Commands

Syntax Description
ipaddress A remote endpoint IP address.
vr VR/VRF instance the remote endpoint is associated with
vr_name An existing VR/VRF name.

Default
VR-Default

Usage Guidelines
This command is useful when you want to explicitly add a remote endpoint in
addition to the ones learnt dynamically (OSPF extensions). In flood mode explicit,
you must create a remote-endpoint using this command, if the configurations on
remote-endpoint (like monitor) need to be saved to the configuration. Otherwise, the
configuration will be lost after the switch reboots.

Example
To create a remote endpoint:
create virtual-network vxlan remote-endpoint ipaddress 1.2.3.4

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

create virtual-router
To create virtual routers, use the following command:
create virtual-router vr-name {type [vrf | vpn-vrf {vr parent_vr_name}]}

To create local-only virtual routers (ExtremeSwitching 5320-24T/P and 5320-16P

only), use the following command:
create virtual-router vr-name local-only {type [vrf | vpn-vrf {vr
parent_vr_name}]}

Description
Use the create virtual-router command to create a user VR or VRF.

1752 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vr-name Virtual router name.
type Specifies the type of virtual router you are creating.
local-only Specifies local-only VR. For ExtremeSwitching 5320-24T/P
and 5320-16P series switches and stacks only.
vrf Specifies that you are creating a new L3 or IP routing
domain.
vpn-vrf Specifies that you are creating a new L3 or IP routing
domain that supports L3VPNs. Not supported on Universal
platforms.
parent_vr_name Specifies the parent VR that supports the VRF you are
creating.

Default
If no type is specified, then the default is to create a user virtual router. A virtual router
creates separate L3 Routing Domains.

If parent_vr_name parameter is not specified, the VRF will be created under the VR of
the current CLI context. The default is VR-Default.

Usage Guidelines
All VRFs are created under default VR or a user created VR. VPN-VRFs can be created in
any VR but for L3VPNs to work, VPN-VRFs should be created under a parent VR where
MPLS is configured. There is a single namespace maintained by the configuration
manager and it contains VRs and VRFs. Hence the name for a VR or a VRF must be
unique in ExtremeXOS.

A VR or VRF name must begin with an alphabetical character and may contain
alphanumeric characters and underscores ( _ ), but it cannot contain spaces. The
maximum allowed length for a name is 31 characters. The name must be unique
among the object names on the switch, and the name is case insensitive. For
information on VR and VRF name guidelines and a list of reserved names, see Object
Names in the Switch Engine 32.7.1 User Guide.

When a new VR is created, by default, no ports are assigned, no VLAN interface is

created, and no support for any routing protocols is added. A protocol process is started
in the parent VR when a protocol instance is added to a VRF. If you do not specify a VR
type, this command creates a user VR.

VRFs are supported as children of user VRs or VR-Default. If a parent_vr_name is

specified when a VRF is created, the new VRF is created under that parent, provided
that the parent supports VRFs. If no parent is specified, the VRF is assigned to the VR

Switch Engine™ Command Reference Guide for version 32.7.1 1753

Example Commands

for the current VR context, or to VR-Default if the current VR context does not support
VRFs.

Note
To support Layer 3 VPNs, a VPN VRF must be created under the VR that
supports MPLS. The software supports MPLS on only one VR.

You can create "local-only" virtual routers that have separate logical IP lookup tables
used only for IP packets to or from the switch's local IP addresses. This feature is only
applicable for ExtremeSwitching 5320-24T/24P series switches and stacks with these
switches. All other platforms support separate logical IP lookup tables in hardware, so
"local-only" is not specified.

Example
The following example creates the VR "vr-acme":
create virtual-router vr-acme

The following example creates the non-VPN VRF vrf1:

create virtual-router vrf1 type vrf

The following example creates the local-only VR "vrl" (on 5320-24T/P and 5320-16P series
switches only):
create virtual-router vr1 local-only

History
This command was first available in ExtremeXOS 11.0.

Support for non-VPNVRFs was added in ExtremeXOS 12.5.

Support for VPN VRFs was added in ExtremeXOS 12.6.0-BGP.

Support for L3 VPN VRFs was added in ExtremeXOS 15.3.

Support for local-only VRs was added in ExtremeXOS 22.6.

Platform Availability
This command is available on all Universal switches supported in this document.

create vlan
create vlan [ vlan_name {tag tag} | vlan_list ] {description vlan-
description } {vr name }

Description
Creates a named VLAN.

1754 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan_name Specifies a VLAN name (up to 32 characters).
vlan_list Specifies a VLAN list of IDs.
tag Specifies a value to use as an 802.1Q tag. The valid range is from 2 to
4095.
vlan- Specifies a VLAN description (up to 64 characters) that appears in
description show vlan commands and can be read from the ifAlias MIB object for
the VLAN.
name Specifies a VR or virtual routing and forwarding (VRF) instance in
which to create the VLAN.

Note: User-created VRs are supported only on the platforms listed for
this feature in the Switch Engine 32.7.1 Feature License Requirements
document. On switches that do not support user-created VRs, all
VLANs are created in VR-Default and cannot be moved.

Default
A VLAN named Default exists on all new or initialized Extreme switches:
• It initially contains all ports on a new or initialized switch, except for the
management port(s), if there are any.
• It has an 802.1Q tag of 1.
• The default VLAN is untagged on all ports.
• It uses protocol filter any.

A VLAN named Mgmt exists on switches that have management ports:

• It initially contains the management port(s) the switch.
• It is assigned the next available internal VLANid as an 802.1Q tag.

If you do not specify the VR, the VLAN is created in the current VR.

If the VLAN description contains one or more space characters, you must enclose the
complete name in double quotation marks.

Usage Guidelines
A newly-created VLAN has no member ports, is untagged, and uses protocol filter any
until you configure it otherwise. Use the various configure vlan commands to configure
the VLAN to your needs.

Internal VLANids are assigned automatically using the next available VLANid starting
from the high end (4094) of the range.

The VLAN name can include up to 32 characters. VLAN names must begin with an
alphabetical letter, and only alphanumeric, underscore ( _ ), and hyphen (-) characters
are allowed in the remainder of the name. VLAN names cannot match reserved

Switch Engine™ Command Reference Guide for version 32.7.1 1755

Example Commands

keywords. For more information on VLAN name requirements and a list of reserved
keywords, see Object Names in the Switch Engine 32.7.1 User Guide.

Note
If you use the same name across categories (for example, STPD and EAPS
names), we recommend that you specify the identifying keyword as well as the
actual name. If you do not use the keyword, the system may return an error
message.

VLAN names are locally significant. That is, VLAN names used on one switch are only
meaningful to that switch. If another switch is connected to it, the VLAN names have
no significance to the other switch.

You must use mutually exclusive names for:

• VLANs
• VMANs
• Ipv6 tunnels
• BVLANs
• SVLANs
• CVLANs

Note
The VLAN description is stored in the ifAlias MIB object.

If you do not specify a VR when you create a VLAN, the system creates that VLAN in
the default VR (VR-Default). The management VLAN is always in the management VR
(VR-Mgmt).

Once you create VRs, ExtremeXOS allows you to designate one of these as the domain
in which all your subsequent configuration commands, including VLAN commands,
are applied. If you create VRs, ensure that you are creating the VLANs in the desired
virtual-router domain.

Note
User-created VRs are supported only on the platforms listed for this feature
in the Switch Engine 32.7.1 Feature License Requirements document.. On
switches that do not support user-created VRs, all VLANs are created in VR-
Default and cannot be moved.

Example
The following example creates a VLAN named accounting on the current VR:
create vlan accounting description "Accounting Dept"

History
This command was first available in ExtremeXOS 10.1.

1756 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

The vr option was added in ExtremeXOS 11.0.

The vlan-description option was added in ExtremeXOS 12.4.4.

The vlan_list variable was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

create vm image
create vm vm_name image image_file {memory memory_size} {cpus num_cpus}
{slot slot_ID}{vnc [none | vnc_display]}

Description
Creates a guest virtual machine (VM) from a disk image file.

Syntax Description
vm Designates creating a virtual machine.
vm_name Specifies the VM name.
image Designates using a disk image file to create the VM.
image_file Specifies the disk image file to use in qcow2 or any QEMU-
supported (including VMDK) format.
memory Designates specifying the amount of RAM allocated to the
VM.
memory_size Specifies the amount of RAM (in MB) allocated to the VM.
The default is 4,096.
cpus Designates specifying the number of CPUs to allocate to
the VM.
num_cpus Specifies the number of CPUs to allocate to the VM. Range
is 1–2. The default is 1.
slot Specifies assigning the VM to run on a slot.
slot_ID Specifies the slot number that the VM will run on.
vnc Specifies providing a display number for VNC access.
none Disables VNC access (default).
vnc_display Specifies the VNC screen number. Range is 0–15.

Default
The default memory size to run the VM on is 4,096 MB.

The default number of CPUs to allocate to the VM is one.

Switch Engine™ Command Reference Guide for version 32.7.1 1757

Usage Guidelines Commands

By default, VNC access is disabled.

Usage Guidelines
The disk image must be a qcow2 or any QEMU-compatible file.

If the VM storage device has not been initialized when this command is run, you are
prompted to run the clear vm storage command to initiate partitioning, file system
creation, and initialization of the file/directory structure on the device.

The Integrated Application Hosting (IAH) feature requires the Solid State Storage
Device SSD-120.

For the VNC display number (or screen number), you can use the values from 0 to 15.
These correspond to TCP ports 5,900 to 5,915. Multiple VMs can be configured with the
same VNC display, but VMs configured with the same display number cannot run at
the same time. A VM cannot be started if the VNC port is already in use. For security
reasons, the VNC display is only accessible using SSH tunnel. VNC cannot be configured
on non-primary stack nodes.

Example
The following example creates a VM called "vm1" with disk image file "my_file" with
2,000 MB as the amount of RAM allocated to the VM:
# create vm vm1 image my_file memory 2000

History
This command was first available in ExtremeXOS 30.3.

VMDK format support was added in ExtremeXOS 30.4.

VNC capability and support for any QEMU-compatible disk was added in ExtremeXOS
30.5.

Stacking support was added in ExtremeXOS 30.6.

Platform Availability
This command is available on all platforms that support the Integrated Application
Hosting (IAH) feature and have a Core or Premier license installed. For a list of platforms
that support the IAH feature and for information about licenses, see the Switch Engine
32.7.1 Feature License Requirements.

create vm ova
create vm vm_name ova ova_file {memory memory_size} {cpus num_cpus}
{slot slot_ID} {vnc [none | vnc_display]}

1758 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Creates a guest virtual machine (VM) from an Open Virtual Appliance (OVA) file.

Syntax Description
vm Designates creating a virtual machine.
vm_name Specifies the VM name.
ova Designates using an OVA file to create the VM.
ova_file Specifies the OVA file to use.
memory Designates specifying the amount of RAM allocated to the
VM.
memory_size Specifies the amount of RAM (in MB) allocated to the VM.
The default is 4,096.
cpus Designates specifying the number of CPUs to allocate to
the VM.
num_cpus Specifies the number of CPUs to allocate to the VM. Range
is 1–2. The default is 1.

slot Specifies assigning the VM to run on a slot.

slot_ID Specifies the slot number that the VM will run on.
vnc Specifies providing a display number for VNC access.
none Disables VNC access (default).
vnc_display Specifies the VNC screen number. Range is 0–15.

Default
The default memory size to run the VM on is 4,096 MB.

The default number of CPUs to allocate to the VM is one.

By default, VNC access is disabled.

Usage Guidelines
If the VM storage device has not been initialized when this command is run, you are
prompted to run the clear vm storage command to initiate partitioning, file system
creation, and initialization of the file/directory structure on the device.

Compatibility issues may occur when using third-party OVA files. The image format
qcow2 is generally more reliable.

The Integrated Application Hosting (IAH) feature requires the Solid State Storage
Device SSD-120.

For the VNC display number (or screen number), you can use the values from 0 to 15.
These correspond to TCP ports 5,900 to 5,915. Multiple VMs can be configured with the

Switch Engine™ Command Reference Guide for version 32.7.1 1759

Example Commands

same VNC display, but VMs configured with the same display number cannot run at
the same time. A VM cannot be started if the VNC port is already in use. For security
reasons, the VNC display is only accessible using SSH tunnel. VNC cannot be configured
on non-primary stack nodes.

Example
The following example creates a VM called "vm1" with OVA file "my_ova" with 2,000 MB
as the amount of RAM allocated to the VM:
# create vm vm1 ova my_ova memory 2000

History
This command was first available in ExtremeXOS 30.3.

VNC capability was added in ExtremeXOS 30.5.

Stacking support was added in ExtremeXOS 30.6.

Platform Availability
This command is available on all platforms that support the Integrated Application
Hosting (IAH) feature and have a Core or Premier license installed. For a list of platforms
that support the IAH feature and for information about licenses, see the Switch Engine
32.7.1 Feature License Requirements.

create vman
create vman [vman-name | vman_list] {learning-domain} {vr vr_name}

Description
Creates a VMAN.

Syntax Description
vman-name Specifies a VMAN name using up to 32 characters.
vman_list Specifies the VMAN tag range or VMAN Tag List (Ex: 2-4 or
2,3).
learning-domain Specifies that this VMAN is a learning domain, which
supports inter-VMAN forwarding.

1760 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

vr Specifies a virtual router.

vr_name Specifies a virtual router name.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document. On switches
that do not support user-created VRs, all VLANs are created
in VR-Default and cannot be moved.

Default
N/A.

Usage Guidelines
For information on VMAN name requirements and a list of reserved keywords, see
Object Names on page 12. You must use mutually exclusive names for:
• VLANs
• VMANs
• IPv6 tunnels

The keyword learning-domain enables you to create a VMAN that serves as a learning
domain for inter-VMAN forwarding.

If you do not specify the virtual router, the VMAN is created in the current virtual router.
After you create the VMAN, you must configure the VMAN tag and add the ports that
you want.

Example
The following example creates a VMAN named "fred":
create vman fred

History
This command was first available in ExtremeXOS 11.0.

The vman_list variable was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

create vm-tracking local-vm

create vm-tracking local-vm mac-address mac {name name | ipaddress
ipaddress vpp vpp_name | vlan-tag tag {vr vr_name}}

Switch Engine™ Command Reference Guide for version 32.7.1 1761

Description Commands

Description
Creates a local VM database entry to be used for VM MAC local authentication, with
optional parameters.

Syntax Description
mac Specifies the MAC address for the VM. This must match
the MAC address configured on the VM and be unique
among the locally configure VM addresses.
name Specifies a name to represent this VM in show vm-
tracking command display.
ipaddress Specifies the IP address for the VM. This must match the
IP address configured on the VM.
vpp_name Specifies the virtual port profile to apply for the local VM.
tag VLAN tag between 1 and 4094.
vr_name Virtual router name.

Default
N/A.

Usage Guidelines
A VM name can include up to 32 characters. VM names must begin with an
alphabetical letter, and only alphanumeric, underscore ( _ ), and hyphen (-) characters
are allowed in the remainder of the name. VM names cannot match reserved keywords.
For more information on VM name requirements and a list of reserved keywords, see
Object Names.

The following command creates a VM entry named VM1 in the local VM database:
# create vm-tracking local-vm mac-address 00:E0:2B:12:34:56 name VM1

The following command creates a VM entry and assigns IP address 10.10.2.2 to the
entry:
# create vm-tracking local-vm mac-address 00:E0:2B:12:34:57 ip-address 10.10.2.2

The following command creates a VM entry and assigns VPP vpp1 to it:
# create vm-tracking local-vm mac-address 00:E0:2B:12:34:58 vpp vpp1

History
This command was first available in ExtremeXOS 12.5.

The ingress-vpp and egress-vpp options were replaced with the vpp option in
ExtremeXOS 12.6.

The vlan-tag and vr-name options were added in ExtremeXOS 15.3.

1762 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

create vm-tracking vpp

create vm-tracking vpp vpp_name

Description
Creates a Local VPP (LVPP).

Syntax Description
vpp_name Specifies a name for the new VPP.

Default
N/A.

Usage Guidelines
A VPP name can include up to 32 characters. VPP names must begin with an
alphabetical letter, and only alphanumeric, underscore (_), and hyphen (-) characters
are allowed in the remainder of the name. VPP names cannot match reserved
keywords. For more information on VPP name requirements and a list of reserved
keywords, see Object Names on page 12.

Example
The following example creates a VPP named vpp1:
# create vm-tracking vpp vpp1

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1763

create vpls fec-id-type pseudo-wire Commands

create vpls fec-id-type pseudo-wire

create vpls vpls_name fec-id-type pseudo-wire pwid

Note
This command has been replaced with the following command: create
l2vpn [vpls vpls_name | vpwsvpws_name] fec-id-type pseudo-wire
pwid .
This command is still supported for backward compatibility, but it will be
removed from a future release, so we recommend that you start using the
new command.

Description
Creates a VPLS instance with the specified vpls_name.

Syntax Description
vpls_name Identifies the VPLS within the switch (character string). The vpls_name
string must begin with an alphabetic character, and may contain up to 31
additional alphanumeric characters.
pwid Specifies a PW ID. Must be a non-zero 32-bit value that has network-wide
significance.

Default
For the VPLS dot1q tag, the default value is exclude.

Usage Guidelines
This command creates a VPLS instance with the specified vpls_name. Each VPLS
represents a separate virtual switch instance (VSI).

The vpls_name parameter must begin with an alphabetical character and may contain
alphanumeric characters and underscores ( _ ), but it cannot contain spaces. The
maximum allowed length for a name is 32 characters. For name creation guidelines
and a list of reserved names, see Object Names in the Switch Engine 32.7.1 User Guide.

Each VPLS is a member of a single VPN and each VPN may have only one associated
VPLS per switch. External to the switch, each VPN has an identifier.

Any non-zero 32-bit value that has network-wide significance can be specified for the
identifier. This pwid is used on all pseudowires in the VPLS.

Note
The switch's LSR ID must be configured before a VPLS can be created.

1764 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
This example creates a VPLS with 99 as the PW ID:

create vpls vpls1 fec-id-type pseudo-wire 99

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

create vrrp group

create vrrp group group_name

Description
This command defines a VRRP group to operate in high-scale mode.

Syntax Description
group Specifies setting up a VRRP group for high-scale mode.
group_name Specifies the VRRP group name.

Default
None.

Example
The following example creates a VRRP group called "vrrp1".
create vrrp group vrrp1

History
This command was first available in ExtremeXOS 22.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 1765

create vrrp vlan vrid Commands

create vrrp vlan vrid

create vrrp vlan [vlan_name | vlan_list] vrid [vridval | vrid_list]

Description
Creates a VRRP instance on the switch.

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vlan_list VLAN list (1–4,094).
vridval Specifies a VRID for the VRRP instance. The value can be in
the range of 1‑255.
vrid_list List of virtual router IDs (1–255).

Default
N/A.

Usage Guidelines
VRRP Router IDs can be used across multiple VLANs. You can create multiple VRRP
routers on different VLANs. VRRP router IDs need not be unique to a specific VLAN.

Note
The total number of supported VRRP router instances is dependent on the
switch hardware. For more information, see the ExtremeXOS Release Notes.

Before configuring any VRRP router parameters, you must first create the VRRP
instance on the switch. If you define VRRP parameters before creating the VRRP, you
might see an error similar to the following:

Error: VRRP VR for vlan vrrp1, vrid 1 does not exist.

Please create the VRRP VR before assigning parameters.
Configuration failed on backup MSM, command execution aborted!

If this happens, create the VRRP instance and then configure its parameters.

Example
The following command creates a VRRP router on VLAN vrrp-1, with a VRRP router ID of
1:

create vrrp vlan vrrp-1 vrid 1

1766 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 10.1.

VLAN and VR list options added in ExtremeXOS 22.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

create xml-notification target url

create xml-notification target new-target url url {vr vr_name} {user
[none | user]} {encrypted-auth encrypted-auth} {queue-size queue-
size}

Description
Creates the Web server target in the XML client.

Syntax Description
new-target Specifies a name for the target being created.
url Specifies the Web server URL.
vr_name Specifies the name of the virtual router over which the XML
client process can connect to the Web server.
user Specifies the name of the user.
encrypted-auth Specifies the encrypted user authentication string.
queue-size Specifies, in numeric format, the size of the buffer that
stores incoming events from ExtremeXOS.

Default
N/A.

Usage Guidelines
Use this command to create the Web server target in the XML client process.

Note
You cannot enter a password in the CLI directly. It is a two-step process similar
to creating a user account in ExtremeXOS.

Switch Engine™ Command Reference Guide for version 32.7.1 1767

Example Commands

Example
The following command creates a target target2 on http://10.255.129.22:8080/xos/
webservice with a queue size of 100:

create xml-notification target target2 url http://10.255.129.22:8080/xos/webservice

queue-size 100

History
This command was first available in ExtremeXOS 12.4.

The virtual router option was added in ExtremeXOS 12.4.2.

Platform Availability
This command is available on all Universal switches supported in this document.

delete access-list
delete access-list dynamic_rule

Description
Deletes a dynamic ACL.

Syntax Description
dynamic_rule Specifies the dynamic ACL name.

Default
N/A.

Usage Guidelines
This command deletes a dynamic ACL rule. Before you delete a dynamic ACL, it must
be removed from any interfaces it is applied to. Use the configure access-list delete
command to remove the ACL from an interface.

Example
The following command deletes the dynamic ACL icmp-echo:

delete access-list icmp-echo

1768 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.3.

Platform Availability
This command is available on all Universal switches supported in this document.

delete access-list network-zone

delete access-list network-zone zone_name

Description
This command is used to delete a network-zone and all configurations that belong to
that zone.

Syntax Description
zone_name Network-zone name

Default
N/A.

Usage Guidelines
Use this command to delete a network-zone and all configurations belonging to that
zone.

Example

Switch# delete access-list network-zone zone1

If the user tries to delete a network-zone that is bound with one or more policy files, the
following error message will be displayed, and the command will be rejected.

Switch # delete access-list network-zone zone1

Error: Network Zone "zone1" - Unable to delete zone. Zone has one
or more policies.

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1769

delete access-list zone Commands

delete access-list zone

delete access-list zone name

Description
Deletes an ACL zone.

Syntax Description
name Specifies the zone name.

Default
N/A.

Usage Guidelines
This command deletes an ACL zone. You must remove all applications from a zone
before you can delete the zone. To delete an application from a zone, use the command
configure access-list zone name delete application appl-name .

You cannot delete the default zones.

Example
The following command deletes the zone my_zone:

delete access-list zone my_zone

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

delete account
delete account name

Description
Deletes a specified user account.

1770 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
name Specifies a user account name.

Default
N/A.

Usage Guidelines
Use the show accounts command to determine which account you want to delete
from the system.

The show accounts output displays the following information in a tabular format:
• The user name.
• Access information associated with each user.
• User login information.
• Session information.

Depending on the software version running on your switch and the type of switch you
have, additional account information may be displayed.

You must have administrator privileges to delete a user account. The system must have
one administrator account; the command will fail if an attempt is made to delete the
last administrator account on the system.

To ensure security, change the password on the default account, but do not delete
it. The changed password will remain intact through configuration uploads and
downloads.

If you must delete the default account, first create another administrator-level account.

Example
The following command deletes account John2:

delete account John2

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1771

delete auto-peering Commands

delete auto-peering
delete auto-peering

Description
This command deletes auto-peering (either OSPF or BGP), removing all of the auto-
peering configuration. This command deletes the VLAN list, loopback, and BGP
configuration created with enabling auto-peering.

Syntax Description
This command has no arguments or variables.

Default
N/A

Usage Guidelines
Important
Deleting auto-peering when executed on a large leaf-spine topology causes
massive change in the network with many route withdrawals and updates.

Example
The following example deletes auto-peering:
# delete auto-peering

History
This command was first available in ExtremeXOS 22.5.

Ability to delete OSPFv2 Auto-peering was added in ExtremeXOS 30.6.

Platform Availability
This command is available on all Universal switches supported in this document.

This feature requires the Advanced Edge license. For more information about licenses,
see the Switch Engine 32.7.1 Feature License Requirements.

delete bgp evpn instance

delete bgp evpn instance evpn_instance_name

1772 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Deletes an EVPN instance.

Syntax Description
bgp BGP capability.
evpn EVPN protocol.
instance Specifies deleting an EVPN instance.
evpn_instance_name Name of the EVPN instance.

Default
N/A.

Example
The following example deletes an EVPN instance named "my_evpn":
# delete bgp evpn instance my_evpn

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature,see the Switch Engine 32.7.1
Feature License Requirements document.

delete bgp neighbor

delete bgp neighbor [remoteaddr | all]

Description
Deletes one or all BGP neighbors.

Syntax Description
remoteaddr Specifies the IPv4 or IPv6 address of the BGP neighbor to
be deleted.
all Specifies all IPv4 and IPv6 neighbors.

Switch Engine™ Command Reference Guide for version 32.7.1 1773

Default Commands

Default
N/A.

Usage Guidelines
You can use global unicast remote addresses to delete all BGP peer types. You can use
link-local remote address to delete only EBGP single-hop peers.

Example
The following command deletes the specified IPv4 BGP neighbor:

delete bgp neighbor 192.168.1.17

The following command deletes the specified IPv6 BGP neighbor:

delete bgp neighbor fe80::204:96ff:fe1e:a8f1%vlan1

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

delete bgp peer-group

delete bgp peer-group peer-group-name

Description
Deletes a peer group.

Syntax Description
peer-group-name Specifies a peer group.

1774 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
Use this command to delete a specific BGP peer group.

Example
The following command deletes the peer group named outer:

delete bgp peer-group outer

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

delete cfm domain

delete cfm domain domain

Description
Deletes the specified maintenance domain (MD) from the switch, as well as all
configuration setting related to this MD.

Syntax Description
domain Enter the name of the domain you want to delete.

Default
N/A.

Usage Guidelines
This command deletes all configuration settings related to the domain—for example, all
MAs, MIPs, and MEPs—as well as the domain itself.

Switch Engine™ Command Reference Guide for version 32.7.1 1775

Example Commands

Example
The following command deletes the domain atlanta (as well as all settings related to
this domain):

delete cfm domain atlanta

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

delete cfm segment

delete cfm segment [segment_name | all]

Description
Deletes one or all CFM segments.

Syntax Description
segment_name An alpha-numeric string identifying the segment name.
all Specifies all CFM segments.

Default
N/A.

Usage Guidelines
Use this command to delete one or all CFM segments.

Example
The following example deletes the CFM segment "segment-new":
delete cfm segment segment-new

History
This command was first available in ExtremeXOS 12.3.

1776 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

delete database
delete database database_name

Description
Deletes an Automation Edge remote VXLAN network identifier (VNI)-device database.

Syntax Description
database Deletes a remote VNI-database.
database_name Specifies the name of the database to delete.

Default
N/A.

Usage Guidelines
N/A.

Example
The following example deletes a database called "database1":
# delete database database1

History
This command was first available in ExtremeXOS 31.1 as a demonstration feature.

This command is fully supported in ExtremeXOS 31.2.

Platform Availability
This command is available on ExtremeSwitching 5420 and 5520 series switches.

delete eaps shared-port

delete eaps shared-port ports

Description
Deletes an EAPS shared port on a switch.

Switch Engine™ Command Reference Guide for version 32.7.1 1777

Syntax Description Commands

Syntax Description
ports Specifies the port number of the Common Link port.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes shared port 1:1.

delete eaps shared-port 1:1

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all platforms with the appropriate license. For complete
information about software licensing, including how to obtain and upgrade your
license and what licenses are appropriate for this feature, see the Switch Engine 32.7.1
Feature License Requirements document.

delete eaps
delete eaps name

Description
Deletes the EAPS domain with the specified name.

Syntax Description
name Specifies the name of an EAPS domain to be deleted.

Default
N/A.

1778 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
None.

Example
The following command deletes EAPS domain eaps_1:

delete eaps eaps_1

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

delete erps
delete erps ring-name

Description
Deletes an ERPS ring.

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.

Default
N/A.

Usage Guidelines
Use this command to delete an ERPS ring.

Example
The following command deletes an ERPS ring named “ring1”:

delete erps ring1

History
This command was first available in ExtremeXOS 15.1.

Switch Engine™ Command Reference Guide for version 32.7.1 1779

Platform Availability Commands

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

delete esrp
delete esrp esrpDomain

Description
Deletes the ESRP domain with the specified name.

Syntax Description
esrpDomain Specifies the name of an ESRP domain to be deleted.

Default
N/A.

Usage Guidelines
You must first disable an ESRP domain before you delete it. To disable an ESRP domain,
use the disable esrp command.

You do not have to remove the master or member VLANs from an ESRP domain before
you delete it. When you delete an ESRP domain, All VLANs are automatically removed
from the domain.

For ESRP domains configured of type VPLS-redundancy, you need to unconfigure

all associated VPLS instances from the ESRP domain using the unconfigure vpls
redundancy command before deleting the domain.

Example
The following command deletes ESRP domain esrp1 from the switch:

delete esrp esrp1

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

1780 Switch Engine™ Command Reference Guide for version 32.7.1

Commands delete fdb mac-tracking entry

delete fdb mac-tracking entry

delete fdb mac-tracking entry [mac_addr | all]

Description
Deletes a MAC address from the MAC address tracking table.

Syntax Description
mac_addr Specifies a device MAC address, using colon-separated
bytes.
all Specifies that all MAC addresses are to be deleted from the
MAC address tracking table.

Default
The MAC address tracking table is empty.

Usage Guidelines
None.

Example
The following example deletes a MAC address from the MAC address tracking table:
delete fdb mac-tracking entry 00:E0:2B:12:34:56

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is available on all Universal switches supported in this document.

delete fdb
delete fdb [all | mac_address [vlan vlan_name ] |vxlan { vr vr_name }
{ipaddress} remote_ipaddress ] | broadcast vlan vlan_name vxlan
{ vr vr_name } {ipaddress} remote_ipaddress | unknown-multicast
vlan vlan_name vxlan { vr vr_name } {ipaddress} remote_ipaddress
| unknown-unicast vlan vlan_name vxlan { vr vr_name } {ipaddress}
remote_ipaddress ]

Switch Engine™ Command Reference Guide for version 32.7.1 1781

Description Commands

Description
Deletes one or all permanent FDB entries.

Syntax Description
all Specifies all FDB entries.
mac_address Specifies a device MAC address, using colon-separated
bytes.
vlan_name Specifies the specific VLAN name.
broadcast Forwarding destination(s) for broadcast traffic.
unknown-unicast Forwarding destination(s) for unknown unicast traffic.
unknown-unicast Forwarding destination(s) for unknown multicast traffic.
vxlan The MAC address is reachable through a VXLAN Tunnel.
vr VR/VRF instance the IPv4 address is configured on.
vr_name An existing VR/VRF name.
ipaddress Configure the IP address of the remote tunnel endpoint to
which the MAC needs to be bound.
remote_ipaddress IPv4 address of the remote tunnel endpoint.

Default
N/A.

Usage Guidelines
In ExtremeXOS 21.1, this command was extended to delete a remote VTEP as a
destination to a MAC address. Three new tokens “broadcast”, “unknown-multicast” and
“unknown-unicast” have been added to this command. When you want to specify a
destination to forward all broadcast or unknown unicast traffic on that VLAN, these
token are used. For “broadcast”, “unknown-multicast” and “unknown-unicast” only
remote VTEPs (and not port_list or blackhole) can be specified in this release of
ExtremeXOS. These entries can only be created when the virtual-network is in explicit-
remote flooding mode.

Example
The following example deletes a permanent entry from the FDB:
delete fdb 00:E0:2B:12:34:56 vlan marketing

The following example deletes all permanent entries from the FDB:
delete fdb all

1782 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.0.

In ExtremeXOS 12.3, the fdb keyword was introduced as an alias to the fdbentry
keyword to avoid interference with the syntax of the MAC-Tracking feature commands.
Both keywords execute; however, the syntax helper (tab completion) does not
recognize the fdbentry keyword.

Three new tokens “broadcast”, “unknown-multicast” and “unknown-unicast” were

added to this command in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

delete flow-redirect
delete flow-redirect flow_redirect_name

Description
Deletes the named flow redirection policy.

Syntax Description
flow_redirect_name Specifies the name of the flow redirection policy.

Default
N/A.

Usage Guidelines
Use this command to delete a named flow-redirection policy. Before it can be deleted,
all nexthop information must be deleted, otherwise an error message is displayed.

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

delete flowmon collector

delete flowmon collector collector_name

Switch Engine™ Command Reference Guide for version 32.7.1 1783

Description Commands

Description
Deletes a Flow Monitor collector.

Syntax Description
collector Specifies to send flow information to a collector.
collector_name Specifies the name of the created collector. Range is 32
characters.

Default
N/A.

Usage Guidelines
The system will reject any attempt to delete a collector that does not exist.

Example
The following command deletes a collector with the name 'src-ipv4-address':
# delete flowmon collector src-ipv4-address

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on ExtremeSwitching 5520, 5420, and 5720 series switches.

delete flowmon group

delete flowmon group group_name

Description
Deletes a Flow Monitor group.

Syntax Description
group Specifies the Flow Monitor group.
group_name Specifies the assigned name of the Flow Monitor group.
Range is 32 characters.

1784 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
An enabled group can't be deleted and the system will reject any attempt to do so.
Groups must be disabled before deleting.

The system will also reject any attempt to delete a group that does not already exist.

Example
The following command deletes a group with the name 'max-flow-age':
# delete flowmon group max-flow-age

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on ExtremeSwitching 5520, 5420, and 5720 series switches.

delete flowmon key

delete flowmon key key_name

Description
Deletes a Flow Monitor key.

Syntax Description
key Specifies the Flow Monitor key.
key_name Specifies the assigned name of the Flow Monitor key.
Range is 32 characters.

Default
N/A.

Usage Guidelines
If a key has been added to a group and the delete command is used, the key is
automatically deleted from the group. The related template key is disassociated and
only deleted when there are no more keys or groups referencing it.

Switch Engine™ Command Reference Guide for version 32.7.1 1785

Example Commands

The system will reject any attempt to delete a key that does not already exist.

Example
The following command deletes a key with the name 'src-ipv4-addr':
# delete flowmon key src-ipv4-addr

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on ExtremeSwitching 5520, 5420, and 5720 series switches.

delete identity-management role

delete identity-management role {role_name | all}

Description
Deletes one or all roles.

Syntax Description
role_name Specifies a name of an existing role to delete.
all Specifies that all roles are to be deleted.

Default
N/A.

Usage Guidelines
Any policy applied to users of a deleted role gets reverted. The users are placed under
one of the other roles based on their attributes. Parent and child relationships to other
roles are also deleted. For example, all child roles under the deleted role become
orphans and hence they and their descendants no longer inherit the policies of the
deleted role.

Example
The following example deletes the role named India-Engr:

* Switch.99 # delete identity-management role "India-Engr"

1786 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

delete instant-port profile

delete instant-port profile profile_name

Description
Deletes an instant-port profile.

Syntax Description
profile_name Specifies the name of the instant port profile to delete.

Default
None.

Usage Guidelines
Use this command to delete an instant port profile.

Example
The following example deletes the instant port profile named “my-profile”:

delete instant-port profile my-profile

History
This command was first available in ExtremeXOS 32.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

delete ip nat rule

delete ip nat rule rule_name

Switch Engine™ Command Reference Guide for version 32.7.1 1787

Description Commands

Description
Deletes an IP Network Address Translation (NAT) rule.

Syntax Description
ip Specifies Internet Protocol (IP).
nat Specifies NAT.
rule Specifies deleting a NAT rule.
rule_name Specifies the NAT rule name to delete.

Default
N/A.

Usage Guidelines
To create a rule, run the command create ip nat rule rule_name type [ source-
nat | napt | destination-napt].

Example
The following example deletes the NAT rule named "rule1"
# delete ip nat rule rule1

History
This command was first available in ExtremeXOS 31.2.

Platform Availability
This command is available on the switches that support the IP NAT feature.
For information about which switches support this and other features, see the
Switch Engine 32.7.1 Feature License Requirements document.

delete isis area

delete isis area [all | area_name]

Description
This command disables and deletes the specified IS-IS router process in the current
virtual router.

1788 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
all Deletes all IS-IS router processes.
area_name Specifies the name of the IS-IS router process to be
deleted.

Default
None.

Usage Guidelines
All configuration for the specified router is lost. All routes learned from this router
process are purged from the routing tables.

Example
The following command deletes the IS-IS process named areax:

delete isis area areax

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

delete keychain
delete keychain keychain_name

Description
This command deletes a keychain.

Syntax Description
keychain_name Defines a name for the keychain. The range is 1-31.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 1789

Usage Guidelines Commands

Usage Guidelines
Use this command to delete a key from the keychain.

Example
The following command deletes a keychain:

delete keychain ospfv3-keys

History
This command was first available in ExtremeXOS 31.3.

Platform Availability
This command is available on all Universal switches supported in this document.

delete l2pt profile

delete l2pt profile profile_name

Description
Deletes an L2PT profile.

Syntax Description
l2pt Deletes a Layer 2 protocol tunneling profile.
profile Profile that defines L2PT configuration for L2 protocols.
profile_name Specifies a profile name (maximum 32 characters).

Default
Disabled.

Usage Guidelines
Use this command to delete an L2PT profile.

Example
The following example deletes my_l2pt_prof that is currently in use by a service:
delete l2pt profile my_l2pt_prof

1790 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The following example deletes my_l2pt_prof that is not associated with any service:
delete l2pt profile my_l2pt_prof

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

delete l2vpn
delete l2vpn [vpls [vpls_name | all] | vpws [vpws_name | all]]

Description
Deletes the specified VPLS or VPWS.

Syntax Description
vpls_nam Identifies the VPLS within the switch (character string).
e
vpws_nam Identifies the VPWS within the switch (character string).
e
all Specifies all VPLS or VPWS instances.

Default
N/A.

Usage Guidelines
All PWs established to VPLS or VPWS peers are terminated.

The l2vpn keyword is introduced in ExtremeXOS Release 12.4 and is required when
deleting a VPWS. For backward compatibility, the l2vpn keyword is optional when
deleting a VPLS. However, this keyword will be required in a future release, so we
recommend that you use this keyword for new configurations and scripts.

Example
This commands deletes the VPLS myvpls:

delete vpls myvpls

Switch Engine™ Command Reference Guide for version 32.7.1 1791

History Commands

This commands deletes the VPWS myvpws:

delete l2vpn vpws myvpws

History
This command was first available in ExtremeXOS 11.6.

The l2vpn and vpws keywords were first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

delete ldap domain

delete ldap domain [domain_name | all]

Description
This command is used to delete one or all LDAP domains.

When an LDAP domain is deleted, all LDAP servers added under that domain are also
deleted. Also all LDAP configurations done for that domain are deleted.

Syntax Description
domain_name Name of the LDAP domain that wil be deleted.

Default
N/A.

Usage Guidelines
Use this command to delete one or all LDAP domains.

When an LDAP domain is deleted, all LDAP servers added under that domain are also
deleted. All LDAP configurations for that domain are also deleted.

Example
This command deletes the LDAP domain sales.XYZCorp.com

delete ldap domain sales.XYZCorp.com

1792 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on all Universal switches supported in this document.

delete log filter

delete log filter [filter-name | all]

Deletes a log filter with the specified name.

Syntax Description
filter-name Specifies the filter to delete.
all Specifies that all filters, except DefaultFilter, are to be
deleted

Default
N/A.

Usage Guidelines
This command deletes the specified filter, or all filters except for the filter DefaultFilter.
The specified filter must not be associated with a target. To remove that association,
associate the target with DefaultFilter instead of the filter to be deleted, using the
following command:
configure log target target filter DefaultFilter

Example
The following command deletes the filter named fdb2:

delete log filter fdb2

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1793

delete log target upm Commands

delete log target upm

delete log target upm {upm_profile_name}

Description
Deletes the specified UPM log target.

Syntax Description
upm_profile_name Specifies the name of the UPM log target to be deleted.

Default
N/A.

Usage Guidelines
This command deletes the log target and any configurations applied to that target. To
disable a target and retain the target configuration, use the following command:
disable log target upm {upm_profile_name}.

Example
The following command deletes the UPM log target testprofile1:

delete log target upm testprofile1

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the Universal Port feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

delete log target xml-notification

delete log target xml-notification xml_target_name

Description
Deletes a Web server target.

1794 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
xml_target_name Specifies the name of the xml notification target.

Default
N/A.

Usage Guidelines
Use this command to delete a Web server target.

Example
The following command deleted the Web server target target2:

delete log target xml-notification target2

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

delete macsec connectivity-association

delete macsec connectivity-association ca_name

Description
Deletes a previously created connectivity-association (CA) object that holds MAC
Security (MACsec) key authentication data.

Syntax Description
connectivity- Secures connectivity provided between MACsec stations.
association
ca_name Selects the CA to delete.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 1795

Usage Guidelines Commands

Usage Guidelines
Prior to deletion, ports assigned to the CA must be removed with the configure
macsec connectivity-association ca_name [pre-shared-key {ckn ckn} {cak
[encrypted encrypted_cak] | cak} | ports [port_list] [enable | disable]]
command using the disable option.

Example
The following example deletes the CA "testca":
# delete macsec connectivity-association testca

History
This command was first available in ExtremeXOS 30.1.

Platform Availability
This command is available on the following platforms.

Note
The MACsec feature requires the installation of the MAC Security feature pack
license.

Platform Ports
ExtremeSwitching 5320 All ports of all models except stacking ports.
ExtremeSwitching 5420 All ports of all models except stacking ports.
ExtremeSwitching 5520 All ports, except 5520-VIM-4X and 5520-24X 10G
ports
ExtremeSwitching 5720 All ports of all models except stacking ports.
Extreme 7520-48YE-8CE All front-panel ports.

delete meter
delete meter meter-name

Description
Deletes a meter.

Syntax Description
meter-name Specifies the meter name.

1796 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes the meter maximum_bandwidth:

delete meter maximum_bandwidth

History
This command was available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

delete mirror name

delete mirror mirror_name {control_index} | all]

Description
Deletes a user-defined mirroring instance, and unconfigures the "DefaultMirror"
instance.

Syntax Description
mirror_name Specifies a specific mirror name to delete.
control_index Mirror destination control index (1–4).
Also know as: etsysMirrorDestinationControlIndex. Each
comprises a group of mirror names.
all Specifies that you delete all named mirror instances.

Default
Disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1797

Usage Guidelines Commands

Usage Guidelines
Use this command to delete a user-defined mirroring instance and unconfigure the
"DefaultMirror" instance. Mirroring instances must be in the "disabled" state in order to
be deleted. The all command will fail if any mirroring instance is in the "enabled" state.

Example
The following example deletes all mirroring instances:
delete mirror all

History
This command was first available in ExtremeXOS 15.3.

Variable control_index to support policy-based mirrors was added in ExtremeXOS

30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

delete mlag peer

delete mlag peer peer_name

Description
Deletes a peer switch from the structure.

Syntax Description
peer_name Specifies an alpha numeric string identifying the MLAG
peer.

Default
N/A.

Usage Guidelines
This command deletes an MLAG peer switch from the association structure.

Before you delete an MLAG peer switch, you must disable it. If it is not disabled, the
following error message is displayed:
ERROR: MLAG ports currently associated with peer. First disable MLAG
ports using "disable mlag port <port>" before deleting MLAG peer

1798 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command deletes a peer switch structure switch101:
# delete mlag peer switch101

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

delete mpls rsvp-te lsp

delete mpls rsvp-te lsp [lsp_name | all]

Description
Deletes internal resources for the specified RSVP-TE LSP.

Syntax Description
lsp_name Specifies the LSP within the switch to be deleted.
all Deletes all RSVP-TE configured LSPs.

Default
N/A.

Usage Guidelines
This command deletes internal resources for the specified RSVP-TE LSP. The LSP is first
withdrawn if it is currently active. Deleting an LSP may cause a PW to fail. Any static
routes configured to a deleted LSP are also removed.

Example
The following command deletes the configured RSVP-TE LSP named lsp598:

delete mpls rsvp-te lsp lsp598

History
This command was first available in ExtremeXOS 11.6.

Switch Engine™ Command Reference Guide for version 32.7.1 1799

Platform Availability Commands

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

delete mpls rsvp-te path

delete mpls rsvp-te path [path_name | all]

Description
Deletes a configured RSVP-TE routed path with the specified path name.

Syntax Description
path_name Specifies a path within the switch to be deleted.
all Deletes all paths not associated with an LSP.

Default
N/A.

Usage Guidelines
This command deletes a configured RSVP-TE routed path with the specified name. All
associated configuration information for the specified path is deleted. If the all keyword
is specified, all paths not associated with an LSP are deleted.

Note
A path cannot be deleted as long as the path name is associated with an LSP.

Example
The following command deletes the configured RSVP-TE path named path598:

delete mpls rsvp-te path path598

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

1800 Switch Engine™ Command Reference Guide for version 32.7.1

Commands delete mpls rsvp-te profile

delete mpls rsvp-te profile

delete mpls rsvp-te profile [profile_name | all]

Description
Deletes a configured RSVP-TE profile with the specified profile name.

Syntax Description
profile_name Specifies a configured RSVP-TE profile to be deleted.
all Deletes all profiles not associated with an LSP, except the default
profile.

Default
N/A.

Usage Guidelines
This command deletes a configured RSVP-TE profile with the specified profile name. If
the all keyword is specified, all profiles not associated with an LSP are deleted (except
for the default profile).

Note
A profile cannot be deleted as long as the profile name is associated with a
configured LSP. The default profile cannot be deleted.

Example
The following command deletes the configured RSVP-TE profile named prof598:

delete mpls rsvp-te profile prof598

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

delete mpls static lsp

delete mpls static lsp [lsp_name | all]

Switch Engine™ Command Reference Guide for version 32.7.1 1801

Description Commands

Description
Deletes internal resources for one or all static LSPs.

Syntax Description
lsp_name Identifies the LSP to be deleted.
all Specifies that all LSPs are to be deleted.

Default
N/A.

Usage Guidelines
All resources associated with the specified LSPs are released. Static LSPs cannot be
deleted when the LSP is configured for an IP route or VPLS configuration.

Example
The following command deletes a static LSP:

delete mpls static lsp lsp598

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

delete msdp mesh-group

delete msdp mesh-group mesh-group-name {vr vrname}

Description
Removes an MSDP mesh-group.

1802 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
mesh-group-name Specifies the name of the MSDP mesh-group. The character
string can be a maximum of 31 characters.
vrname Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current
CLI context.

Default
N/A.

Usage Guidelines
A mesh-group is a group of MSDP peers with fully meshed MSDP connectivity. Mesh-
groups are used to achieve two goals:
• Reduce SA message flooding.
• Simplify peer-RPF flooding.

SA messages received from a peer in a mesh-group are not forwarded to other peers in
the same mesh-group.

Use the delete msdp mesh-group command only if you created a mesh-group that you
want to remove. By default, there is no MSDP mesh-group.

Example
The following example removes a mesh-group called "verizon":
delete msdp mesh-group verizon

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

delete msdp peer

delete msdp peer [all | remoteaddr] {vr vr_name}

Description
Deletes an MSDP peer.

Switch Engine™ Command Reference Guide for version 32.7.1 1803

Syntax Description Commands

Syntax Description
all Deletes all MSDP peers.
remoteaddr Specifies the IP address of the MSDP router to configure as an MSDP
peer.
vr_name Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current CLI
context.

Default
N/A.

Usage Guidelines
None.

Example
The following example deletes an MSDP peer:
delete msdp peer 192.168.45.43

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

delete netlogin local-user

delete netlogin local-user user-name

Description
Deletes a specified local network login user name and its associated password.

Syntax Description
user-name Specifies a local network login user name.

1804 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
Use the show netlogin local-users command to determine which local network
login user name you want to delete from the system. The show netlogin local-users
output displays the user name and password in a tabular format.

This command applies only to web-based and MAC-based modes of network login.
802.1X network login does not support local database authentication.

You must have administrator privileges to use this command.

Example
The following command deletes the local network login megtest along with its
associated password:

delete netlogin local-user megtest

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

delete ntp key

delete ntp key [keyid | all]

Description
Deletes an NTP key; it cannot be used for outgoing or incoming NTP sessions.

Syntax Description
keyid Specifies the key ID as a value from 1 to 65534.
all Deletes all keys.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 1805

Usage Guidelines Commands

Usage Guidelines
N/A.

Example
The following command deletes NTP key 5 on the switch:

delete ntp key 5

The following command deletes all NTP keys on the switch:

delete ntp key all

History
This command was first available in ExtremeXOS 12.7.

Platform Availability
This command is available on all Universal switches supported in this document.

delete ospf area

delete ospf area [area-identifier | all]

Description
Deletes an OSPF area or all OSPF areas.

Syntax Description
area-identifier Specifies an OSPF area.
all Specifies all areas.

Default
N/A.

Usage Guidelines
An OSPF area cannot be deleted if it has an associated interface. Also, area 0.0.0.0
cannot be deleted.

1806 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command deletes an OSPF area:

delete ospf area 1.2.3.4

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

delete ospfv3 area

delete ospfv3 area [area_identifier | all]

Description
Deletes an OSPFv3 area or all OSPFv3 areas.

Syntax Description
area_identifier Specifies an OSPFv3 area, a four-byte, dotted decimal
number.
all Specifies all areas.

Default
N/A.

Usage Guidelines
An OSPFv3 area cannot be deleted if it has an associated interface. Also, area 0.0.0.0
cannot be deleted.

Example
The following command deletes an OSPFv3 area:

delete ospfv3 area 1.2.3.4

History
This command was first available in ExtremeXOS 11.2.

Switch Engine™ Command Reference Guide for version 32.7.1 1807

Platform Availability Commands

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

delete policy access-list

delete policy access-list [all-rules | list_dot_rule]

Description
Deletes previously created access list and their rules.

Syntax Description
access-list Configures access list rule model.
all-rules Deletes all access lists and their rules.
list_dot_rule Defines the access list name with optional rule name in the
format list_name.rule_name.

Default
N/A.

Usage Guidelines
You can remove a specific rule or remove all the rules from an access list, or remove all
access lists and their rules.

Example
The following example deletes the access list rule"ACL1.rule1":
# delete policy access-list ACL1.ace2

The following example deletes the access list "ACE":

# delete policy access-list ACE

The following example deletes all access lists and their rules:
# delete policy access-list all-rules

History
This command was first available in ExtremeXOS 30.5.

Platform Availability
This command is available on all Universal switches supported in this document.

1808 Switch Engine™ Command Reference Guide for version 32.7.1

Commands delete policy access-list action-set

delete policy access-list action-set

delete policy access-list action-set set-id

Description
Deletes a pre-defined action set.

Syntax Description
access-list Specifies access-list features.
action-set Specifies deleting an action set, which is a defined a set
of actions that can be applied to multiple sets of match
conditions.
set-id Specifies which action set to delete by its global action set
ID.

Default
N/A.

Example
The following example deletes action set "1":
# delete policy access-list action-set 1

History
This command was first available in ExtremeXOS 30.5.

Platform Availability
This command is available on all Universal switches supported in this document.

delete ports group

delete ports group port_group

Description
This command deletes a generic port-group name that can be associated with a list of
ports. The port_group option could be implemented in configure or show commands
that currently accept a port_list. The QoS commands are expanded to accept the
port_group option. QoS commands that use port groups are updated automatically if
the ports group is removed or if ports are added or removed from the group.

Switch Engine™ Command Reference Guide for version 32.7.1 1809

Syntax Description Commands

Syntax Description
port_group Specifies a port group name.

Default
N/A.

Usage Guidelines
Use this command to delete a generic port-group name associated with a list of ports.

Example
delete port-group testGroup

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

delete private-vlan
delete private-vlan name

Description
Deletes the PVLAN framework with the specified name.

Syntax Description
name Specifies the name of the PVLAN to be deleted.

Default
N/A.

Usage Guidelines
The PVLAN is a framework that links network and subscriber VLANs; it is not an actual
VLAN.

1810 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

This command deletes the PVLAN framework, but it does not delete the associated
VLANs. If the ports in the network VLAN were set to translate, they are changed to
tagged.

Example
The following example deletes the PVLAN named "companyx":

delete private-vlan companyx

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all platforms that support the Private VLAN feature. For
features and the platforms that support them, see the Switch Engine 32.7.1 Feature
License Requirements document.

delete process
delete process

Description
This command provides the ability for an end-user to delete dynamically-created
processes.

Syntax Description
This command has no arguments or variables.

Default
N/A

Usage Guidelines
Use this command to delete dynamically-created processes only.

History
This command was first available in ExtremeXOS 15.7..

Switch Engine™ Command Reference Guide for version 32.7.1 1811

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

delete protocol
delete protocol {filter} filter_name

Description
Deletes a user-defined protocol.

Syntax Description
filter Deletes a protocol filter.
filter_name Specifies a protocol filter name to delete.

Default
N/A.

Usage Guidelines
If you delete a protocol that is in use by a VLAN, the protocol associated with than VLAN
becomes none.

Example
The following examples delete a protocol named "my_filter" and a protocol filter named
"my_other_filter":
delete protocol “my_filter”
delete protocol filter “my_other_filter”

History
This command was first available in ExtremeXOS 10.1.

The filter keyword was added in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

delete qosprofile
delete qosprofile [QP2| QP3 | QP4 | QP5 | QP6 | QP7]

1812 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Deletes a user-created QoS profile.

Syntax Description
QP2....QP7 Specifies the user-created QoS profile you want to delete.

Default
N/A.

Usage Guidelines
You cannot delete the default QoS profiles of QP1 and QP8. On a SummitStack, you also
cannot delete QoS profile QP7. If you attempt to delete QoS profile QP7, the system
returns an error.

All configuration information associated with the specified QoS profile is removed.

Example
The following command deletes the user-created QoS profile QP3:

delete qosprofile qp3

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

delete sshd2 user-key

delete sshd2 user-key key_name

Description
Deletes a user key.

Syntax Description
key_name Specifies the name of the public key to be deleted.

Switch Engine™ Command Reference Guide for version 32.7.1 1813

Default Commands

Default
N/A.

Usage Guidelines
This command is used to delete a user key. The key is deleted regardless of whether or
not it is bound to a user.

Note
If a user is bound to the key, they are first unbound or unassociated, and then
the key is deleted.

Example
The following example shows the SSH user key id_dsa_2048 being deleted:

delete sshd2 user-key id_dsa_2048

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

delete stpd
delete stpd stpd_name

Description
Removes a user-defined STPD from the switch.

Syntax Description
stpd_name Specifies a user-defined STPD name on the switch.

Default
N/A.

1814 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
If your STPD has the same name as another component, for example a VLAN, we
recommend that you specify the identifying keyword as well as the name. If you do not
specify the stpd keyword, an error message similar to the following is displayed:
%% Ambiguous command: "delete Test"

In this example, to delete the STPD Test, enter delete stpd Test.

If you created an STPD with a name unique only to that STPD, the keyword stpd is
optional.

The default STPD, s0, cannot be deleted.

In an MSTP environment, you cannot delete or disable a CIST if any of the MSTIs are
active in the system.

Example
The following example deletes an STPD named "purple_st":
delete stpd purple_st

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

delete tunnel
delete tunnel tunnel_name

Description
Deletes an IPv6 tunnel.

Syntax Description
tunnel_name Specifies an IPv6 tunnel.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 1815

Usage Guidelines Commands

Usage Guidelines
This command will destroy a previously created tunnel. The command acts on either
a 6to4 or a 6in4 tunnel. When the tunnel interface is removed, all dynamic routes
through that interface are purged from the system. The configured static routes are
removed from the hardware tables and become inactive.

Example
The following example deletes the tunnel link39:
delete tunnel link39

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 interworking feature in
the Switch Engine 32.7.1 Feature License Requirements document.

delete upm profile

delete upm profile profile-name

Description
Deletes the specified profile.

Syntax Description
profile-name Specifies the UPM profile to be deleted.

Default
N/A.

Example
The following command deletes a UPM profile called sample_1:

delete upm profile sample_1

History
This command was first available in ExtremeXOS 11.6.

1816 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the Universal Port feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

delete upm timer

delete upm timer timer-name

Description
Deletes the specified UPM timer.

Syntax Description
timer-name Specifies the name of the UPM timer to be deleted.

Default
N/A.

Usage Guidelines
You can delete a UPM timer by specifying its name.

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the Universal Port feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

delete var
delete var varname

Note
This is a script command and operates only in scripts or on the command
line when scripting is enabled with the following command: enable cli
scripting {permanent}.

Switch Engine™ Command Reference Guide for version 32.7.1 1817

Description Commands

Description
Deletes a variable.

Syntax Description
varname Specifies the name of the scripting variable to be deleted.

Default
N/A.

Usage Guidelines
The format of a local variable (case insensitive) is: $VARNAME.

Example
The following example deletes local variable x:

delete var x

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

delete var key

delete var key key

Note
This is a script command and operates only in scripts or on the command
line when scripting is enabled with the following command: enable cli
scripting {permanent}.

Description
Deletes the variables that have been saved using a key.

Syntax Description
key Specifies that variables associated with the specified key
must be deleted.

1818 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
CLI scripting must be enabled to use this command. The user is responsible for
generating unique keys for each variable. The system has a limited amount of memory
to store these variables.

Example
The following command deletes all variables associated with the key “red:”

delete var key red

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

delete virtual-network
delete virtual-network vn_name

Description
This command deletes a virtual network.

Syntax Description
virtual-network Designates deleting a virtual network.
vn_name Specifies which virtual network.

Default
N/A.

Example
The following example deletes the virtual network "my_virtual_network":
delete virtual-network my_virtual_network

Switch Engine™ Command Reference Guide for version 32.7.1 1819

History Commands

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

delete virtual-network remote-endpoint vxlan ipaddress

delete virtual-network remote-endpoint vxlan ipaddress ipaddress {vr
vr_name}

Description
This command deletes a remote endpoint.

Syntax Description
ipaddress A remote endpoint IP address.
vr VR/VRF instance the remote endpoint is associated with
vr_name An existing VR/VRF name.

Default
N/A.

Usage Guidelines
This command is useful when user wants to delete a remote endpoint in addition to
the ones learned dynamically (OSPF extensions).

Example
To remove a remote endpoint:
delete virtual-network vxlan remote-endpoint ipaddress 1.2.3.4

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

1820 Switch Engine™ Command Reference Guide for version 32.7.1

Commands delete virtual-router

delete virtual-router
delete virtual-router vr-name

Description
This command deletes a VR or VRF.

Syntax Description
vr-name Specifies the name of the VR or VRF.

Default
N/A.

Usage Guidelines
Only user VRs and VRFs can be deleted.

Before you delete a user VR, you must delete all VLANs and protocols assigned to the
VR, and you must delete any child VRFs. All of the ports assigned to a deleted VR are
made available to assign to other VRs.

Before you delete a VRF, you must delete all VLANs and stop all protocols that are
assigned to that VRF. All of the ports assigned to a deleted VRF are deleted and
made available to assign to other VRs and VRFs. Any routing protocol instance that
is assigned to the VRF is deleted gracefully.

Example
The following example deletes the VR "vr-acme":
delete virtual-router vr-acme

The following example deletes the VRF "vrf1":

delete virtual-router vrf1

History
This command was first available in ExtremeXOS 11.0.

Support for non-VPNVRFs was added in ExtremeXOS 12.5.

Support for VPN VRFs was added in ExtremeXOS 12.6.0-BGP.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1821

delete vlan Commands

delete vlan
delete [ {vlan} vlan_name | vlan vlan_list]

Description
Deletes a VLAN.

Syntax Description
vlan_name Specifies a VLAN name.
vlan_list Specifies a VLAN list of IDs.

Default
N/A.

Usage Guidelines
If you delete a VLAN that has untagged port members and you want those ports to be
returned to the default VLAN, you must add them back explicitly using the configure
svlan delete ports command.

Note
The default VLAN cannot be deleted. Before deleting an ISC VLAN, you must
delete the peer.

Example
The following command deletes the VLAN accounting:
delete accounting

History
This command was first available in ExtremeXOS 10.1.

The vlan_list option was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

delete vman
delete vman [vman-name | vman_list]

1822 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Deletes a previously created VMAN.

Syntax Description
vman-name Specifies a VMAN name.
vman_list Specifies a VMAN list.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes the VMAN accounting:
delete vman accounting

History
This command was first available in ExtremeXOS 11.0.

The vman_list variable was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

delete vm
delete vm vm_name

Description
Deletes an existing virtual machine (VM).

Syntax Description
vm Designates a virtual machine.
vm_name Specifies the VM name to delete.

Switch Engine™ Command Reference Guide for version 32.7.1 1823

Default Commands

Default
N/A.

Usage Guidelines
The Integrated Application Hosting (IAH) feature requires the Solid State Storage
Device SSD-120.

Example
The following example deletes the vm "vm1":
# delete vm vm1

History
This command was first available in ExtremeXOS 30.3.

Stop the VM before attempting to delete it (stop vm vm_name [forceful |

graceful]).

Platform Availability
This command is available on all platforms that support the Integrated Application
Hosting (IAH) feature and have a Core or Premier license installed. For a list of platforms
that support the IAH feature and for information about licenses, see the Switch Engine
32.7.1 Feature License Requirements.

delete vm-tracking local-vm

delete vm-tracking local-vm {mac-address mac}

Description
Deletes the specified VM entry in the local VM database.

Syntax Description
mac Specifies the MAC address for a VM entry to delete.

Default
N/A.

Usage Guidelines
None.

1824 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command deletes the VM entry for MAC address 00:E0:2B:12:34:56 in the
local VM database:
# delete vm-tracking local-vm mac-address 00:E0:2B:12:34:56

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

delete vm-tracking vpp

delete vm-tracking vpp {vpp_name}

Description
Deletes the specified LVPP.

Syntax Description
vpp_name Specifies a name for the LVPP to delete.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes the VPP named vpp1:
# delete vm-tracking vpp vpp1

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1825

delete vpls Commands

delete vpls
delete vpls [vpls_name | all]

Note
This command has been replaced with the following command: delete
l2vpn [vpls [vpls_name | all] | vpws [vpws_name | all]] .
This command is still supported for backward compatibility, but it will be
removed from a future release, so we recommend that you start using the
new command.

Description
Deletes the VPLS with the specified vpls_name.

Syntax Description
vpls_nam Identifies the VPLS within the switch (character string).
e
all Specifies all VPLS.

Default
N/A.

Usage Guidelines
This command deletes the VPLS with the specified vpls_name. All PWs established to
VPLS peers are terminated. The all keyword may be used to indicate that all VPLS
instances are to be deleted.

Example
This commands deletes the VPLS myvpls:

delete vpls myvpls

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

1826 Switch Engine™ Command Reference Guide for version 32.7.1

Commands delete vrrp group

delete vrrp group

delete vrrp group group_name

Description
This command deletes a VRRP group used to operate in high-scale mode.

Syntax Description
group Specifies deleting a VRRP group.
group_name Specifies the VRRP group name.

Default
None.

Example
The following example deletes a VRRP group called "vrrp1".
delete vrrp group vrrp1

History
This command was first available in ExtremeXOS 22.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

delete vrrp vlan vrid

delete vrrp vlan vlan_name vrid vridval

Description
Deletes a specified VRRP instance.

Switch Engine™ Command Reference Guide for version 32.7.1 1827

Syntax Description Commands

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vridval Specifies the VRID for the VRRP instance. To display the
configured VRRP router instances, enter the show vrrp
command.

Default
N/A.

Usage Guidelines
None.

Example
The following command deletes the VRRP instance on the VLAN vrrp-1 identified by
VRID 2:

delete vrrp vlan vrrp-1 vrid 2

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

delete xml-notification target

delete xml-notification target target

Description
Deletes the Web server target on the XML client process.

Syntax Description
target Specifies the configured target.

1828 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
Use this command to delete the Web server target on the XML client process.

Example
The following command deletes the target test2:

delete xml-notification target test2

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

disable access-list permit to-cpu

disable access-list permit to-cpu

Description
Allows special packets to be blocked by low priority ACLs.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
This command allows ACLs to deny certain special packets from reaching the CPU,
even if the packets match ACLs that would otherwise deny them. The special packets
include STP and EAPS BPDUs, and ARP replies for the switch.

When this feature is disabled, these same packets will be denied if an ACL is applied
that contains a matching entry that denies the packets. Contrary to expectations, the
packets will still be denied if there is a higher precedence entry that permits the
packets.

Switch Engine™ Command Reference Guide for version 32.7.1 1829

Example Commands

To enable this feature, use the following command:

enable access-list permit to-cpu

Example
The following example enables ACLs to deny STP BPDU packets from reaching the
switch CPU:
disable access-list permit to-cpu

History
This command was first available in ExtremeXOS 11.3.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable access-list refresh blackhole

disable access-list refresh blackhole

Description
Disables blackholing of packets during ACL refresh.

Syntax Description
This command has no arguments or variables.

Default
The feature is enabled.

Usage Guidelines
When access control lists (ACLs) are refreshed, this feature provides that any packets
arriving during the refresh will be blackholed.

If you disable this feature, the ACLs will be refreshed as described in the refresh policy
command.

To enable this feature, use the following command:

enable access-list refresh blackhole

1830 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command disables dropping of packets during an ACL refresh:
disable access-list refresh blackhole

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

disable account
disable account [all {admin|user | name]

Description
Disables the specified account locally.

Syntax Description
all Specifies that all accounts, or all accounts of a certain type,
will be disable.
admin Specifies that all administrative accounts will be disabled
locally.
user Specifies that all user accounts, including Lawful-Intercept
accounts, will be disabled locally.
name Specifies the name of the account that will be disabled
locally.

Default
Enabled.

Usage Guidelines
If the user is disabled locally, the user's login will fail.

Disabling accounts affects the following northbound interfaces:

• Console
• TELNET
• SSH
• HTTP
• XML

Switch Engine™ Command Reference Guide for version 32.7.1 1831

Example Commands

If you disable all administrative accounts, you can use the failsafe account.

Example
The following example disables all user accounts.
disable account all user

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable auto-provision
disable auto-provision

Description
Disables the auto provision capability.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Use this command to disable the auto provision capability.

To display the status of auto provision on the switch, use the show auto-provision
command.

Example
The following command disables the auto provision capability:

disable auto-provision

1832 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The following message is displayed:

# disable auto-provision
This setting will take effect at the next reboot of this switch.

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

disable auto-provision cloud-connector

disable auto-provision cloud-connector

Description
Stops the Cloud Connector process on the switch.

Syntax Description
N/A

Default
Enabled.

Usage Guidelines
N/A

Example
The following command stops the Cloud Connector process:
disable auto-provision cloud-connector

History
This command was first available in ExtremeXOS 32.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1833

disable avb Commands

disable avb
disable avb

Description
This command is a macro command that can be used to disable all AVB protocols
globally on the switch. It is equivalent to issuing the following three commands:

disable mvrp

disable msrp

disable network-clock gptp

Syntax Description
avb Audio Video Bridging

Default
Disabled.

Usage Guidelines
Use this command to disable all AVB protocols globally on the switch.

Example
disable avb

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all ExtremeSwitching Universal switches that support the
AVB feature.

disable avb ports

disable avb ports [port_list | all]

Description
This command is a macro command that can be used to disable all AVB protocols on
the given ports. It is equivalent to issuing the following three commands:

1834 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

disable mvrp ports [port_list | all]

disable msrp ports [port_list | all]

disable network-clock gptp ports [port_list | all]

Syntax Description
avb Audio Video Bridging.
port_list Port list separated by a comma or "-".
all All ports.

Default
Disabled.

Usage Guidelines
Use this command to disable all AVB protocols on the given ports.

Example
disable avb ports all

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all ExtremeSwitching Universal switches that support the
AVB feature.

disable bgp
disable bgp

Description
Disables BGP.

Syntax Description
This command has no arguments or variables.

Switch Engine™ Command Reference Guide for version 32.7.1 1835

Default Commands

Default
Disabled.

Usage Guidelines
Use this command to disable BGP on the router.

Example
The following command disables BGP:

disable bgp

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp advertise-inactive-route

disable bgp {address-family [ipv4-unicast | ipv4-multicast |ipv6-unicast
| ipv6-multicast]} advertise-inactive-route

Description
Disables advertisement of BGP inactive routes, which are defined as those routes that
rated best by BGP and not best in the IP routing table.

Syntax Description
address-family Specifies an IPv4 or IPv6 unicast or multicast address
family.

Default
Disabled.

If no address family is specified, IPv4 unicast is the default address family.

1836 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This command can be successfully executed only when BGP is globally disabled. If you
want to disable inactive route advertisement and BGP is enabled, you must disable
BGP (disable bgp), disable this feature, and then enable BGP (enable bgp).

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Example
The following command disables inactive route advertisement for IPv4 unicast traffic:
disable bgp address-family ipv4-unicast advertise-inactive-route

History
This command was first available in ExtremeXOS 12.1.3.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp aggregation

disable bgp aggregation

Description
Disables BGP route aggregation.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Route aggregation is the process of combining the characteristics of several routes
so that they are advertised as a single route. Aggregation reduces the amount of

Switch Engine™ Command Reference Guide for version 32.7.1 1837

Example Commands

information that a BGP speaker must store and exchange with other BGP speakers.
Reducing the information that is stored and exchanged also reduces the size of the
routing table.

Use this command to disable BGP route aggregation.

Example
The following command disables BGP route aggregation:

disable bgp aggregation

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp always-compare-med

disable bgp always-compare-med

Description
Disables BGP from comparing Multi Exit Discriminators (MEDs) for paths from
neighbors in different Autonomous Systems (AS).

Syntax Description
This command has no arguments or variables.

Default
ExtremeXOS does not compare MEDs for paths from neighbors in different AS.

Usage Guidelines
The MED is one of the parameters that is considered when selecting the best path
among many alternative paths. The path with a lower MED is preferred over a path with
a higher MED. By default, during the best path selection process, MED comparison is
done only among paths from the same AS.

1838 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

BGP must be disabled before you can change the configuration with this command.

Example
The following command disables MED from being used in comparison among paths
from different AS:

disable bgp always-compare-med

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp community format

disable bgp community format AS-number : number

Description
Disables the AS-number:number format of display for communities in the output of
show commands.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Using this command, communities are displayed as a single decimal value.

Switch Engine™ Command Reference Guide for version 32.7.1 1839

Example Commands

Example
The following command disables the AS-number:number format of display for
communities:

disable bgp community format AS-number : number

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp export vr

disable bgp export {vr} vr_name route_type {address-family} vpnv4

Description
For IPv4 and IPv6 routes, this command disables the PE router to export and
redistribute local VRF routes to remote PE routers through BGP.

Syntax Description
vr Specifies the source VPN VRF of the exported routes.
vr_name Specifies the name of the source VPN VRF.
route_type Specifies the source or origin of the route types to be
exported to remote PE routers. Valid Types: blackhole,
direct, and bgp.
address-family Specifies the address family for the exported routes.
Valid types are ipv4-unicast, vpnv4.
vpn4 Specifies that routes from the VRF are exported as
vpnv4 routes over MPBGP.

Default
Disabled.

1840 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This command disables a PE router to advertise learned routes from CE routers to
remote PE routers in a Service Provider's backbone. Executing this command allows
the PE router to convert VRF native IPv4 routes into VPN-IPv4 route,s and advertise to
all remote PE BGP neighbors as VPN-IPv4 routes.
• For Layer 3 VPNs, you must enter the disable bgp export vr command in the
context of the VRF that supports the Layer 3 VPN.
• When the export source is the Layer 3 VPN, you can specify direct, or remote-vpn to
disable route export to the VRF. The destination address family must be ipv4‑unicast.
• This export command is applicable in Parent VR context only. If you execute it in a
VRF context, an error message is returned.
• The source VPN VRF must be a child of the Parent VR.
• BGP need not be added to a VPN VRF to export routes from a VPN VRF.
• The direction of where the redistribution is targeted is implicit on the keywords
used, For eg:- remote-vpn only applies to remote routes from PE redistributed to
CE, hence we cannot use it with address family vpnv4. Similarly bgp only applies to
EBGP routes from CE exported as VPN routes, hence we use it only with address
family vpnv4. Other sources such as “static” and “direct” are redistributed both ways.

Example
The following command disables BGP to advertise a vpnv4 route named
"corp1_vpn_vrf":
disable bgp export "corp1_vpn_vrf" bgp address-family vpnv4

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

The blackhole option was added in ExtremeXOS 12.1.3.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp export

disable bgp export route_type {{address-family} address_family}

Switch Engine™ Command Reference Guide for version 32.7.1 1841

Description Commands

For Layer 3 VPNs:

disable bgp export route_type {{address-family} address_family}

Description
Disables BGP from exporting routes from other protocols to BGP peers.

Syntax Description
bgp For Layer 3 VPNs, this specifies that BGP routes learned
from CE routers are to be exported to remote PE routers.
route_type Specifies the BGP export route type.
address-family Specifies an IPv4 or IPv6 unicast or multicast address
family.

Default
Disabled.

If no address family is specified, IPv4 unicast is the default.

Note
You must specify an IPv6 address family for an IPv6 peer, because an IPv6
peer does not support the default IPv4 unicast address family. Similarly, if you
specify an IPv4 peer and an address family in the command, an IPv4 address
family must be specified.

Usage Guidelines
The exporting of routes between any two routing protocols is a discrete configuration
function. For example, you must configure the switch to export routes from OSPF to
BGP and, if desired, you must configure the switch to export routes from BGP to OSPF.
You must first configure both protocols and then verify the independent operation of
each. Then you can configure the routes to export from OSPF to BGP, and the routes to
export from BGP to OSPF.

You can use policies to associate BGP attributes including Community, NextHop, MED,
Origin, and Local Preference with the routes. Policies can also be used to filter out
exported routes.

Using the export command to redistribute routes complements the redistribution of

routes using the configure bgp add network command. The configure bgp add
network command adds the route to BGP only if the route is present in the routing
table. The enable bgp export command redistributes an individual route from the
routing table to BGP. If you use both commands to redistribute routes, the routes

1842 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

redistributed using the network command take precedence over routes redistributed
using the export command.

Note
For this command to execute, the specified protocol must support the
specified address family. For example, the command fails if you specify OSPF
and the IPv6 unicast address family. You can specify blackhole, direct, static,
and IS-IS routes with IPv4 or IPv6 address families.

For Layer 3 VPNs, the disable bgp export command must be entered in the context of
the VRF that supports the Layer 3 VPN.

When the export source is the Layer 3 VPN, you can specify direct, or remote-vpn to
disable route export to the VRF. The destination address family must be ipv4‑unicast.

When the export source is the VRF, you can specify direct, or bgp to disable route
export to the VPN. The destination address family must be vpnv4.

Example
The following command disables BGP from exporting routes from the OSPF protocol to
BGP peers:

disable bgp export ospf

The following command disables the export of BGP routes from a VRF to a VPN:

disable bgp export bgp address-family vpnv4

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

The blackhole option was added in ExtremeXOS 12.1.3.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 1843

disable bgp export [static | direct] l2vpn-evpn Commands

disable bgp export [static | direct] l2vpn-evpn

disable bgp export [static | direct] {address-family address_family}
l2vpn-evpn {vr vr_name}

Description
Disables export of direct, static, and BGP routes from a VRF into BGP, running on the
specified VR, as EVPN routes to be advertised by BGP as Type 5 routes.

Syntax Description
bgp Specifies showing the BGP configuration.
export Specifies redistributing information from another routing
protocol.
static Specifies static routes.
direct Specifies direct routes.
address-family Specifies the address family.
address_family Sets the address family type.
l2vpn-evpn Specifies the L2VPN EVPN address family.
vr Specifies the source VR.
vr_name Designates the source VR name. Both VPN-VRFs and non-
VPN-VRFs are supported.

Default
N/A.

Usage Guidelines
N/A.

Example
The following example disables exports of static routes on VR "vr-a" as EVPN routes to
be advertised by BGP as Type 5 routes:
# disable bgp export static l2vpn-evpn vr vr-a

History
This command was first available in ExtremeXOS 30.6.

1844 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp fast-external-fallover

disable bgp fast-external-fallover

Description
Disables BGP fast external fallover functionality.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command disables the BGP fast external fallover on the router. This command
applies to all directly-connected external BGP neighbors.

When BGP fast external fallover is enabled, the directly-connected EBGP neighbor
session is immediately reset when the connecting link goes down.

If BGP fast external fallover is disabled, BGP waits until the default hold timer expires
(3 keepalives) to reset the neighboring session. In addition, BGP might teardown the
session somewhat earlier than hold timer expiry if BGP detects that the TCP session
and it's directly connected link is broken (BGP detects this while sending or receiving
data from TCP socket).

Example
The following command disables BGP fast external fallover:

disable bgp fast-external-fallover

History
This command was first available in ExtremeXOS 12.1.

Switch Engine™ Command Reference Guide for version 32.7.1 1845

Platform Availability Commands

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp mpls-next-hop

disable bgp mpls-next-hop

Description
Disables IP forwarding over calculated MPLS LSPs to subnets learned via BGP.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command disables IP forwarding over calculated MPLS LSPs to subnets learned
via BGP. (Calculated refers to an LSP that only reaches part of the way to the
destination). By default, IP forwarding over MPLS LSPs to subnets learned via BGP is
disabled.

Example
The following command disables BGP’s use of MPLS LSPs to reach BGP routes:

disable bgp mpls-next-hop

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable bgp multipath-relax

disable bgp multipath-relax

1846 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Disables BGP multipath-relax feature, which modifies the definition of an equal cost
BGP route.

Syntax Description
multipath-relax Selects BGP multipath relax feature.

Default
This feature is disabled by default.

Usage Guidelines
This feature modifies the definition of equal cost BGP routes as specified in RFC-4271. In
particular, routes with the same AS-path length, but differing AS numbers in the path
are not considered equal cost by default. However, with multipath-relax enabled, routes
with the same AS-path length can have differing AS number values in the AS-path and
still be considered equal cost.

BGP must be disabled (disable bgp ) first to disable this feature.

Example
The following example disables the BGP multipath-relax feature:
disable bgp multipath-relax

History
This command was first available in ExtremeXOS 22.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp neighbor address-family l2vpn-evpn

disable bgp {neighbor [remoteaddr | all]} {{address-family} l2vpn-evpn}
next-hop-unchanged

Description
Disables overriding the BGP specification behavior with respect to the next-hop of
routes advertised to EBGP peers.

Switch Engine™ Command Reference Guide for version 32.7.1 1847

Syntax Description Commands

Syntax Description
bgp Specifies BGP.
neighbor Specifies BGP neighbor.
remoteaddr Specifies BGP neighbor IP address.
all Specifies all BGP neighbors.
address-family Specifies address family.
l2vpn-evpn Specifies L2VPN EVPN address-family type.
next-hop-unchanged Enables preserving the BGP next-hop when routes are
advertised to EBGP peers (default is disabled).

Default
Default is that next-hop-unchanged is disabled.

Usage Guidelines
This command disables overriding the specification behavior with respect to the next-
hop of routes advertised to EBGP peers. Specifically, disabling with this command
does not maintain the BGP next-hop for routes advertised to EBGP peers instead
of replacing the next-hop with either the outgoing interface IP address or the local
loopback address.

Example
The following example disables next-hop unchanged for BGP neighbor at 192.168.66.2:
# disable bgp neighbor 192.168.66.2 l2vpn-evpn next-hop-unchanged

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp neighbor capability address-family vpnv4

disable bgp {neighbor} [all | remoteaddr] capability address-family
vpnv4 type [community | ext-community | prefix] {[send | receive |
both]}

1848 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
This command disables neighbor capability for one or all BGP neighbors on a Layer 3
VPN.

Syntax Description
all Specifies that the configuration applies to all neighbors
in the specified address family. If no address family
is specified or if an IPv4 address is specified, the
configuration applies to all IPv4 neighbors.
remoteaddr Specifies the IPv4 address of a BGP neighbor.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.
community Disables neighbor capability for communities.
ext-community Disables neighbor capability for extended communities.
prefix Disables neighbor capability for prefixes.
send Disables neighbor capability filter list send capability.
receive Disables neighbor capability filter list receive capability.
both Disables neighbor capability filter list send and receive
capability.

Default
Disabled.

If the direction is not specified, the both option applies.

Usage Guidelines
Enter this command multiple times to configure the address family, type, and direction
attributes.

Example
The following command disables the neighbor capability feature for a Layer 3 VPN
neighbor:

disable bgp neighbor 1.1.1.1 capability address-family vpnv4

History
This command was first available in ExtremeXOS 15.1.

Switch Engine™ Command Reference Guide for version 32.7.1 1849

Platform Availability Commands

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp neighbor capability

disable bgp neighbor [all | remoteaddr] capability [ipv4-unicast | ipv4-
multicast | ipv6-unicast | ipv6-multicast | vpnv4 | route-refresh |
ipv4-vxlan | l2vpn-evpn]

Description
This command disables an address family or the route refresh capability for one or all
neighbors.

Syntax Description
all Specifies that the configuration applies to all neighbors
in the specified address family. If no address family
is specified or if an IPv4 address is specified, the
configuration applies to all IPv4 neighbors. If an IPv6
address family is specified, the configuration applies to all
IPv6 neighbors.
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor. The
switch uses the IP address format to determine if the
address is an IPv4 or IPv6 address.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.
route-refresh Specifies ROUTE-REFRESH message capabilities.
ipv4-vxlan Specifies IPv4 VXLAN capability.
l2vpn-evpn Specifies L2 VPN EVPN address family.

Default
The following capabilities are enabled by default for IPv4 peers: IPv4 unicast, IPv4
multicast, and route refresh.

The following capabilities are enabled by default for IPv6 peers: route refresh.

1850 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This command applies to the current VR or VRF context.

Note
To inter-operate with Cisco routers for BGP graceful restart, you must enable
IPv4 unicast address capability.
For an IPv6 peer, an IPv6 address family must be specified, because an IPv6
peer does not support IPv4 address families. If no address family is specified
for an IPv6 peer, the default, the IPv4 unicast address family, applies and the
command fails. Similarly an IPv4 peer only supports IPv4 address families and
the command fails if an IPv6 address family is specified.

Example
The following example disables the route-refresh feature for all neighbors:
disable bgp neighbor all capability route-refresh

The following example disables the VPNv4 address family for a neighbor:
disable bgp neighbor 192.168.96.235 capability vpnv4

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Support for IPv4 VXLAN was added in ExtremeXOS 22.3.

Support for L2 VPN EVPN address family was added in ExtremeXOS.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp neighbor originate-default

disable bgp [{neighbor} remoteaddr | neighbor all] {address-family
[ipv4-unicast | ipv4-multicast |ipv6-unicast | ipv6-multicast]}
originate-default

Switch Engine™ Command Reference Guide for version 32.7.1 1851

Description Commands

Description
Removes a default route to a single BGP neighbor or to all BGP neighbors.

Syntax Description
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor.
all Specifies that the configuration applies to all neighbors
in the specified address family. If no address family is
specified, the configuration applies to the IP Unicast family
on all IPv4 peers. If an IPv4 address family is specified,
the configuration applies to all IPv4 neighbors. If an IPv6
address family is specified, the configuration applies to all
IPv6 neighbors.
address-family Specifies an IPv4 or IPv6 unicast or multicast address
family.

Default
Disabled. BGP does not automatically originate and advertise default routes to BGP
neighbors.

If no address family is specified and an IPv4 address is detected, IPv4 unicast is the
default address family.

Note
You must specify an IPv6 address family for an IPv6 peer, because an IPv6
peer does not support the default IPv4 unicast address family. Similarly, if you
specify an IPv4 peer and an address family in the command, an IPv4 address
family must be specified.

Usage Guidelines
This command can be successfully executed at any time, irrespective of whether local
BGP or the remote BGP peer is enabled or disabled.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Example
The following command removes default routes for IPv4 unicast traffic for all BGP peer
nodes:

disable bgp neighbor all originate-default

1852 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.1.3.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp neighbor remove-private-AS-numbers

disable bgp neighbor [remoteaddr | all] remove-private-AS-numbers

Description
Disables the removal of private AS numbers from the AS path in route updates sent to
EBGP peers.

Syntax Description
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor.
all Specifies all IPv4 and IPv6 neighbors.

Default
Disabled.

Usage Guidelines
Private AS numbers are AS numbers in the range 64512 through 65534. You can remove
private AS numbers from the AS path attribute in updates that are sent to external BGP
(EBGP) neighbors. Possible reasons for using private AS numbers include:
• The remote AS does not have officially allocated AS numbers.
• You want to conserve AS numbers if you are multi-homed to the local AS.

Private AS numbers should not be advertised on the Internet. Private AS numbers

can only be used locally within an administrative domain. Therefore, when routes are
advertised out to the Internet, the private AS number can be stripped out from the AS
paths of the advertised routes using this feature.

This command applies to the current VR or VRF context.

Switch Engine™ Command Reference Guide for version 32.7.1 1853

Example Commands

Example
The following command disables the removal of private AS numbers from the AS path
in route updates sent to the EBGP peers:

disable bgp neighbor 192.168.1.17 remove-private-AS-numbers

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp neighbor soft-in-reset

disable bgp neighbor [all | remoteaddr] {address-family [ipv4-unicast |
ipv4-multicast |ipv6-unicast | ipv6-multicast |vpnv4]} soft-in-reset

Description
Disables the soft input reset feature.

Syntax Description
all Specifies that the configuration applies to all neighbors
in the specified address family. If no address family is
specified, the configuration applies to the IP Unicast family
on all IPv4 peers. If an IPv4 address family is specified,
the configuration applies to all IPv4 neighbors. If an IPv6
address family is specified, the configuration applies to all
IPv6 neighbors.
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.

1854 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Disabled.

If no address family is specified and an IPv4 address is detected, IPv4 unicast is the
default address family.

Usage Guidelines
Disabling the soft input reset feature can potentially limit the amount of system
memory consumed by the RIB-in.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
For an IPv6 peer, an IPv6 address family must be specified, because an IPv6
peer does not support IPv4 address families. If no address family is specified
for an IPv6 peer, the default, the IPv4 unicast address family, applies and the
command fails. Similarly an IPv4 peer only supports IPv4 address families and
the command fails if an IPv6 address family is specified.

Before you can change the configuration with this command, you must disable BGP,
and you must disable the corresponding BGP neighbor session using the following
command:
disable bgp neighbor [remoteaddr | all]

To disable this feature on Layer 3 VPNs, you must do so in the context of the MPLS-
enabled VR; this feature is not supported for BGP neighbors on the CE (VRF) side of the
PE router.

This command applies to the current VR or VRF context.

Example
The following command disables the soft input reset for the neighbor at 192.168.1.17:

disable bgp neighbor 192.168.1.17 soft-in-reset

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Switch Engine™ Command Reference Guide for version 32.7.1 1855

Platform Availability Commands

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp neighbor

disable bgp neighbor [remoteaddr | all]

Description
Disables the BGP session.

Syntax Description
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor.
all Specifies all IPv4 and IPv6 neighbors.

Default
Disabled.

Usage Guidelines
After the session has been disabled, all the information in the route information base
(RIB) for the neighbor is flushed.

This command applies to the current VR or VRF context.

Example
The following command disables the BGP session:

disable bgp neighbor 192.168.1.17

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

1856 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp peer-group capability address-family vpnv4

disable bgp peer-group peer-group-name capability address-family vpnv4
type [community | ext-community] {[send | receive | both]}

Description
This command disables peer-group capability for a peer group on a Layer 3 VPN.

Syntax Description
remoteaddr Specifies the IPv4 address of a BGP neighbor.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.
community Disables peer-group capability for communities.
ext-community Disables peer-group capability for extended communities.
send Disables peer-group capability filter list send capability.
receive Disables peer-group capability filter list receive capability.
both Disables peer-group capability filter list send and receive
capability.

Default
Disabled.

If the direction is not specified, the both option applies.

Usage Guidelines
Enter this command multiple times to configure the address family, type, and direction
attributes.

By specifying the address-family, type and direction in multiple commands, you can
better control the actual ORF capabilities sent to a peer. In the case where a particular
address-family is explicitly disabled for a peering, the ORF capability configuration for
that address-family is ignored and not sent.

ORF capabilities can only be enabled for IPv4 neighbors, and only for IPv4 address
families. If configured for IPv6 neighbors or address-families the command is rejected
with the following error message:
Outbound-route-filtering not supported for IPv6 neighbors

Switch Engine™ Command Reference Guide for version 32.7.1 1857

Example Commands

or
Outbound-route-filtering not supported for address family <addr_family>

Example
The following command disables the peer-group capability feature for a Layer 3 VPN
peer group:

disable bgp peer-group vpn capability address-family vpnv4

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature,see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp peer-group capability

disable bgp peer-group peer-group-name capability [ipv4-unicast | ipv4-
multicast |ipv6-unicast | ipv6-multicast |vpnv4 |route-refresh]

Description
This command disables an address family or the route-refresh capability for a peer
group.

Syntax Description
peer-group-name Specifies a peer group.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.
route-refresh Specifies ROUTE-REFRESH message capabilities.

Default
All capabilities are enabled for IPv4 peer groups by default.

1858 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Only the route refresh capability is enabled for peer groups by default.

Usage Guidelines
This command applies to the current VR or VRF context.

Note
To inter-operate with Cisco routers for BGP graceful restart, you must enable
IPv4 unicast address capability.

Example
The following command disables the route-refresh feature for the peer group outer:

disable bgp peer-group outer route-refresh

The following command disables the VPNv4 address family for a peer group:

disable bgp peer-group backbone capability vpnv4

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp peer-group next-hop-unchanged

disable bgp peer-group peer-group-name 12vpn-evpn next-hop-unchanged

Description
Disables a peer group and with respect to the next-hop of routes advertised to EBGP
peers.

Switch Engine™ Command Reference Guide for version 32.7.1 1859

Syntax Description Commands

Syntax Description
peer-group-name Specifies a peer group.
12vpn-evpn Specifies L2VPN EVPN address-family type.
next-hop-unchanged Enables preserving the BGP next-hop when routes are
advertised to EBGP peers (default is disabled).

Default
Default is that next-hop-unchanged is disabled.

Usage Guidelines
This command disables overriding the specification behavior with respect to the next-
hop of routes advertised to EBGP peers. Specifically, disabling with this command does
not maintain the BGP next-hop for routes advertised to EBGP peers.

Example
The following command disables next-hop unchanged for the BGP peer group pg2 :

disable bgp peer-group pg2 l2vpn-evpn next-hop-unchanged

History
This command was first available in ExtremeXOS 31.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp peer-group originate-default

disable bgp {peer-group} peer-group-name {address-family [ipv4-unicast |
ipv4-multicast |ipv6-unicast | ipv6-multicast]} originate-default

Description
Removes default routes to all BGP neighbors in the specified peer group.

1860 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
peer-group-name Specifies the BGP peer group for which the default routes
are removed.
address-family Specifies an IPv4 or IPv6 unicast or multicast address
family.

Default
Disabled. BGP does not automatically originate and advertise default routes to BGP
neighbors.

Usage Guidelines
This command can be successfully executed at any time, irrespective of whether local
BGP or the remote BGP peers are enabled or disabled.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
If the specified peer group contains IPv6 peers, it is an IPv6 peer group and you
must specify an IPv6 address-family. When the specified peer group is an IPv6
peer group, this command fails if no address family is specified or if an IPv4
address-family is specified. This command also fails if an IPv6 address family is
specified for an IPv4 peer-group.

Example
The following command removes default routes for IPv4 unicast traffic for all nodes in
the test BGP peer group:

disable bgp peer-group test originate-default

History
This command was first available in ExtremeXOS 12.2.2.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 1861

disable bgp peer-group remove-private-AS-numbers Commands

disable bgp peer-group remove-private-AS-numbers

disable bgp peer-group peer-group-name remove-private-AS-numbers

Description
Disables the removal of private autonomous system (AS) numbers from the AS_Path
attribute of outbound updates.

Syntax Description
peer-group-name Specifies a peer group.

Default
Disabled.

Usage Guidelines
This command applies to the current VR or VRF context.

Example
The following command disables the BGP peer group outer from removing private AS
numbers:

disable bgp peer-group outer remove-private-AS-numbers

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp peer-group soft-in-reset

disable bgp peer-group peer-group-name {address-family [ipv4-unicast |
ipv4-multicast |ipv6-unicast | ipv6-multicast]} soft-in-reset

1862 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Disables the soft input reset feature.

Syntax Description
peer-group-name Specifies a peer group.
address-family Specifies an IPv4 or IPv6 unicast or multicast address
family.

Default
Disabled.

If no address family is specified, IPv4 unicast is the default.

Usage Guidelines
Disabling the soft input reset feature can potentially limit the amount of system
memory consumed by the RIB-in.

After you enter this command, the switch automatically disables and enables all
neighbors in the peer group before the change takes effect.

This command applies to the current VR or VRF context.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
If the specified peer group contains IPv6 peers, it is an IPv6 peer group and you
must specify an IPv6 address-family. When the specified peer group is an IPv6
peer group, this command fails if no address family is specified or if an IPv4
address-family is specified. This command also fails if an IPv6 address family is
specified for an IPv4 peer-group.

Example
The following command disables the soft input reset feature:

disable bgp peer-group outer soft-in-reset

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Switch Engine™ Command Reference Guide for version 32.7.1 1863

Platform Availability Commands

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bgp peer-group

disable bgp peer-group peer-group-name

Description
Disables a BGP peer group and all its BGP neighbors.

Syntax Description
peer-group-name Specifies a peer group.

Default
Disabled.

Usage Guidelines
This command applies to the current VR or VRF context.

Example
The following command disables the BGP peer group outer:

disable bgp peer-group outer

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

1864 Switch Engine™ Command Reference Guide for version 32.7.1

Commands disable bootp vlan

disable bootp vlan

disable bootp {ipv4} | dhcp {ipv4 | ipv6} ] vlan [vlan | all]

Description
Disables the generation and processing of BOOTP packets on a VLAN to obtain an IP
address for the VLAN from a BOOTP server.

Syntax Description
bootp Disable BOOTP client.
ipv4 IPv4 client. (default)
dhcp Disable DHCP client.
ipv6 IPv6 client.
vlan Specify VLAN to configure BOOTP/DHCP client for.
vlan Specifies a VLAN name.
all Disables all VLANs.

Default
Disabled.

Usage Guidelines
If the IPv4/IPv6 keyword is not specified, IPv4 is taken as default for the mentioned
VLAN.

Example
The following example disables the generation and processing of BOOTP packets on a
VLAN named accounting:
disable bootp vlan accounting

History
This command was first available in ExtremeXOS 10.1.

The ipv4 and ipv6 keywords were added in ExtremeXOS 15.6.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1865

disable bootprelay ipv6 Commands

disable bootprelay ipv6

disable bootprelay { ipv4 | ipv6} {vlan vlan_name} | { vr vr_name} | all
{vr vr_name}

Description
Disables BOOTPRelay v6. This can be done across the VR or on a per VLAN basis.

Syntax Description
bootprelay BOOTP Relay service.
IPv4 DHCPv4 BOOTP Relay service.
IPv6 DHCPv6 BOOTP Relay service.

vlan_name Specifies the VLAN name

vr_name Specifies the vrtual router name.

all Disables all VLANs.

Default
N/A.

Usage Guidelines
Use this command to disable BOOTP Relay across the VR or on a per VLAN basis.

Example
The following command displays IPv6 bootprelay information:
* switch # show bootprelay ipv6
BOOTP Relay: DHCPv6 BOOTP Relay enabled on virtual router "VR-Default"
Include Secondary : Disabled
BOOTP Relay Servers :2001::1
3001::1
4001::1
VLAN "Default" :
BOOTP Relay : Enabled
Interface ID : 3999 (Default)
Remote ID : 00:04:96:52:08:76 (Default)
Prefix Snooping : Disabled
VLAN "v1" :
BOOTP Relay : Enabled
Interface ID : Interface-Sring1
Remote ID :
* switch #

1866 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable bootprelay
disable bootprelay {{vlan} [vlan_name] | {{vr} vr_name} | all [{vr}
vr_name]}

Description
Disables the BOOTP relay function on one or all VLANs for the specified VR or VRF.

Syntax Description
vlan_name Specifies a single VLAN on which to disable the BOOTP
relay feature.
vr_name Specifies a single VR on which to disable the BOOTP relay
feature.
all Specifies that BOOTP relay is to be disabled for all VLANs
on the specified VR or VRF.

Default
The BOOTP relay function is disabled on all VLANs and VRs.

Usage Guidelines
Because VLAN names are unique on the switch, you can specify only a VLAN name
(and omit the VR name) to disable BOOTP relay. When you disable BOOTP relay on a
VR or VRF, BOOTP relay is disabled on all VLANs for that VR. If you enter the command
without specifying a VLAN or a VR, the functionality is disabled for all VLANs in the
current VR context.

Example
The following command disables the forwarding of BOOTP requests on all VLANs in the
current VR context:

disable bootprelay

Switch Engine™ Command Reference Guide for version 32.7.1 1867

History Commands

You can use either of the following commands to disable the forwarding of BOOTP
requests on VLAN unit2:

disable bootprelay unit2

disable bootprelay vlan unit2

You can use any one of the following commands to disable the forwarding of BOOTP
requests on all VLANs in VR zone3:

disable bootprelay zone3

disable bootprelay vr zone3
disable bootprelay all zone3
disable bootprelay all vr zone3

History
This command was first available in ExtremeXOS 10.1.

The capability to disable BOOTP relay on a VLAN was added in ExtremeXOS 12.4.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable cdp ports

disable cdp ports [port_list | all]

Description
Disables CDP on a port.

Syntax Description
port_list Specifies the list of ports to disable CDP on.
all Specifies that you disable CDP on all ports.

Default
Enabled.

Usage Guidelines

Example
The following command disables CDP on all ports on the switch:

disable cdp ports all

1868 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

disable cfm segment frame-delay measurement

disable cfm segment frame-delay measurement segment_name {mep mep_id}

Description
Stops DMM frame transmission.

Syntax Description
segment_name An alpha numeric string identifying the segment name.
mep mep_id Specifies the maintenance association End Point that
helps trigger a particular MEP level session on that
segment. The range is 1-8191. The default is all MEPs on the
segment.

Default
N/A.

Usage Guidelines
Use this command to stop transmission of DMM frames for a selected CFM segment.
This command stops transmission that has been triggered using the command enable
cfm segment frame-delay measurement.

This stops the transmission for both continuous and on-demand mode.

Example
The following command stops frame transmission on the CFM segment segment-first:

disable cfm frame-delay measurement segment-first

History
This command was first available in ExtremeXOS 12.3.

Switch Engine™ Command Reference Guide for version 32.7.1 1869

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

disable cfm segment frame-loss measurement mep

This stops the transmission for both continuous and on-demand mode.
disable cfm segment frame-loss measurement segment_name mep mep_id

Description
This command stops the transmission of the LMM frames for a particular cfm segment.

Syntax Description
segment_name An alpha numeric string identifying the segment name.

Default
N/A.

Usage Guidelines
This below command stops the transmission of the LMM frames for a particular cfm
segment. This stops the transmission for both continuous and on-demand mode.

Example

disable cfm segment cs2 frame-loss measurement mep 3

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable clear-flow
disable clear-flow

Description
Disable the CLEAR-Flow agent.

1870 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
This command has no arguments or variables.

Default
CLEAR-Flow is disabled by default.

Usage Guidelines
When the CLEAR-Flow agent is disabled, sampling stops and the and all rules are left
in the current state. It will not reset actions that were taken while CLEAR-Flow was
enabled.

Example
The following example disables CLEAR-Flow on the switch:

disable clear-flow

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable cli history expansion

disable cli history expansion {session | permanent}

Description
Disables command line history expansion.

Syntax Description
cli Command line interface settings.
history Command history settings.
expansion Substitute occurrences of '!n:w' with the corresponding line
'n' and word 'w+1' from command history (default disabled).
session Configures history expansion for this CLI session only
(default ).
permanent Configures history expansion for this CLI session, and all
future sessions.

Switch Engine™ Command Reference Guide for version 32.7.1 1871

Default Commands

Default
CLI history expansion is disabled by default.

Usage Guidelines
To view the status of CLI history expansion on the switch, use the show management
command.

Example
The following command disables CLI history expansion for this session and all future
sessions:
disable cli history expansion permanent

History
This command was first available in ExtremeXOS 32.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable cli prompting

disable cli prompting

Description
Disables CLI prompting for the session.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
Use this command to have all CLI user prompts automatically continue with the default
answer.

This applies to the current session only.

To re-enable CLI prompting for the session, use the enable cli prompting command.

1872 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

To view the status of CLI prompting on the switch, use the show management
command.

Example
The following command disables prompting:

disable cli prompting

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

disable cli refresh

disable cli refresh {session | permanent}

Description
This command allows you to disable the default auto refresh behavior. The auto refresh
behavior is used for some "show" commands.

Syntax Description
session Use refresh setting for this CLI session only.
permanent Use refresh setting for this CLI session, and all future
sessions (default).

Default
Permanent.

Usage Guidelines
Use this command to disable the show command auto refresh or add the no-refresh
option to the individual command. Since the default for the session may be set to
disable cli refresh, the commands that take a no-refresh option now allow for
the alternate refresh case if you want to selectively enable a refreshed display.

The permanent option is only valid for admin level users.

Switch Engine™ Command Reference Guide for version 32.7.1 1873

Example Commands

Example
The following is sample output showing the CLI refresh information.
# show management
CLI idle timeout : Enabled (20 minutes)
CLI max number of login attempts : 3
CLI max number of sessions : 8
CLI paging : Enabled (this session only)
CLI space-completion : Disabled (this session only)
CLI configuration logging : Disabled
CLI scripting : Disabled (this session only)
CLI scripting error mode : Ignore-Error (this session only)
CLI persistent mode : Persistent (this session only)
CLI prompting : Enabled (this session only)
CLI refresh : Enabled (this session only)
Telnet access : Enabled (tcp port 23 vr all)
: Access Profile : not set
SSH Access : ssh module not loaded.
Web access : Enabled (tcp port 80)
: Access Profile : not set

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable cli scripting

disable cli scripting {permanent}

Description
Disables the use of the CLI scripting commands. When used without the permanent
option, it disables the CLI scripting commands for the current session and is a per
session setting. The permanent option affects new sessions only and is saved across
switch reboots.

Syntax Description
permanent Disables the CLI scripting commands for new sessions
only; this setting is saved across switch reboots.

Default
CLI scripting commands are disabled by default.

1874 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
You can disable the CLI scripting commands for the session only after this feature has
been enabled.

Example
The following command disables the CLI scripting commands for the current session:
disable cli scripting

History
This command was first available in ExtremeXOS 11.6.

The permanent option was added in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

disable cli scripting output

disable cli scripting output

Description
Disables the display of CLI commands and responses during script operation.

Syntax Description
This command has no arguments or variables.

Default
During interactive script sessions: CLI scripting output enabled.

During load script command operation: CLI scripting output disabled.

Usage Guidelines
When the CLI scripting output is disabled, the only script output displayed is the show
var {varname} command and its output. All other commands and responses are not
displayed.

When the load script filename {arg1} {arg2} ... {arg9} command is entered,
the software disables CLI scripting output until the script is complete, and then CLI
scripting output is enabled. Use the enable cli scripting output and disable cli scripting
output commands to control what a script displays when you are troubleshooting.

Switch Engine™ Command Reference Guide for version 32.7.1 1875

Example Commands

Example
The following command disables CLI scripting output for the current session or until
the enable cli scripting output command is entered:
disable cli scripting output

History
This command was first available in ExtremeXOS 12.1.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable cli space-completion

disable cli space-completion

Description
Disables the ExtremeXOS feature that completes a command automatically with the
spacebar. If you disable this feature, the [Tab] key can still be used for auto-completion.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
None.

Example
The following command disables using the spacebar to automatically complete a
command:

disable cli space-completion

History
This command was first available in ExtremeXOS 10.1.

1876 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

disable cli write-permission

disable cli write-permission

Description
Disables access to the full CLI on 4120 Series and 4220 Series switches.

Syntax Description
N/A.

Default
N/A.

Usage Guidelines
Use this command to disable access to the full CLI on 4120 Series and 4220 Series
switches.

Example
The following command disables access to the full CLI:

disable cli write-permission

History
This command was first available in Switch Engine 32.7.1.

Platform Availability
This command is available the 4120 Series and 4220 Series platforms are running
Switch Engine.

disable cli config-logging

disable cli config-logging

Description
Disables the logging of CLI configuration commands to the switch Syslog.

Switch Engine™ Command Reference Guide for version 32.7.1 1877

Syntax Description Commands

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Every command is displayed in the log window which allows you to view every
command executed on the switch.

The disable cli-config-logging command discontinues the recording of all switch

configuration changes and their sources that are made using the CLI via Telnet or the
local console. After you disable configuration logging, no further changes are logged to
the system log.

To view the status of configuration logging on the switch, use the show management
command. The show management command displays information about the switch
including the enable/disable state for configuration logging.

Example
The following command disables the logging of CLI configuration command to the
Syslog:
disable cli config-logging

History
This command was first available in ExtremeXOS 11.0.

The cli-config-logging keyword was split into cli config-logging in ExtremeXOS

30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable cli-config-logging expansion

disable cli-config-logging expansion

Description
When CLI logging is enabled, disables showing fully expanded commands, rather than
abbreviations, in the log.

1878 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
expansion Disables command expansion in logs.

Default
Expansion is disabled by default.

Usage Guidelines
When CLI logging is enabled (see enable cli config-logging on page 2189), this
command disables showing fully expanded commands, rather than abbreviations, in
the log.

For example, with command expansion disabled, a command entered in abbreviated

format, such as
config por 33 auto of spee 10000 duplex ful

appears in the log exactly as it was entered in the command line.

If command expansion is enabled, the command appears in the log in expanded form:
configure ports 33 auto off speed 10000 duplex full

To see the status of command expansion, use show management on page 2984.

Example
The following example turns off command expansion:
disable cli-config-logging expansion

History
This command was first available in ExtremeXOS 22.5.

Platform Availability
This command is available on all Universal switches supported in this document.

disable cli paging

disable cli paging {session | permanent}

Description
Disables pausing at the end of each show screen.

Switch Engine™ Command Reference Guide for version 32.7.1 1879

Syntax Description Commands

Syntax Description
session Disables viewing output of commands one screenful at a
time for the current user session only (default).
permanent Disables viewing output of commands one screenful at a
time permanently (setting persists after rebooting).

Default
Clipaging is enabled per session by default.

Usage Guidelines
The command line interface (CLI) is designed for use in a VT100 environment.

Most show command output pauses when the display reaches the end of a page. This
command disables the pause mechanism and allows the display to print continuously
to the screen.

To view the status of CLI paging on the switch, use the show management command.
The show management command displays information about the switch including the
enable/disable state for CLI paging.

Example
The following command disables cli paging permanently (persists after rebooting) and
allows you to print continuously to the screen:
disable cli paging permanent

History
This command was first available in ExtremeXOS 10.1.

The session and permanent options were added in ExtremeXOS 22.5.

The clipaging option was split into two keywords in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable cpu-monitoring
disable cpu-monitoring

Description
Disables CPU monitoring on the switch.

1880 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
This command has no arguments or variables.

Default
CPU monitoring is enabled and occurs every 5 seconds.

Usage Guidelines
Use this command to disable CPU monitoring on the switch.

This command does not clear the monitoring interval. Therefore, if you altered the CPU
monitoring interval, this command does not return the CPU monitoring interval to
5 seconds. To return to the default frequency level, use the enable cpu-monitoring
{interval seconds} {thresholdpercent} and specify 5 for the interval.

Example
The following command disables CPU monitoring on the switch:

disable cpu-monitoring

History
This command was first available in an ExtremeXOS 11.2.

The default value shown began in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable dhcp ports vlan

disable dhcp ports port_list vlan vlan_name

Description
Disables DHCP on a specified port in a VLAN.

Syntax Description
port_list Specifies the ports for which DHCP should be disabled.
vlan_name Specifies the VLAN on whose ports DHCP should be
disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1881

Default Commands

Default
N/A.

Usage Guidelines
None.

Example
The following command disables DHCP for port 6:9 in VLAN corp:

disable dhcp ports 6:9 vlan corp

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

disable dhcp vlan

disable dhcp [ipv4 | ipv6] vlan [vlan_name | all]

Description
Disables the generation and processing of DHCP packets on a VLAN to obtain an IP
address for the VLAN from a DHCP server.

Syntax Description
vlan_name Specifies a VLAN name.
all Specifies all VLANs.

Default
If the IPv4/IPv6 keyword is not specified, IPv4 is taken as default for the mentioned
VLAN.

Usage Guidelines
None.

1882 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command disables the generation and processing of DHCP packets on a
VLAN named accounting:
disable dhcp vlan accounting

disable dhcp ipv6 vlan accounting

History
This command was first available in ExtremeXOS 10.1.

This command was modified in ExtremeXOS 15.6 to include the ipv4 and ipv6
keywords

Platform Availability
This command is available on all Universal switches supported in this document.

disable diffserv examination ports

disable diffserv examination ports [port_list | all]

Description
Disables the examination of the DiffServ field in an IP packet.

Syntax Description
port_list Specifies a list of ports or slots and ports to which the
parameters apply.
all Specifies that DiffServ examination should be disabled for
all ports.

Default
Disabled.

Usage Guidelines
The diffserv examination feature is disabled by default.

Example
The following command disables DiffServ examination on the specified ports:

disable diffserv examination ports 5:3,5:5,6:6

Switch Engine™ Command Reference Guide for version 32.7.1 1883

History Commands

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable diffserv replacement ports

disable diffserv replacement ports [port_list | all] {{qosprofile}
qosprofile}

Description
Disables the replacement of DiffServ code points in packets transmitted by the switch.

Syntax Description
port_list Specifies a list of ports or slots and ports on which Diffserv
replacement will be disabled.
all Specifies that DiffServ replacement should be disabled for
all ports.
qosprofile Disables DiffServ on a QoS profile.

Note: If this option is not specified it will disable DiffServ

replacement on all qosprofiles.

qosprofile Specifies the QoS profile number.

Default
The DiffServ replacement feature is disabled by default.

Usage Guidelines
N/A.

Example
The following example disables DiffServ replacement on selected ports:
disable diffserv replacement ports 1:2,5:5,6:6

History
This command was first available in ExtremeXOS 11.0.

The qosprofile keyword and qosprofile variable were added in ExtremeXOS 16.1.

1884 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

disable dns cache

disable dns cache {{vlan} vlan_name | {vr} vr_name}

Description
Disables the Domain Name System (DNS) cache on a virtual router (VR) or VLAN.

Syntax Description
dns Domain name system.
cache Specifies disabling the DNS cache.
vlan Specifies disabling DNS cache on a VLAN.
vlan_name Specifies the VLAN name.
vr Specifies disabling DNS cache on a VR.
vr_name Specifies the VR name. If not specified, the VR of the
current command context is used.

Default
If no VR name is specified, the VR of the current command context is used.

Usage Guidelines
To view the DNS cache configuration, use the command show dns cache
configuration {{vlan} vlan_name | {vr} vr_name}

Example
The following example disables DNS cache on VLAN "VLAN1":
# disable dns cache vlan VLAN1

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1885

disable dns cache analytics Commands

disable dns cache analytics

disable dns cache analytics {{vr} vr_name}

Description
Disables Domain Name System (DNS) analytics.

Syntax Description
dns Domain Name System.
cache Specifies DNS cache.
analytics Specifies disabling DNS cache analytics. Analytics provides
more insight into DNS queries when DNS cache is enabled.
Default is disabled.
vr Specifies disabling DNS analytics on a VR.
vr_name Specifies the VR name. If not specified, the VR of the
current command context is used.

Default
DNS analytics is disabled by default.

Usage Guidelines
To enable DNS analytics, use the command enable dns cache analytics {{vr}
vr_name}.

Example
The following example disables DNS analytics on VR "vr1":
# disables dns cache analytics vr vr1

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable dns cache dnssec

disable dns cache {dnssec}

1886 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Disables validating DNS replies and cache data for DNSSEC (Domain Name System
Security Extensions).

Syntax Description
dnssec Disables validating DNS replies and cache data for
DNSSEC. Default is disabled.

Default
By default, DNSSEC is disabled.

Usage Guidelines
You cannot disable DNSSEC if DNS cache is enabled.

Example
The following example disables DNSSEC:
# disable dns cache dnssec

History
This command was first available in ExtremeXOS 31.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable dos-protect
disable dos-protect

Description
Disables denial of service protection.

Syntax Description
There are no arguments or variables for this command.

Default
Default is disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1887

Usage Guidelines Commands

Usage Guidelines
None.

Example
The following command disables denial of service protection:

disable dos-protect

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable dot1p examination inner-tag ports

disable dot1p examination inner-tag ports [all | port_list]

Description
Used with VMANs, and instructs the switch to examine the 802.1p value of the outer
tag, or added VMAN header, to determine the correct egress queue on the egress port.

Syntax Description
all Specifies all ports.
port_list Specifies a list of ports or slots and ports.

Default
Disabled.

Usage Guidelines
Use this command to instruct the system to refer to the 802.1p value contained in the
outer tag, or VMAN encapsulation tag, when assigning the packet to an egress queue
at the egress port of the VMAN.

Note
See “Quality of Service” in the Switch Engine 32.7.1 User Guide for information
on configuring and displaying the current 802.1p and DiffServ configuration for
the inner, or original header, 802.1p value.

1888 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example uses the 802.1p value on the outer tag, or VMAN encapsulation,
to put the packet in the egress queue on the VMAN egress port:
disable dot1p examination inner-tag port 3:2

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable dot1p examination ports

disable dot1p examination ports [port_list | all]

Description
Prevents examination of the 802.1p priority field as part of the QoS configuration.

Syntax Description
port_list Specifies a list of ports or slots and ports.
all Specifies that dot1p replacement should be disabled for all
ports.

Default
Enabled.

Usage Guidelines
The 802.1p examination feature is enabled by default. To free ACL resources, disable
this feature whenever another QoS traffic grouping is configured. (For information on
available ACL resources, see ACLs in the Switch Engine 32.7.1 User Guide)

Note
If you disable this feature when no other QoS traffic grouping is in effect, 802.1p
priority enforcement of 802.1q tagged packets continues.

SummitStack Only.
Dot1p examination cannot be disabled for priority values 5 and 6. However, the
precedence of the examination is lowered so that all other traffic grouping precedences

Switch Engine™ Command Reference Guide for version 32.7.1 1889

Example Commands

are higher. The mappings you configure with the configure dot1p type command
remain in effect.

As part of the COS global status enable action, COS will automatically enable dot1p
examination on all ports. An internal status will track this event. The disable dot1p
examination command will print an additional warning message in the event that COS
was configured via SNMP. If the COS global status is disabled via SNMP, the internal
status will be cleared and the additional WARNING message will not be displayed.

Example
The following command disables 802.1p value examination on ports 1 to 5:
disable dot1p examination ports 1-5

History
This command was available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

disable dot1p replacement ports

disable dot1p replacement ports [port_list | all] {{qosprofile}
qosprofile}

Description
Disables the ability to overwrite 802.1p priority values for a given set of ports.

Syntax Description
port_list Specifies a list of ports or slots and ports to which the
parameters apply.
all Specifies that 802.1p replacement should be disabled for all
ports.
qosprofile Disables 802.1p on a QoS profile.

Note: If this option is not specified it will disable dot1p

replacement for all qosprofiles.

qosprofile Specifies the QoS profile number.

Default
N/A.

1890 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
The dot1p replacement feature is disabled by default.

Beginning with ExtremeXOS version 11.4 on the 1 Gigabit Ethernet ports, 802.1p
replacement always happens when you configure the DiffServ traffic grouping.

Example
The following example disables 802.1p value replacement on all ports:
disable dot1p replacement ports all

History
This command was first available in ExtremeXOS 11.0.

The qosprofile keyword and qosprofile variable were added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable eaps
disable eaps {name}

Description
Disables the EAPS function for a named domain or for an entire switch.

Syntax Description
name Specifies the name of an EAPS domain.

Default
Disabled for the entire switch.

Usage Guidelines
To prevent loops in the network, the switch displays by default a warning message
and prompts you to disable EAPS for a specific domain or the entire switch. When
prompted, do one of the following:
• Enter y to disable EAPS for a specific domain or the entire switch.
• Enter n or press [Return] to cancel this action.

Switch Engine™ Command Reference Guide for version 32.7.1 1891

Example Commands

If you have considerable knowledge and experience with EAPS, you might find the
EAPS loop protection warning messages unnecessary. For more information, see the
configure eaps config-warnings off.

Example
The following command disables the EAPS function for entire switch:

disable eaps

The switch displays the following warning message and prompts you to confirm this
action:
WARNING: Disabling EAPS on the switch could cause a loop in the network!
Are you sure you want to disable EAPS? (y/n) Enter y to disable EAPS on the switch.
Enter n to cancel this action.

The following command disables the EAPS function for the domain eaps-1:

disable eaps eaps-1

The switch displays the following warning message and prompts you to confirm this
action:
WARNING: Disabling specific EAPS domain could cause a loop in the
network!

Are you sure you want to disable this specific EAPS domain? (y/n)
Enter y to disable the EAPS function for the specified domain. Enter n to cancel this
action.

History
This command was first available in ExtremeXOS 11.0.

The interactive messages were added in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

disable edp ports

disable edp ports [ports | all]

Description
Disables the EDP on one or more ports.

1892 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
ports Specifies one or more ports or slots and ports, including
management port.
all Specifies all ports on the switch, including management
port.

Default
Enabled.

Usage Guidelines
You can use the disable edp ports command to disable EDP on one or more ports
when you no longer need to locate neighbor Extreme Networks switches.

Example
The following command disables EDP on ports 2 and 4 on a switch:

disable edp ports 2,4

History
This command was first available in ExtremeXOS 10.1.

Ability to disable EDP on management port was added in ExtremeXOS 30.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable elrp-client
disable elrp-client

Description
Disables the ELRP client (standalone ELRP) globally.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1893

Usage Guidelines Commands

Usage Guidelines
This command disables the ELRP globally so that none of the ELRP VLAN
configurations take effect.

The ELRP client must be enabled globally in order for it to work on any VLANs. Use the
enable elrp-client command to globally enable the ELRP client.

Example
The following command globally disables the ELRP client:

disable elrp-client

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable elsm ports

disable elsm ports port_list

Description
Disables the ELSM protocol for the specified ports.

Syntax Description
port_list Specifies the port or ports for which ELSM should be
disabled.

Default
The default is disabled.

Usage Guidelines
ELSM works between two connected ports, and each ELSM instance is based on a
single port. When you disable ELSM on the specified ports, the ports no longer send
ELSM hello messages to their peers and no longer maintain ELSM states.

When you enable ELSM on the specified ports, the ports participate in ELSM with their
peers and begin exchanging ELSM hello messages. To enable ELSM, use the following
command:

1894 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

enable elsm ports port_list

For more information about ELSM, see the command enable elsm ports.

Example
The following command disables ELSM for slot 2, ports 1-2 on the switch:

disable elsm ports 2:1-2:2

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

disable elsm ports auto-restart

disable elsm ports port_list auto-restart

Description
Disable ELSM automatic restart for the specified ports.

Syntax Description
port_list Specifies the port or ports for which ELSM auto-restart is
being disabled.

Default
The default is enabled.

Usage Guidelines
If you disable ELSM automatic restart, the ELSM-enabled port can transition between
the following states multiple times: Up, Down, and Down-Wait. When the number of
state transitions is greater than or equal to the sticky threshold, the port enters and
remains in the Down-Stuck state.

The ELSM sticky threshold specifies the number of times a port can transition between
the Up and Down states. The sticky threshold is not user-configurable and has a default
value of 1. That means a port can transition only one time from the Up state to the
Down state. If the port attempts a subsequent transition from the Up state to the Down
state, the port enters the Down-Stuck state.

Switch Engine™ Command Reference Guide for version 32.7.1 1895

Enabling Automatic Restart Commands

If the port enters the Down-Stuck state, you can clear the stuck state and have the port
enter the Down state by using one of the following commands:

clear elsm ports port_list auto-restart

enable elsm ports port_list auto-restart

If you use the enable elsm ports command, automatic restart is always enabled; you
do not have to use the clear elsm ports command to clear the stuck state.

Enabling Automatic Restart

To enable ELSM automatic restart, you must explicitly configure this behavior on each
ELSM-enabled port. If you enable ELSM automatic restart and an ELSM-enabled port
goes down, ELSM bypasses the Down-Stuck state and automatically transitions the
down port to the Down state, regardless of the number of times the port goes up and
down.

To enable automatic restart, use the following command:

enable elsm ports port_list auto-restart

If you configure automatic restart on one port, we recommend that you use the same
configuration on its peer port.

Example
The following example disables ELSM automatic restart for slot 2, ports 1-2 on the
switch:
disable elsm ports 2:1-2:2 auto-restart

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

disable erps
disable erps

Description
Disable ERPS/ITU-T G.8032 standard).

1896 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
N/A.

Default
N/A.

Usage Guidelines
Use this command to disable ERPS.

Example
The following command disables ERPS:

disable erps

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

disable erps block-vc-recovery

disable erps ring-name block-vc-recovery

Description
Disables the ability on ERPS rings to block virtual channel recovery to avoid temporary
loops .

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
block-vc-recovery Block on Virtual channel recovery.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 1897

Usage Guidelines Commands

Usage Guidelines
Use this command to disable the ability on ERPS rings to block on virtual channel
recovery to avoid temporary loops. This is done on interconnected nodes for sub-ring
configurations.

Example
The following example disables a virtual channel recovery block on “ring1”:

diable erps ring1 block-vc-recovery

History
This command was first available in ExtremeXOS 15.13.

Platform Availability
This command is available on all platforms that are running ExtremeXOS.

disable erps ring-name

disable erps ring-name

Description
Disable an existing ERPS ring/sub-ring.

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.

Default
N/A.

Usage Guidelines
Use this command to disable an existing ERPS ring/sub-ring.

Example
The following example disables an existing ERPS ring identified as “ring1”:

disable erps ring1

1898 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

disable erps topology-change

disable erps ring-name topology-change

Description
Disable the ability of ERPS to set the topology-change bit to send out Flush events.

Syntax Description
ring-name Alphanumeric string that identifies the ERPS sub-ring.
topology-change Topology change propagation control.

Default
N/A.

Usage Guidelines
Use this command to disable the ability of ERPS to set the topology-change bit to send
out Flush events.

Example
The following example disables the ability to set the topology-change bit for an existing
ERPS sub-ring identified as “ring1”:

disable erps ring1 topology-change

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

Switch Engine™ Command Reference Guide for version 32.7.1 1899

disable esrp Commands

disable esrp
disable esrp {esrpDomain}

Description
Disables ESRP for a named domain or for the entire switch.

Syntax Description
esrpDomain Specifies the name of an ESRP domain.

Default
Disabled for the entire switch.

Usage Guidelines
If you do not specify a domain name, ESRP is disabled for the entire switch.

If you disable an ESRP domain, the domain enters the Aware state, the switch notifies
its neighbor that the ESRP domain is going down, and the neighbor clears its neighbor
table. If the master switch receives this information, it enters the neutral state to
prevent a network loop. If the slave switch receives this information, it enters the
neutral state.

Example
The following command disables ESRP for the entire switch:
disable esrp

The following command disables ESRP for the domain esrp1:

disable esrp esrp1

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all platforms that use the Edge, Advanced Edge, or
Core license. For information on the licenses available for each platform, see the
Switch Engine 32.7.1 Feature License Requirements document.

disable ethernet oam ports link-fault-management

disable ethernet oam ports [port_list | all] link-fault-management

1900 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Disables Ethernet OAM on ports.

Syntax Description
port_list Specifies the particular ports.
all Specifies all fiber ports.

Default
Ethernet OAM is disabled on all ports.

Usage Guidelines
Use this command to disable Ethernet OAM on one or more specified ports or on all
fiber ports.

When operating as a stack master, the ExtremeSwitching switch can process this
command for ports on supported platforms.

Example
The following command disables Ethernet OAM on port 1:
# disable ethernet oam ports 1 link-fault-management

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable fdb static-mac-move

disable fdb static-mac-move

Description
Disables EMS and SNMP reporting of discovered MAC addresses that are duplicates of
statically configured MAC addresses.

Syntax Description
This command has no arguments or variables.

Switch Engine™ Command Reference Guide for version 32.7.1 1901

Default Commands

Default
Disabled.

Usage Guidelines
None.

Example
The following example disables this feature:
disable fdb static-mac-move

History
This command was first available in ExtremeXOS 12.7.

Platform Availability
This command is available on all Universal switches supported in this document.

disable flooding ports

With this command you can further identify the type of packets for which to block
flooding.
disable flooding [all_cast | broadcast | multicast | unicast] ports
[port_list | all]

Description
Disables Layer 2 egress flooding on one or more ports.

Syntax Description
all_cast Specifies disabling egress flooding for all packets on specified ports.
broadcast Specifies disabling egress flooding only for broadcast packets.
multicast Specifies disabling egress flooding only for multicast packets.
unicast Specifies disabling egress flooding only for unknown unicast
packets.
port_list Specifies one or more ports or slots and ports.
all Specifies all ports on the switch.

Default
Enabled for all packet types.

1902 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Note
If an application requests specific packets on a specific port, those packets are
not affected by the disable flooding ports command.

You might want to disable egress flooding to do the following:

• enhance security
• enhance privacy
• improve network performance

This is particularly useful when you are working on an edge device in the network.
The practice of limiting flooded egress packets to selected interfaces is also known as
upstream forwarding.

Note
If you disable egress flooding with static MAC addresses, this can affect many
protocols, such as IP and ARP.

The following guidelines apply to enabling and disabling egress flooding:

• Disabling multicasting egress flooding does not affect those packets within an IGMP
membership group at all; those packets are still forwarded out. If IGMP snooping is
disabled, multicast packets are not flooded.
• Egress flooding can be disabled on ports that are in a load-sharing group. In a
load-sharing group, the ports in the group take on the egress flooding state of the
master port; each member port of the load-sharing group has the same state as the
master port.
• On all platforms FDB learning takes place on ingress ports and is independent of
egress flooding; either can be enabled or disabled independently.
• Disabling unicast or all egress flooding to a port also stops packets with unknown
MAC addresses to be flooded to that port.
• Disabling broadcast or all egress flooding to a port also stops broadcast packets to
be flooded to that port.

You can disable egress flooding for unicast, multicast, or broadcast MAC addresses, as
well as for all packets on the ports of the switch. The default behavior is enabled egress
flooding for all packet types.

Example
The following example disables unicast flooding on ports 10-12::
# disable flooding unicast port 10-27

History
This command was first available in ExtremeXOS 11.2.

Switch Engine™ Command Reference Guide for version 32.7.1 1903

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

disable flow-control ports

disable flow-control [tx-pause {priority priority} | rx-pause
{qosprofile qosprofile}] ports [all | port_list]

Description
Disables specified flow control configurations.

Syntax Description
tx-pause Specifies transmission pause processing.
priority Specifies all priorities or single priorities--dot1p priority for
tagged packets and internal priority for untagged packets.
Used with priority flow control only.
rx-pause Specifies reception pause processing.
qosprofile Specifies a QoS profile (“qp1” “qp2” “qp3” “qp4” “qp5” “qp6”
“qp7” “qp8”) to pause for priority flow control packet
reception. Used with priority flow control only.
all Specifies all ports or slots.
port_list Specifies one or more ports or slots and ports.

Default
Disabled.

Usage Guidelines

IEEE 802.3x-Flow Control

Use this command to disable the processing of IEEE 802.3x pause flow control
messages received from the remote partner. Disabling rx-pause processing avoids
dropping packets in the switch and allows for better overall network performance in
some scenarios where protocols such as TCP handle the retransmission of dropped
packets by the remote partner.

To disable RX flow-control, TX flow-control must first be disabled. Refer to the disable

flow-control ports command. If you attempt to disable RX flow-control with TX
flow-control enabled, an error message is displayed.

1904 Switch Engine™ Command Reference Guide for version 32.7.1

Commands IEEE 802.1Qbb-Priority Flow Control

IEEE 802.1Qbb-Priority Flow Control

Use this command to disable the processing of IEEE 802.1Qbb priority flow control
messages received from the remote partner. Disabling TX stops the port from
transmitting PFC packets for that priority, regardless of congestion. Disabling RX stops
the processing of PFC packets received on that port for the specific QoS profile.

Example
IEEE 802.3x

The following command disables the tx flow-control feature on ports 5 through 7 on an

ExtremeSwitching switch:
# disable flow-control tx-pause ports 5-7

IEEE 802.1Qbb

The following command disables TX for priority 3 on port 3:

# disable flow-control tx-pause priority 3 ports 3

The following command disables RX for QoS profile qp4 on port 6:

# disable flow-control rx-pause qosprofile qp4 port 6

History
This command was first available in ExtremeXOS 12.1.3.

The priority function (PFC) was added in ExtremeXOS 12.5.

Platform Availability

IEEE 802.3x
The basic TX-pause and RX-pause functions of this command are available on all
switches.

IEEE 802.1Qbb
The priority function (PFC) is available only on 10G ports.

disable flowmon
disable flowmon

Description
Disables Flow Monitor.

Switch Engine™ Command Reference Guide for version 32.7.1 1905

Syntax Description Commands

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Modification rules for groups, keys, and collectors remain active after Flow Monitor is
disabled. A new group can be created and configured with its parameters, collector,
template portions, and added keys. The group can also be enabled or disabled.

Enabling a group while Flow Monitor is disabled will program the hardware, but the
flow collection for the group will be disabled.

Example
The following command disables Flow Monitor:
# disable flowmon

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on ExtremeSwitching 5420, 5520, and 5720 series switches.

disable flowmon group

disable flowmon group group_name

Description
Disables a Flow Monitor group.

Syntax Description
group Specifies the Flow Monitor group.
group_name Specifies the assigned name of the Flow Monitor group.
Range is 32 characters.

Default
N/A.

1906 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines

Example
The following command disables a Flow Monitor group with the name 'max-flow-age':
# disable flowmon group max-flow-age

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on ExtremeSwitching 5420, 5520, and 5720 series switches.

disable icmp ipv6

disable icmp ipv6 [ignore-multicasts | ignore-anycasts]

Description
Disables the ICMP IPv6 reply to multicast or anycast echo request.

Syntax Description
ignore-multicasts Specifies to reply to ICMP echo requests destined to an IP
multicast address. Default is ignore (disable).
ignore-anycasts Specifies to reply to ICMP echo requests destined to an IP
anycast address. Default is ignore (disable).

Default
Ignore (disable).

Usage Guidelines
Use this command to disable ignoring a reply packet to multicast or anycast echo
request.

Example
The following example specifies to reply to ICMP multicast echo requests:
disable icmp ipv6 ignore-multicasts

Switch Engine™ Command Reference Guide for version 32.7.1 1907

History Commands

History
This command was first available in ExtremeXOS 31.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable icmp redirects ipv6 fast-path

disable icmp redirects ipv6 fast-path

Description
When disabled (default), only slow path packets (packets that cannot be forwarded by
hardware) may trigger ICMP redirects.

Syntax Description
fast-path Only slow path packets (packets that cannot be forwarded
by hardware) may trigger ICMP redirects.

Default
Disabled.

Usage Guidelines
Use this command so that only slow path packets (packets that cannot be forwarded
by hardware) may trigger ICMP redirects.

Example
The enabled or disabled setting is displayed when entering the command:
# show ipconfig ipv6
Route Sharing : Disabled
ICMP Redirect for Fast Path : Enabled
Max Shared Gateways : Current: 4 Configured: 4

Interface IPv6 Prefix Flags

v1 2001::1/24 -EUf---R-
v1 fe80::204:96ff:fe1e:ec00%v1/64 -EUfP--R-
Flags : D - Duplicate address detected on VLAN, T - Tentative address
E - Interface enabled, U - Interface up, f - IPv6 forwarding enabled,
i - Accept received router advertisements enabled,
R - Send redirects enabled, r - Accept redirects enabled
P - Prefix address
BD-8810.2 #

1908 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable icmp redirects

disable icmp redirects {ipv4} {vlan all |{vlan} {name}}

Description
Disables the generation of ICMP redirect messages on one or all VLANs.

Syntax Description
name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
Disables the generation of ICMP redirects (type 5) to hosts who direct routed traffic to
the switch where the switch detects that there is another router in the same subnet
with a better route to the destination.

Example
The following example disables ICMP redirects from VLAN "accounting":
disable icmp redirects vlan accounting

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable icmp useredirects

disable icmp useredirects

Switch Engine™ Command Reference Guide for version 32.7.1 1909

Description Commands

Description
Disables the modification of route table information when an ICMP redirect message is
received.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This option only applies to the switch when the switch is not in routing mode.

If the switch has a route to a destination network, the switch uses that router as the
gateway to forward the packets to. If that router knows about a better route to the
destination, and the next hop is in the same subnet as the originating router, the
second router sends an ICMP redirect message to the first router. If ICMP useredirects
is disabled, the switch disregards these messages and continues to send the packets to
the second router.

Example
The following example disables the changing of routing table information:
disable icmp useredirects

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable identity-management
disable identity-management

Description
Disables the identity management feature, which tracks users and devices that
connect to the switch.

1910 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Only admin-level users can execute this command.

Note
If the identity management feature is running and then disabled, all identity
management database entries are removed and cannot be retrieved. If
identity management is enabled later, the identity management feature starts
collecting information about currently connected users and devices.

Example
The following command disables the identity management feature:

disable identity-management

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

disable cli idletimeout

disable cli idle-timeout

Description
Disables the timer that disconnects idle sessions from the switch.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1911

Usage Guidelines Commands

Timeout 20 minutes.

Usage Guidelines
When idle time-outs are disabled, console sessions remain open until the switch is
rebooted or until you logoff.

Telnet sessions remain open until you close the Telnet client.

If you have an SSH2 session and disable the idle timer, the SSH2 connection times out
after 61 minutes of inactivity.

To view the status of idle time-outs on the switch, use the show management command.
The show management command displays information about the switch including the
enable/disable state for idle time-outs.

Example
The following command disables the timer that disconnects all sessions to the switch:
disable cli idle-timeout

History
This command was first available in ExtremeXOS 10.1.

The cli keyword was added and the idletimeout keyword was changed to idle-
timeout in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable igmp
disable igmp {vlan name}

Description
Disables IGMP on a router interface. If no VLAN is specified, IGMP is disabled on all
router interfaces.

Syntax Description
name Specifies a VLAN name.

Default
Enabled.

1912 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
IGMP is a protocol used by an IP host to register its IP multicast group membership
with a router. Periodically, the router queries the multicast group to see if the group is
still in use. If the group is still active, hosts respond to the query, and group registration
is maintained.

IGMP is enabled by default on the switch. However, the switch can be configured to
disable the generation and processing of IGMP packets. IGMP should be enabled when
the switch is configured to perform IP multicast routing.

This command disables IGMPv2 and IGMPv3.

Example
The following example disables IGMP on VLAN accounting:
disable igmp vlan accounting

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

disable igmp snooping vlan fast-leave

disable igmp snooping {vlan} name fast-leave

Description
Disables the IGMP snooping fast leave feature on the specified VLAN.

Syntax Description
name Specifies a VLAN.

Default
Disabled.

Usage Guidelines
None.

Switch Engine™ Command Reference Guide for version 32.7.1 1913

Example Commands

Example
The following command disables the IGMP snooping fast leave feature on the default
VLAN:
disable igmp snooping “Default” fast-leave

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IGMP snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

disable igmp snooping

disable igmp snooping {forward-mcrouter-only | with-proxy | vlan name}

Description
Disables IGMP snooping.

Syntax Description
forward-mcrouter-only Specifies that the switch forwards all multicast traffic to the
multicast router only.
with-proxy Disables the IGMP snooping proxy.
name Specifies a VLAN.

Default
IGMP snooping and the with-proxy option are enabled by default, but forward-
mcrouter-only option is disabled by default.

Usage Guidelines
If a VLAN is specified, IGMP snooping is disabled only on that VLAN, otherwise IGMP
snooping is disabled on all VLANs.

This command applies to both IGMPv2 and IGMPv3.

If the switch is in the forward-mcrouter-only mode, then the command disable igmp
snooping forward-mcrouter-only changes the mode so that all multicast traffic

1914 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

is forwarded to any IP router. If not in the forward-mcrouter-mode, the command

disable igmp snooping forward-mcrouter-only has no effect.

To change the snooping mode you must disable IP multicast forwarding. Use the
command: disable ipmcforwarding

The with-proxy option can be used for troubleshooting purpose. It should be enabled
for normal network operation.

Enabling the proxy allows the switch to suppress the duplicate join requests on a group
to forward to the connected Layer 3 switch. The proxy also suppresses unnecessary
IGMP leave messages so that they are forwarded only when the last member leaves the
group.

Example
The following example disables IGMP snooping on the VLAN accounting:
disable igmp snooping accounting

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IGMP snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

disable igmp ssm-map

disable igmp ssm-map {vr vr-name}

Description
Disables IGMP SSM mapping.

Syntax Description
vr-name Specifies a virtual router name. If the VR name is omitted,
the switch disables mapping on the VR specified by the
current CLI VR context.

Default
Disabled on all interfaces.

Switch Engine™ Command Reference Guide for version 32.7.1 1915

Usage Guidelines Commands

Usage Guidelines
None.

Example
The following command disables IGMP-SSM mapping on the VR in the current CLI VR
context:
disable igmp ssm-map

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

disable inline-power
disable inline-power [{fast {ports [port_list | all]}} | perpetual]

Description
Disables PoE, and perpetual PoE to all ports; or fast PoE to all ports, or selected ports,
for some platforms.

Syntax Description
fast Disables delivery of PoE power to devices at the time of
switch power on without waiting for boot up based on last
saved PoE state. The default is disabled.
ports For fast PoE, specifies selecting ports. 4120, 4220,
ExtremeSwitching 5320, 5420, 5520, and 5720 series
switches only.
port_list For fast PoE, specifies the port list separated by a comma
or -. 4120, 4220, ExtremeSwitching 5320, 5420, 5520, and
5720 series switches only.
all For fast PoE, specifies selecting all ports. 4120, 4220,
ExtremeSwitching 5320, 5420, 5520, and 5720 series
switches only.
perpetual Disable preserving PoE power delivery to devices during
reboot. Perpetual PoE is a switch-wide setting. The default
is disabled.

1916 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
By default:
• PoE is enabled.
• Fast PoE is disabled.
• Perpetual PoE is disabled.

Usage Guidelines
You can control whether inline power is provided to the system by using the
disable inline-power command and the enable inline power command. Using
the disable inline-power command shuts down inline power currently provided on
the entire switch or to specified ports and slots. Disabling inline power to a switch,
port, or slot immediately removes power to any connected PDs. By default, inline power
provided to all ports is enabled. Additionally, you can disable delivery of PoE power to
devices at the time of switch power on without waiting for boot up (fast PoE) based
on last saved PoE state. Per-port fast PoE is available on certain platforms. You can also
elect to not preserve PoE power delivery to devices during reboot (perpetual PoE). The
default for both PoE options is disabled.

Note
Disabling inline power using the disable inline-power command does not
affect the data traffic traversing the port. And, disabling the port using the
disable port command does not affect the inline power supplied to the port.

Note
Inline power cannot be delivered to connected PDs unless the switch is
powered on.

Example
The following command shuts down inline power currently provided to all ports and all
slots:
disable inline-power

The following example turns off perpetual PoE for the switch:
# disable inline-power perpetual

The following example turns off fast PoE for ports 1,2, and 5:
# disable inline-power fast ports 1,2,5

History
This command was first available in ExtremeXOS 11.1.

The fast and perpetual PoE options were added in ExtremeXOS 30.3.

Per-port fast PoE was added for ExtremeXOS 31.1.

Switch Engine™ Command Reference Guide for version 32.7.1 1917

Platform Availability Commands

Platform Availability
This command is available on the PoE devices listed in Extreme Networks PoE Devices
in the Switch Engine 32.7.1 User Guide.

The fast and perpetual options are only available on the 4120, 4220,
ExtremeSwitching 5320, 5420, 5520, and 5720 (per port) series switches.

disable inline-power ports

disable inline-power ports [all | port_list]

Description
Shuts down PoE power currently provided to all ports or to specified ports.

Syntax Description
all Disables inline power to all ports on the switch.
port_list Disables inline power to the specified ports.

Default
Enable.

Usage Guidelines
Disabling inline power to ports immediately removes power to any connected PDs. By
default, the capability to provide inline power to all ports is enabled.

Note
Disabling inline power using the disable inline-power command does not
affect the data traffic traversing the port. And, disabling the port using the
disable port command does not affect the inline power supplied to the port.

Disabling inline power to a port providing power to a PD immediately removes power

to the PD.

Example
The following command shuts down inline power currently provided to ports 4 and 5
on a switch:

disable inline-power ports 4,5

History
This command was first available in ExtremeXOS 11.1.

1918 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on the PoE devices listed in Extreme Networks PoE Devices.

disable inline-power slot

disable inline-power [fast | perpetual] slot slot

Description
Shuts down PoE, and fast and perpetual PoE, power currently provided to the specified
slot.

Syntax Description
slot Selects the slot to disable inline power, or fast/perpetual
PoE power on.
fast Disable delivery of PoE power to devices at the time of
switch power on without waiting for boot up based on last
saved PoE state. The default is disabled.
perpetual Disable preserving PoE power delivery to devices during
reboot. Perpetual PoE is a switch-wide setting. The default
is disabled.

Default
By default:
• PoE is enabled.
• Fast PoE is disabled.
• Perpetual PoE is disabled.

Usage Guidelines
Disabling inline power to a slot immediately removes power to any connected PDs. By
default, the capability to provide inline power to a slot is enabled. Additionally, you can
disable delivery of PoE power to devices at the time of switch power on without waiting
for boot up (fast PoE) based on last saved PoE state. You can also elect to not preserve
PoE power delivery to devices during reboot (perpetual PoE). The default for both PoE
options is disabled.

Note
You can set the reserved power budget to 0 for a slot if, and only if, you first
issue this command.

On a stack if you do not specify a slot number, the command operates on all active
nodes. This command operates only on nodes in the active topology.

Switch Engine™ Command Reference Guide for version 32.7.1 1919

Example Commands

Example
The following command removes power to all PDs on slot 3:
disable inline-power slot 3

The following example turns off perpetual PoE for slot 3:

# disable inline-power perpetual slot 3

History
This command was first available in ExtremeXOS 11.1.

The fast and perpetual PoE options were added in ExtremeXOS 30.3.

Platform Availability
This command is available on the PoE devices listed in Extreme Networks PoE Devices.

disable ip anycast
disable ip anycast {vlan} vlan_name

Description
Disables IP anycast on a VLAN.

Syntax Description
ip Layer 3 Internet Protocol.
anycast Disables IP anycast on a VLAN.
vlan Selects the VLAN.
vlan_name Specifies the VLAN name.

Default
N/A.

Usage Guidelines
N/A.

Example
The following example disables IP anycast on the VLAN "vlan1":
# disable ip anycast vlan vlan1

1920 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 30.6.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ip nat
disable ip nat

Description
Globally disables Network Address Translation (NAT).

Syntax Description
ip Specifies Internet Protocol (IP).
nat Specifies enabling NAT.

Default
N/A.

Usage Guidelines
NAT maps IP addresses from one address domain (typically private IP address spaces)
to an another address domain (typically a public Internet IP address space) to provide
transparent routing to end hosts. This translation is accomplished transparently by
having a NAT device translate the IP address and/or Layer 4 port of the packets.

To view IP NAT information, run the command show ip nat.

Example
The following example disables IP NAT:
# disable ip nat

History
This command was first available in ExtremeXOS 31.2.

Switch Engine™ Command Reference Guide for version 32.7.1 1921

Platform Availability Commands

Platform Availability
This command is available on the switches that support the IP NAT feature.
For information about which switches support this and other features, see the
Switch Engine 32.7.1 Feature License Requirements document.

disable ip nat rule

disable ip nat rule rule_name

Description
Disables Network Address Translation (NAT) rules.

Syntax Description
ip Specifies Internet Protocol (IP).
nat Specifies NAT.
rule Specifies disabling a NAT rule.
rule_name Specifies the NAT rule to disable.

Default
N/A.

Usage Guidelines
You must disable a rule to make configuration changes to it.

Example
The following example the disables the IP NAT rule "rule1":
# disables ip nat rule rule1

History
This command was first available in ExtremeXOS 31.2.

Platform Availability
This command is available on the switches that support the IP NAT feature.
For information about which switches support this and other features, see the
Switch Engine 32.7.1 Feature License Requirements document.

1922 Switch Engine™ Command Reference Guide for version 32.7.1

Commands disable iparp checking

disable iparp checking

disable iparp {vr vr_name} checking

Description
Disable checking if the ARP request source IP address is within the range of the local
interface or VLAN domain.

Syntax Description
vr_name Specifies a VR or VRF.

Default
Enabled.

Usage Guidelines
If you do not specify a VR or VRF, the command applies to the current VR context.

Example
The following example disables IP ARP checking:
disable iparp checking

History
This command was first available in ExtremeXOS 10.1.

The vr option was added in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

disable iparp gratuitous protect vlan

disable iparp gratuitous protect [ {vlan} vlan_name | vlan vlan_list]

Description
Disables gratuitous ARP protection on the specified VLAN.

Switch Engine™ Command Reference Guide for version 32.7.1 1923

Syntax Description Commands

Syntax Description
vlan_name Specifies the VLAN.
vlan_list Specifies a VLAN list of IDs.

Default
Disabled.

Usage Guidelines
Hosts can launch man-in-the-middle attacks by sending out gratuitous ARP requests
for the router's IP address. This results in hosts sending their router traffic to the
attacker, and the attacker forwarding that data to the router. This allows passwords,
keys, and other information to be intercepted.

To protect against this type of attack, the router will send out its own gratuitous ARP
request to override the attacker whenever a gratuitous ARP broadcast with the router's
IP address as the source is received on the network.

This command disables gratuitous ARP protection.

Example
The following example disables gratuitous ARP protection for VLAN corp:
disable iparp gratuitous protect vlan corp

History
This command was first available in ExtremeXOS 11.2.

The vlan_list option was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable iparp refresh

disable iparp {vr vr_name} refresh

Description
Disables IP ARP to refresh its IP ARP entries before timing out.

Syntax Description
vr_name Specifies a VR or VRF.

1924 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Enabled.

Usage Guidelines
The purpose of disabling ARP refresh is to reduce ARP traffic in a high node count Layer
2 switching only environment.

If you do not specify a VR or VRF, the command applies to the current VR context.

Example
The following example disables IP ARP refresh:
disable iparp refresh

History
This command was first available in ExtremeXOS 10.1.

The vr option was added in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ipforwarding broadcast

disable ipforwarding broadcast [ {vlan} vlan_name | vlan vlan_list]

Description
Disables routing (or routing of broadcasts) for one or all VLANs. If no argument is
provided, disables routing for all VLANs.

Syntax Description
broadcast Specifies broadcast IP forwarding.
vlan_name Specifies a VLAN name.

Default
Disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1925

Usage Guidelines Commands

Usage Guidelines
Disabling IP forwarding also disables broadcast forwarding. Broadcast forwarding can
be disabled without disabling IP forwarding. When new IP interfaces are added, IP
forwarding (and IP broadcast forwarding) is disabled by default.

Other IP related configuration is not affected.

Example
The following example disables forwarding of IP broadcast traffic for a VLAN
"accounting":
disable ipforwarding broadcast vlan accounting

History
This command was first available in ExtremeXOS 10.1.

The ignore-broadcast and fast-direct-broadcast keywords were added in

ExtremeXOS 12.0.

Platform Availability
This command is available on all platforms that use the Edge, Advanced Edge, or
Core license. For information on the licenses available for each platform, see the
Switch Engine 32.7.1 Feature License Requirements document.

disable ipforwarding broadcast

disable ipforwarding broadcast [ {vlan} vlan_name | vlan vlan_list]

Description
Disables routing (or routing of broadcasts) for one or all VLANs. If no argument is
provided, disables routing for all VLANs.

Syntax Description
broadcast Specifies broadcast IP forwarding.
vlan_name Specifies a VLAN name.

Default
Disabled.

1926 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Disabling IP forwarding also disables broadcast forwarding. Broadcast forwarding can
be disabled without disabling IP forwarding. When new IP interfaces are added, IP
forwarding (and IP broadcast forwarding) is disabled by default.

Other IP related configuration is not affected.

Example
The following example disables forwarding of IP broadcast traffic for a VLAN
"accounting":
disable ipforwarding broadcast vlan accounting

History
This command was first available in ExtremeXOS 10.1.

The ignore-broadcast and fast-direct-broadcast keywords were added in

ExtremeXOS 12.0.

Platform Availability
This command is available on all platforms that use the Edge, Advanced Edge, or
Core license. For information on the licenses available for each platform, see the
Switch Engine 32.7.1 Feature License Requirements document.

disable ipforwarding ipv6

disable ipforwarding ipv6 [ {vlan} vlan_name | vlan vlan_list] | tunnel
tunnel_name | vr vr_name}

Description
Disables routing for one or all interfaces. If no argument is provided, disables routing for
all interfaces on the current VR or VRF.

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
vlan_list Specifies a VLAN list of IDs.
tunnel_name Specifies an IPv6 tunnel.
vr_name Specifies a VR or VRF.

Default
Disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1927

Usage Guidelines Commands

Usage Guidelines
When new IPv6 interfaces are added, IPv6 forwarding is disabled by default.

Example
The following example disables forwarding of IPv6 traffic for a VLAN "accounting":
disable ipforwarding ipv6 vlan accounting

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

disable ipmcforwarding ipv6

disable ipmcforwarding ipv6 {{vlan} name}

Description
Disables IPv6 multicast forwarding on a router interface.

Syntax Description
name Specifies a VLAN name.

Default
Disabled.

Usage Guidelines
If no options are specified, all configured IPv6 interfaces are affected. When new IPv6
interfaces are created, IPv6 multicast forwarding is disabled by default.

Disabling IPv6 multicast forwarding disables any Layer 3 IPv6 multicast routing for the
streams coming to the interface.

Example
The following example disables IPv6 multicast forwarding on VLAN accounting:
disable ipmcforwarding ipv6 vlan accounting

1928 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv6 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

disable ipmcforwarding
disable ipmcforwarding {vlan name}

Description
Disables IP multicast forwarding on a router interface.

Syntax Description
name Specifies a VLAN name.

Default
Disabled.

Usage Guidelines
If no options are specified, all configured IP interfaces are affected. When new IP
interfaces are added, IP multicast forwarding is disabled by default.

IP forwarding must be enabled before enabling IP multicast forwarding.

Disabling IP multicast forwarding disables any Layer 3 multicast routing for the streams
coming to the interface.

Example
The following example disables IP multicast forwarding on the VLAN accounting:
disable ipmcforwarding vlan accounting

History
This command was first available in ExtremeXOS 10.1.

Switch Engine™ Command Reference Guide for version 32.7.1 1929

Platform Availability Commands

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

disable ipmcforwarding tunnel

disable ipmcforwarding {tunnel tunnel_name}

Description
Disables IP multicast tunnel forwarding on a router interface.

Syntax Description
tunnel_name Specifies a tunnel name.

Default
Disabled.

Usage Guidelines
If no options are specified, all configured IP interfaces are affected. When new IP
interfaces are added, IP multicast forwarding is disabled by default.

IP forwarding must be enabled before enabling IP multicast forwarding.

Disabling IP multicast forwarding disables any Layer 3 multicast routing for the streams
coming to the interface.

Example
The following example disables IP multicast forwarding on the tunnel called
accounting:
disable ipmcforwarding tunnel accounting

History
This command was first available in ExtremeXOS 32.3.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and

1930 Switch Engine™ Command Reference Guide for version 32.7.1

Commands disable ip option loose-source-route

upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

disable ip option loose-source-route

disable ip option loose-source-route

Description
Disables processing of the loose source route IP option in the IPv4 packet header.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
Disables the switch from forwarding IP packets with the IP option for loose source
routing turned on. Packets with the loose-source-route option enabled are dropped by
the switch.

Example
The following example disables processing of the loose source route IP option:
# disable ip option loose-source-route

History
This command was first available in ExtremeXOS 10.1.

This command was removed in ExtremeXOS 30.1, and then re-introduced in

ExtremeXOS 31.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ip option strict-source-route

disable ip option strict-source-route

Switch Engine™ Command Reference Guide for version 32.7.1 1931

Description Commands

Description
Disables processing the strict source route IP option in the IPv4 packet header.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
Disables the switch from forwarding IP packets that have the strict source routing IP
option turned on. The switch drops packets that have the strict source routing IP option
enabled.

Example
The following example disables processing of the strict source route IP option:
# disable ip option strict-source-route

History
This command was first available in ExtremeXOS 10.1.

This command was removed in ExtremeXOS 30.1, and then re-introduced in

ExtremeXOS 31.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable iproute bfd

disable iproute bfd {gateway} ip_addr {vr vrname}

Description
Disables BFD client services for IPv4 static routes.

Syntax Description
ip_addr Specifies the IPv4 address of a neighbor for which BFD
services are to be stopped.
vrname Specifies the VR or VRF name for which BFD services are
being disabled.

1932 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Disabled.

Usage Guidelines
When the BFD client is disabled, BFD services for all static IP routes terminates. This
command does not disable services for other BFD clients (such as the MPLS BFD
client).

Example
The following example disables BFD client protection for communications with
neighbor 10.10.10.1:
# disable iproute bfd 10.10.10.1

History
This command was first available in ExtremeXOS 12.5.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable iproute bfd strict

disable iproute {protection} bfd strict

Description
Turns off "strict" Bidirectional Forwarding Detection (BFD) session control, which brings
up the static route during switch reboot if the static route nexthop BFD session is in the
INIT state.

Syntax Description
protection Enables or disables route protection.
bfd BFD protect static routes to next hop gateway.
strict Disables considering that protected static routes are not
up if the BFD session is in INIT state. Default is disabled.

Default
By default, strict BFD session control is disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1933

Usage Guidelines Commands

Usage Guidelines
If the BFD session is down, but BFD protected static route is still in the routing table
after reboot, the BFD session is never established, because during reboot, the BFD
session is in the INIT state, and the static route is brought up without considering BFD
session state. This can cause traffic loss because the link to the gateway actually is
down. This command turns off strict BFD session control, which means that the static
route is brought up during reboot even if the BFD session is in the INIT state. A reboot is
required to make the command take effect.

Example
The following example disables BFD strict session control:
# disable iproute bfd strict
WARNING: Please reboot the switch for the strict BFD to take effect.

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable iproute compression

disable iproute compression {vr vrname}

Description
Disables IPv4 route compression.

Syntax Description
vrname VR or VRF name for which the IP route compression is
being disabled. If the VR or VRF name is not specified,
route compression is disabled for the VR context from
which CLI command is issued.

Default
Enabled.

Usage Guidelines
Disables IPv4 route compression for a specified VR or VRF.

1934 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example disables IP route compression:
disable iproute compression

History
This command was first available in ExtremeXOS 12.0.

Default changed to enabled in ExtremeXOS 15.6.

Platform Availability
This command is available on all Universal switches supported in this document.

disable iproute ipv6 compression

disable iproute ipv6 compression {vr vr_name}

Description
This command disables IPv6 route compression.

Syntax Description
vr_name Specifies a VR or VRF. If not specified, the current CLI
context is used.

Default
By default, IPv6 route compression is disabled for all address families and VRs.

Usage Guidelines
This command disables IPv6 route compression for the IPv6 address family and VR. This
command decompresses previously compressed prefixes in the IPv6 prefix database.

Example
The following example disables IPv6 route compression for the IPv6 address family and
the VR of the current CLI context:
disable iproute ipv6 compression

History
This command was first available in ExtremeXOS 12.0.

Switch Engine™ Command Reference Guide for version 32.7.1 1935

Platform Availability Commands

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

disable iproute ipv6 sharing

disable iproute ipv6 sharing {{{vr} vr_name} | {{vr} all}}

Description
This command disables IPv6 route sharing.

Syntax Description
vr_name Specifies a VR or VRF. If not specified, the current CLI
context is used
all Specifies all VR or VRF.

Default
By default, IPv6 route sharing is disabled.

Usage Guidelines
This command disables IPv6 route sharing for the IPv6 address family and VR.

Example
The following example disables IPv6 route sharing for the IPv6 address family and the
VR of the current CLI context:
disable iproute ipv6 sharing

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

The ability to enable and disable ECMP for IPv6 is supported for all platforms.

disable iproute mpls-next-hop

disable iproute mpls-next-hop

1936 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Disables IP forwarding over MPLS LSPs for the default VR.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command disables IP forwarding over MPLS LSPs for the default VR. When
disabled, any route with an MPLS LSP as its next hop becomes inactive and is not used
to tunnel IP traffic across the MPLS network. By default, IP forwarding over MPLS LSPs
is disabled.

Example
This command disables IP forwarding over MPLS LSPs.
disable iproute mpls-next-hop

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable iproute protection ping

disable iproute {ipv4 | ipv6} protection ping

Description
Globally disables ping protection for static routes added with ping protection for IPv4
and IPv6. Routes are up in the routing table, and ping health check monitoring is not
performed.

Syntax Description
ipv4 Specifies IPv4 (default).
ipv6 Specifies IPv6.

Switch Engine™ Command Reference Guide for version 32.7.1 1937

Default Commands

protection Disables route protection.

ping Globally disables ping protection for static routes added
with ping protection (default is enabled).

Default
Enabled is the default. If not specified, IPv4 is the default.

Example
The following example disables ping protection for static routes added with ping
protection for IPv4:
# disable iproute ipv4 protection ping

History
This command was first available in ExtremeXOS 22.1.

Platform Availability
This command is available on all platforms with any license level as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable iproute sharing

disable iproute {ipv4} sharing {{vr} vrname} | {vr} {all}

Description
Disables IPv4 route sharing.

Syntax Description
vrname VR or VRF name for which IP route sharing is being
disabled.

Default
Disabled.

Usage Guidelines
If a VR is not specified, this command disables IP route sharing in the current VR
context.

1938 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example disables load sharing for multiple routes:
disable iproute sharing

History
This command was first available in ExtremeXOS 12.1.

The vr option was added in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ip-security anomaly-protection icmp

disable ip-security anomaly-protection icmp {slot [ slot | all ]}

Description
Disables ICMP size and fragment checking.

Syntax Description
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

Default
The default is disabled.

Usage Guidelines
This command disables ICMP size and fragment checking. This checking takes effect
for both IPv4 and IPv6 TCP packets. When enabled, the switch drops ICMP packets if
one of following condition is true:
• Fragmented ICMP packets for IPv4 packets.
• IPv4 ICMP pings packets with payload size greater than the maximum IPv4 ICMP-
allowed size. (The maximum allowed size is configurable.)
• IPv6 ICMP ping packets with payload size > the maximum IPv6 ICMP-allowed size.
(The maximum allowed size is configurable.)

History
This command was first available in ExtremeXOS 12.0.

Switch Engine™ Command Reference Guide for version 32.7.1 1939

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

disable ip-security anomaly-protection ip

disable ip-security anomaly-protection ip { slot [ slot | all ] }

Description
Disables source and destination IP address checking.

Syntax Description
slot Specifies the slot.
all Specifies all IP addresses, or all IP addresses in a particular
state.

Default
The default is disabled.

Usage Guidelines
This command disables source and destination IP addresses checking. This checking
takes effect for both IPv4 and IPv6 packets. When enabled, the switch drops IPv4/IPv6
packets if its source IP address are the same as the destination IP address. In most
cases, the condition of source IP address being the same as the destination IP address
indicates a Layer 3 protocol error. (These kind of errors are found in LAND attacks.)

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ip-security anomaly-protection l4port

disable ip-security anomaly-protection l4port [tcp | udp | both] {slot
[ slot | all ]}

Description
Disables TCP and UDP ports checking.

1940 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
tcp Specifies that the TCP port be disabled for checking.
udp Specifies that the UDP port be disabled for checking.
both Specifies both the TCP and UDP ports be disabled for
checking.
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

Default
The default is disabled.

Usage Guidelines
This command disables TCP and UDP ports checking. This checking takes effect for
both IPv4 and IPv6 TCP and UDP packets. When enabled, the switch drops TCP and
UDP packets if its source port is the same as its destination port. In most cases, when
the condition of source port is the same as that of the destination port, it indicates a
Layer4 protocol error. (This type of error can be found in a BALT attack.)

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ip-security anomaly-protection notify

disable ip-security anomaly-protection notify [log | snmp | cache] {slot
[ slot | all ]}

Description
Disables protocol anomaly notification.

Syntax Description
log Specifies the switch to send the notification to a log file.
snmp Specifies the switch to send an SNMP trap when an event
occurs.
cache Specifies the switch to send the notification to cache.

Switch Engine™ Command Reference Guide for version 32.7.1 1941

Default Commands

slot Specifies the slot to be used.

all Specifies all IP addresses, or all IP addresses in a particular
state.

Default
The default is disabled.

Usage Guidelines
This command disables anomaly notification. When enabled, any packet failed to pass
enabled protocol checking is sent to XOS Host CPU and notifies the user. There are
three different types of notifications:
• log: log anomaly events in the switch log system; you can view and manage this log
with the show log and configure log commands.
• snmp: the anomaly events generate SNMP traps.
• cache: logs the most recent and unique anomaly events in memory; rebooting the
switch will cause all the logged events to be lost (the number of cached events is
configured by command).

When disabled, the switch drops all violating packets silently.

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ip-security anomaly-protection tcp flags

disable ip-security anomaly-protection tcp flags {slot [ slot | all ]}

Description
Disables TCP flag checking.

Syntax Description
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

1942 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
The default is disabled.

Usage Guidelines
This command disables TCP flag checking. This checking takes effect for both IPv4
and IPv6 TCP packets. When enabled, the switch drops TCP packets if one of following
condition is true:
• TCP SYN flag==1 and the source port<1024
• TCP control flag==0 and the sequence number==0
• TCP FIN, URG, and PSH bits are set, and the sequence number==0
• TCP SYN and FIN both are set.

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ip-security anomaly-protection tcp fragment

disable ip-security anomaly-protection tcp fragment {slot [ slot |
all ]}

Description
Disables TCP fragment checking.

Syntax Description
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

Default
The default is disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1943

Usage Guidelines Commands

Usage Guidelines
This command disables TCP fragment checking. This checking takes effect for IPv4/
IPv6. When it is enabled, the switch drops TCP packets if one of following condition is
true:
• For the first IPv4 TCP fragment (its IP offset field==0), if its TCP header is less than the
minimum IPv4 TCP header allowed size.
• If its IP offset field==1 (for IPv4 only).

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ip-security anomaly-protection

disable ip-security anomaly-protection {slot [ slot | all ]}

Description
Disables all anomaly checking options.

Syntax Description
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

Default
The default is disabled.

Usage Guidelines
This commands disables all anomaly checking options, including IP address, UDP/TCP
port, TCP flag and fragment, and ICMP anomaly checking.

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

1944 Switch Engine™ Command Reference Guide for version 32.7.1

Commands disable ip-security arp gratuitous-protection

disable ip-security arp gratuitous-protection

disable ip-security arp gratuitous-protection [dynamic | {vlan}
vlan_name |all ]

Description
Disables gratuitous ARP protection on one or all VLANs on the switch.

Syntax Description
all Specifies all VLANs configured on the switch.
vlan-name Specifies the VLAN.
dynamic Configuration options for dynamically created VLANs.

Default
By default, gratuitous ARP protection is disabled.

Usage Guidelines
Beginning with ExtremeXOS 11.6, this command replaces the disable iparp
gratuitous protect vlan command.

Hosts can launch man-in-the-middle attacks by sending out gratuitous ARP requests
for the router's IP address. This results in hosts sending their router traffic to the
attacker, and the attacker forwarding that data to the router. This allows passwords,
keys, and other information to be intercepted.

To protect against this type of attack, the router will send out its own gratuitous ARP
request to override the attacker whenever a gratuitous ARP broadcast with the router's
IP address as the source is received on the network.

This command disables gratuitous ARP protection.

Example
The following command disables gratuitous ARP protection for VLAN corp:

disable ip-security arp gratuitous-protection vlan corp

History
This command was first available in ExtremeXOS 11.6.

Dynamic VLAN option added in ExtremeXOS 30.2.

Switch Engine™ Command Reference Guide for version 32.7.1 1945

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

disable ip-security arp learning learn-from-arp

disable ip-security arp learning learn-from-arp [dynamic | {vlan}
vlan_name] ports [all | ports]

Description
Disables ARP learning on the specified VLAN and member ports.

Syntax Description
vlan_name Specifies the name of the VLAN to which this rule applies.
dynamic Configuration options for dynamically created VLANs.
all Specifies all ingress ports.
ports Specifies one or more ingress ports.

Default
By default, ARP learning is enabled.

Usage Guidelines
You can disable ARP learning so that the only entries in the ARP table are either
manually added or those created by DHCP secured ARP; the switch does not add
entries by tracking ARP requests and replies. By disabling ARP learning and adding
a permanent entry or configuring DHCP secured ARP, you can centrally manage
and allocate client IP addresses and prevent duplicate IP addresses from interrupting
network operation.

To manually add a permanent entry to the ARP table, use the following command:
configure iparp add ip_addr {vrvr_name} mac

To configure DHCP secure ARP as a method to add entries to the ARP table, use the
following command:
enable ip-security arp learning learn-from-dhcp vlan vlan_name
ports [all | ports] {poll-interval interval_in_seconds} {retries
number_of_retries}

Displaying ARP Information

To display how the switch builds an ARP table and learns MAC addresses for devices on
a specific VLAN and associated member ports, use the following command:
show ip-security arp learning {vlan} vlan_name

1946 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

To view the ARP table, including permanent and DHCP secured ARP entries, use the
following command:
show iparp {ip_address | mac | vlanvlan_name | permanent} {vrvr_name}

Note
DHCP secured ARP entries are stored as static entries in the ARP table.

Example
The following command disables ARP learning on port 1:1 of the VLAN learn:

disable ip-security arp learning learn-from-arp vlan learn ports 1:1

History
This command was first available in ExtremeXOS 11.6.

Dynamic VLAN option was added in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ip-security arp learning learn-from-dhcp

disable ip-security arp learning learn-from-dhcp [dynamic vlan | {vlan}
vlan_name ports [all | ports]

Description
Disables DHCP secured ARP learning for the specified VLAN and member ports.

Syntax Description
dynamic Configuration options for dynamically created VLANs.
vlan_name Specifies the name of the VLAN to which this rule applies.
all Specifies all ingress ports.
ports Specifies one or more ingress ports.

Default
By default, DHCP secured ARP learning is disabled.

Usage Guidelines
Use this command to disable DHCP secured ARP learning.

Switch Engine™ Command Reference Guide for version 32.7.1 1947

Displaying ARP Information Commands

Displaying ARP Information

To display how the switch builds an ARP table and learns MAC addresses for devices on
a specific VLAN and associated member ports, use the following command:
show ip-security arp learning {vlan} vlan_name

To view the ARP table, including permanent and DHCP secured ARP entries, use the
following command:
show iparp {ip_address | mac | vlanvlan_name | permanent} {vrvr_name}

Example
The following command disables DHCP secured ARP learning on port 1:1 of the VLAN
learn:
disable ip-security arp learning learn-from-dhcp vlan learn ports 1:1

History
This command was first available in ExtremeXOS 11.6.

Dynamic VLAN support was added in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ip-security arp validation

disable ip-security arp validation [dynamic | {vlan} vlan_name] [all |
ports]

Description
Disables ARP validation for the specified VLAN and member ports.

Syntax Description
vlan_name Specifies the name of the VLAN to which this rule applies.
dynamic Configuration options for dynamically created VLANs.
all Specifies all ports.
ports Specifies one or more ports.

Default
By default, ARP validation is disabled.

1948 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use this command to disable ARP validation.

Displaying ARP Validation Information

To display information about ARP validation, use the following command:
show ip-security arp validation {vlan} vlan_name

Example
The following command disables ARP validation on port 1:1 of the VLAN valid:

disable ip-security arp validation vlan valid ports 1:1

History
This command was first available in ExtremeXOS 11.6.

Dynamic VLAN option added in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ip-security dhcp-bindings restoration

disable ip-security dhcp-bindings restoration

Description
Disables the download and upload of DHCP bindings.

Syntax
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
The command allows you to disable the download and upload of the DHCP bindings,
essentially disabling the DHCP binding functionality. The default is disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1949

History Commands

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ip-security dhcp-snooping

disable ip-security dhcp-snooping [dynamic | {vlan} vlan_name] ports
[all | ports]

Description
Disables DHCP snooping on the switch.

Syntax Description
vlan_name Specifies the name of the DHCP-snooping VLAN.
dynamic Configuration options for dynamically created VLANs.
all Specifies all ports to stop receiving DHCP packets.
ports Specifies one or more ports to stop receiving DHCP
packets.

Default
By default, DHCP snooping is disabled.

Usage Guidelines
Use this command to disable DHCP snooping on the switch.

Example
The following command disables DHCP snooping on the switch:

disable ip-security dhcp-snooping vlan snoop ports 1:1

History
This command was first available in ExtremeXOS 11.6.

Dynamic VLAN option added in ExtremeXOS 30.2.

1950 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

disable ip-security source-ip-lockdown ports

disable ip-security source-ip-lockdown ports [all | ports]

Description
Disables the source IP lockdown feature on one or more ports.

Syntax Description
all Specifies all ports for which source IP lockdown should be
disabled.
ports Specifies one or more ports for which source IP lockdown
should be disabled.

Default
By default, source IP lockdown is disabled on the switch.

Usage Guidelines
To display the source IP lockdown configuration on the switch, use the following
command:
show ip-security source-ip-lockdown

Example
The following command disables source IP lockdown on ports 1:1 and 1:4:

disable ip-security source-ip-lockdown ports 1:1, 1:4

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

disable iqagent
disable iqagent

Switch Engine™ Command Reference Guide for version 32.7.1 1951

Description Commands

Description
Disables the ExtremeCloud™ IQ Agent.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Disabling IQ Agent prevents all access to ExtremeCloud IQ. Any current activity with
ExtremeCloud IQ, including remote SSH sessions, are disconnected immediately. Re-
enabling IQ Agent can only occur by using the enable iqagent command using
either console or Telnet or SSH access. Disabling IQ Agent deactivates automatic DHCP
access on VLAN Mgmt, which is required for Zero-Touch Provisioning (ZTP).

To view the state if the IQ Agent, use the command show iqagent discovery without
the discovery option.

Example
The following example disables the IQ Agent:
# disables iqagent

History
This command was first available in ExtremeXOS 31.1.

Platform Availability
This command is available on the ExtremeSwitching 5520 platform.

disable irdp
disable irdp {vlan name}

Description
Disables the generation of ICMP router advertisement messages on one or all VLANs.

Syntax Description
name Specifies a VLAN name.

1952 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Disabled.

Usage Guidelines
If no optional argument is specified, all the IP interfaces are affected.

Example
The following example disables IRDP on VLAN "accounting":
disable irdp vlan accounting

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms that use the Edge, Advanced Edge, or
Core license. For information on the licenses available for each platform, see the
Switch Engine 32.7.1 Feature License Requirements document.

disable isis
disable isis {area area_name}

Description
This command disables the specified IS-IS router process on the current virtual router.

Syntax Description
area_name Specifies the name of the IS-IS router process to be
disabled.

Default
Disabled.

Usage Guidelines
IS-IS PDUs are no longer sent or processed on this IS-IS router process. The LSP and
neighbor databases are purged. IS-IS routes are purged from the routing table. This
command should only be used during planned network outages. This command has
no effect on router processes that are already disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 1953

Example Commands

Example
The following command disables the IS-IS process named areax:

disable isis area areax

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable isis area adjacency-check

disable isis area area_name adjacency-check {ipv4| ipv6}

Description
This command disables the checking of the following TLVs when forming adjacencies:
Protocols Supported and IP Interface Address.

Syntax Description
area_name Specifies the name of the IS-IS router process that should
no longer perform the adjacency check.
ipv4 Specifies that the adjacency check should no longer be
performed on IPv4 interfaces.
ipv6 Specifies that the adjacency check should no longer be
performed on IPv6 interfaces.

Default
IPv4: Enabled.

IPv6: Enabled.

Usage Guidelines
When adjacency checking is disabled, adjacencies may be formed on interfaces that do
not reside on the same subnet or do not support IPv4 (if disabled for IPv4) or IPv6 (if
disabled for IPv6). If neither ipv4 nor ipv6 is specified, this command applies to IPv4.

1954 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command directs the IS-IS process named areax to disable adjacency
checks on IPv6 interfaces:

disable isis area areax adjacency-check ipv6

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable isis area dynamic-hostname

disable isis area area_name dynamic-hostname

Description
This command disables the dynamic hostname feature.

Syntax Description
area_name Specifies the name of the IS-IS process for which the
dynamic-hostname feature is to be disabled.

Default
Disabled.

Usage Guidelines
The specified router process no longer includes code 137 TLVs in its LSPs and names are
no longer displayed in show commands.

Example
The following command disables the display of area names or SNMP names instead of
system IDs:

disable isis area areax dynamic-hostname

History
This command was first available in ExtremeXOS 12.1.

Switch Engine™ Command Reference Guide for version 32.7.1 1955

Platform Availability Commands

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable isis area export ipv6

disable isis area area_name export ipv6 route-type

Description
This command disables IPv6 route redistribution of the specified type into IS-IS.

Syntax Description
area_name Specifies the IS-IS router process for which route
redistribution is disabled.
route-type Selects the type of export route to disable. The valid route
types are: direct, ospfv3, ospfv3-extern1, ospfv3-extern2,
ospfv3-inter, ospfv3-intra, ripng, bgp, and static.

Default
All types are disabled.

Usage Guidelines
None.

Example
The following command disables RIPng route distribution into areax:

disable isis area areax export ipv6 ripng

History
This command was first available in ExtremeXOS 12.1.

Support for BGP was added in ExtremeXOS 12.6.0-BGP.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

1956 Switch Engine™ Command Reference Guide for version 32.7.1

Commands disable isis area export

disable isis area export

disable isis area area_name export {ipv4} route-type

Description
This command disables IPv4 route redistribution of the specified type into IS-IS.

Syntax Description
area_name Specifies the IS-IS router process for which route
redistribution is disabled.
ipv4 Specifies that the configuration change is for IPv4 IS-IS
routing.
route-type Selects the type of export route to disable. The valid route
types are: bgp, direct, e-bgp, i-bgp, ospf, ospf-extern1, ospf-
extern2, ospf-inter, ospf-intra, rip, and static.

Default
All types are disabled.

Usage Guidelines
None.

Example
The following command disables RIP route distribution into areax:

disable isis area areax export rip

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable isis area originate-default

disable isis area area_name originate-default {ipv4 | ipv6}

Switch Engine™ Command Reference Guide for version 32.7.1 1957

Description Commands

Description
This command disables the generation of one or all default routes in the LSPs for the
specified router process.

Syntax Description
area_name Specifies the name of the IS-IS router process that should
no longer generate the default route.
ipv4 Specifies that the router process should no longer generate
the default IPv4 route.
ipv6 Specifies that the router process should no longer generate
the default IPv6 route.

Default
IPv4: Disabled.

IPv6: Disabled.

Usage Guidelines
This applies to level 2 routing only. By default this command disables IPv4 default
route origination. The optional ipv6 keyword disables IPv6 default route origination. This
command has no effect on router processes that are already disabled for default route
origination on level 1-only router processes.

Example
The following command directs the IS-IS process named areax to stop generating the
default IPv4 route in it’s LSPs:

disable isis area areax originate-default

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable isis area overload-bit

disable isis area area_name overload-bit

1958 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
This command disables the overload-bit feature.

Syntax Description
area_name Specifies the area name of the IS-IS process for which this
feature is to be disabled.

Default
Disabled.

Usage Guidelines
Disabling the overload bit feature causes an SPF recalculation throughout the network.
In addition, external and interlevel router redistribution is no longer suppressed if
those options were included when the overload bit was enabled. If the overload bit
is currently set as a result of the overload-bit on-startup command, this command
overrides the configuration and disables this feature.

Example
The following command disables the overload bit feature for areax:

disable isis area areax overload-bit

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable isis hello-padding

disable isis [vlan all | {vlan} vlan_name] hello-padding

Description
This command disables the padding of Hello PDUs for one or all IS-IS VLANs.

Switch Engine™ Command Reference Guide for version 32.7.1 1959

Syntax Description Commands

Syntax Description
vlan all Disables hello padding on all IS-IS VLANs.
vlan_name Specifies a single VLAN on which to disable hello padding.

Default
Enabled.

Usage Guidelines
Implicit adjacency MTU verification is not performed when hello padding is disabled.

Example
The following command disables hello padding on all IS-IS VLANs:

disable isis vlan all hello-padding

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable isis restart-helper

disable isis restart-helper

Description
This command disables the IS-IS restart helper.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

1960 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
When this feature is disabled, the router does not act as a restart helper and may time
out a restarting router’s adjacency per normal operation.

Example
The following command disables the IS-IS restart helper:

disable isis restart-helper

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable jumbo-frame ports

disable jumbo-frame ports [all | port_list]

Description
Disables jumbo frame support on a port.

Syntax Description
all Specifies all ports.
port_list Specifies one or more ports or slots and ports.

Default
Disabled.

Usage Guidelines
Use this command to disable jumbo frames on individual ports.

Example
The following command disables jumbo frame support on a switch:

disable jumbo-frame ports all

Switch Engine™ Command Reference Guide for version 32.7.1 1961

History Commands

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable l2vpn
disable l2vpn [vpls [vpls_name | all] | vpws [vpws_name | all]]

Description
Disables the specified VPLS or VPWS.

Syntax Description
vpls_name Identifies the VPLS within the switch (character string).
vpws_name Identifies the VPWS within the switch (character string).
all Specifies all VPLS or VPWS instances.

Default
All newly created VPLS instances are enabled.

Usage Guidelines
When a VPLS or VPWS instance is disabled, all sessions to its configured peers are
terminated. Any locally attached service VLAN/VMAN is immediately isolated from
other devices residing in the VPN. If this is an H-VPLS core node, then all spoke nodes
connected to this peer are isolated unless redundant core access is configured.

The l2vpn keyword is introduced in ExtremeXOS Release 12.4 and is required when
disabling a VPWS. For backward compatibility, the l2vpn keyword is optional when
disabling a VPLS. However, this keyword will be required in a future release, so we
recommend that you use this keyword for new configurations and scripts.

Example
The following command disables the VPLS named myvpls:

disable vpls myvpls

The following command disables the VPWS named myvpws:

disable l2vpn vpws myvpws

1962 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.6.

The l2vpn and vpws keywords were first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable l2vpn health-check vccv

disable l2vpn [vpls [vpls_name | all] | vpws [vpws_name | all]] health-
check vccv

Description
Disables the VCCV health check feature on the specified VPLS or VPWS instances.

Syntax Description
vpls_name Identifies the VPLS for which health check is to be disabled.
vpws_name Identifies the VPWS for which health check is to be disabled.
all Specifies that health check is to be disabled on all VPLS instances on
the local node.

Default
Health check is disabled.

Usage Guidelines
The l2vpn keyword was introduced in ExtremeXOS Release 12.4 and is required when
disabling health check for a VPWS instance. For backward compatibility, the l2vpn
keyword is optional when disabling health check for VPLS instance. However, this
keyword will be required in a future release, so we recommend that you use this
keyword for new configurations and scripts.

Example
The following command disables the health check feature on the VPLS instance
myvpls:

disable l2vpn vpls myvpls health-check vccv

Switch Engine™ Command Reference Guide for version 32.7.1 1963

History Commands

History
This command was first available in ExtremeXOS 12.1.

The l2vpn and vpws keywords were first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable l2vpn service

disable l2vpn [vpls [vpls_name | all] | vpws [vpws_name | all]] service

Description
Disables the configured services for the specified VPLS or VPWS.

Syntax Description
vpls_name Identifies the VPLS within the switch (character string).
vpws_name Identifies the VPWS within the switch (character string).
all Specifies all VPLS or VPWS instances.

Default
Enabled.

Usage Guidelines
When services are disabled, the VPLS or VPWS is removed from all peer sessions. The
keyword all disables services for all VPLS instances.

The l2vpn keyword was introduced in ExtremeXOS Release 12.4 and is required when
disabling a service for a VPWS peer. For backward compatibility, the l2vpn keyword
is optional when disabling a service for a VPLS peer. However, this keyword will be
required in a future release, so we recommend that you use this keyword for new
configurations and scripts.

Example
The following command disables the configured services for VPLS myvpls:

disable l2vpn vpls myvpls service

1964 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.6.

Thel2vpn and vpws keywords were first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable l2vpn sharing

disable l2vpn sharing

Description
Disables LSP sharing for Layer 2 VPN pseudo-wires.

Syntax Description
This command has no keywords or arguments.

Default
Disabled.

Usage Guidelines
This command disables LSP sharing for L2VPN PWs. When LSP sharing is disabled, only
1 named LSP is used for a PW. When LSP sharing is enabled, up to 16 named LSPs are
used for a PW.

If LSP Sharing is disabled, and more than 1 Transport LSP is programmed into HW,
all but 1 Transport LSP is removed from HW, and the configuration is preserved. If
LSP Sharing is enabled, and more than 1 Transport LSP was previously configured, the
remaining LSPs is programmed into HW as they become available for use.

Example
The following command disables LSP sharing for L2VPN PWs:

disable l2vpn sharing

History
This command was first available in ExtremeXOS 15.4.

Switch Engine™ Command Reference Guide for version 32.7.1 1965

Platform Availability Commands

Platform Availability
This command is available only on the platforms that support as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable l2vpn vpls peer fdb send-mac-withdrawal

disable l2vpn vpls peer [ipaddress | all] fdb send-mac-withdrawal

Description
Disables the MAC address withdrawal capability.

Syntax Description
l2vpn Designates L2 VPN configuration.
vpls Designates VPLS of MPLS configuration.
peer Designates VPLS peer.
ipaddress Selects the VPLS peer of the provided IP address.
all Selects all VPLS peers.
fdb Designates FDB.
send-mac-withdrawal Disables sending the MAC address withdrawal message.

Default
Enabled.

Usage Guidelines
When disabled, the switch does not send MAC address withdrawal messages. If a
MAC address withdrawal message is received from another VPLS peer, the local peer
processes the message and withdraws the specified MAC addresses from its FDB,
regardless of the MAC address withdrawal configuration.

Example
The following command disables MAC address withdrawal message for all VPLS peers:
# disable l2vpn vpls peer all fdb send-mac-withdrawal

History
This command was first available in ExtremeXOS 12.1.

The l2vpn keyword was added in ExtremeXOS 12.4.

1966 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable learning iparp sender-mac

disable learning iparp {vr vr_name} sender-mac

Description
Disables MAC address learning from the payload of IP ARP packets.

Syntax Description
vr_name Specifies a virtual router.

Default
Disabled.

Usage Guidelines
To view the configuration for this feature, use the following command: show iparp

Example
The following example disables MAC address learning from the payload of IP ARP
packets:
disable learning iparp sender-mac

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

disable learning port

disable learning {drop-packets | forward-packets} port [port_list | all]

Description
Disables MAC address learning on one or more ports for security purposes.

Switch Engine™ Command Reference Guide for version 32.7.1 1967

Syntax Description Commands

Syntax Description
drop-packets Specifies that packets with unknown source MAC
addresses be dropped. When disable learning is
configured, this is the default behavior.
forward-packets Specifies that packets with unknown source MAC
addresses be forwarded.
port Specifies the port.
port_list Specifies one or more ports or slots and ports.
all Specifies all ports and slots.

Default
Enabled.

Usage Guidelines
Use this command in a secure environment where access is granted via permanent
forwarding databases (FDBs) per port.

Example
The following command disables MAC address learning on port 4 on a switch:

disable learning ports 4

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable learning vxlan ipaddress

disable learning {forward-packets | drop-packets} vxlan {vr vr_name}
ipaddress remote_ipaddress

Description
This command disables learning a remote endpoint.

1968 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
forward-packets Forward packets with unknown source MAC addresses.
drop-packets Drop packets with unknown source MAC addresses.
vr VR/VRF instance the IPv4 address is configured on.
vr_name An existing VR/VRF name.

Default
N/A.

Usage Guidelines
N/A.

Example
To disable learning on a remote endpoint:
disable learning vxlan ipaddress 1.2.3.4

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is supported on the ExtremeSwitching 5320, 5420, 5520, and 5720 series
switches, and stacks with 5320, 5420, 5520, and 5720 slots only.

disable led locator

disable led locator { slot [slot | all ]}

Description
Disables the front panel LEDs from flashing on a switch.

Syntax Description
slot slot Slot number.
all All slots.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 1969

Usage Guidelines Commands

Usage Guidelines
None.

Example
The following example disables the front panel LEDs on all slots:
disable led locator all

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable lldp ports

disable lldp ports [all | port_list] {receive-only | transmit-only}

Description
Disables LLDP transmit mode, receive mode, or transmit and receive mode on the
specified port or ports.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
receive-only Specifies that only the receive mode for LLDP is disabled.
transmit-only Specifies that only the transmit mode for LLDP is disabled.

Default
Enabled.

Usage Guidelines
If you do not specify an option, both LLDP modes (transmit and receive) are disabled.

Example
The following example disables the LLDP receive mode on ports 1:2 to 1:6.

disable lldp ports 1:2-1:6 receive-only

1970 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable log debug-mode

disable log debug-mode

Description
Disables debug mode. The switch stops generating debug events.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command disables debug mode. Debug mode must be enabled prior
to configuring advanced debugging capabilities. These include allowing debug
messages, which can severely degrade performance. For typical network device
monitoring, debug mode should remain disabled, the default setting. Debug mode
should only be enabled when advised by technical support, or when advanced
diagnosis is required. The debug mode setting is saved to FLASH.

The following configuration options require that debug mode be enabled:

• Including a severity of debug-summary, debug-verbose, or debug-data when
configuring filters.
• Target format options process-name, process-id, source-function, and source-line.

Example
The following command disables debug mode:

disable log debug-mode

History
This command was first available in ExtremeXOS 10.1.

Switch Engine™ Command Reference Guide for version 32.7.1 1971

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

disable log display

disable log display

Description
Disables the sending of messages to the console display.

In a stack, this command is applicable only to Master and Backup nodes and not
applicable to the standby nodes.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
If the log display is disabled, log information is no longer written to the serial console.

This command setting is saved to FLASH and determines the initial setting of the
console display at boot up.

You can also use this following command to control logging to different targets:

This command is equivalent to disable log target console-display command.

Example
The following command disables the log display:
disable log display

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

1972 Switch Engine™ Command Reference Guide for version 32.7.1

Commands disable log target

disable log target

disable log target [console | memory-buffer | nvram |primary-node |
backup-node | session | syslog [all | ipaddress udp-port {udp_port}
| ipPort | ipaddress tls_port {tls_port}] {vr vr_name} {local0 ...
local7}]]

Description
Stops sending log messages to the specified target.

In a stack, this command is applicable only to Master and Backup nodes and not
applicable to the standby nodes.

Syntax Description
console Specifies the console display.
memory-buffer Specifies the switch memory buffer.
nvram Specifies the switch NVRAM.
primary-node Specifies the primary node in a stack.
backup-node Specifies the backup node in a stack.
session Specifies the current session (including console
display).
syslog Specifies a syslog target.
all Specifies all of the remote syslog servers.
ipaddress Specifies the syslog host name or IP address.
ipPort Specifies the UDP port number for the syslog target.
tls_port Specifies remote Syslog server Transport Layer Security
(TLS) for connection type.
tls_port TLS port number.
vr_name Specifies the virtual router that can reach the server IP
address.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine
32.7.1 Feature License Requirements document..

local0 ... local7 Specifies the local syslog facility.

Default
Enabled, for memory buffer, NVRAM, primary node, and backup node; all other targets
are disabled by default.

Switch Engine™ Command Reference Guide for version 32.7.1 1973

Usage Guidelines Commands

Usage Guidelines
This command stops sending messages to the specified target. By default, the memory
buffer, NVRAM, primary node, and backup node targets are enabled. Other targets
must be enabled before messages are sent to those targets.

Configuration changes to the session target are in effect only for the duration of the
console display or Telnet session, and are not saved in FLASH. Changes to the other
targets are saved to FLASH.

You can also use the following command to disable displaying the log on the console:
disable log display

The disable log display command is equivalent to disable log target console-
display command.

Example
The following example disables log messages to the current session:
disable log target session

History
This command was first available in ExtremeXOS 10.1.

The ipPort parameter was first available in ExtremeXOS 11.0.

The udp port parameter was added in ExtremeXOS 21.1.

Transport Layer Security (TLS) option added in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable log target upm

disable log target upm {upm_profile_name}

Description
Disables the specified UPM log target.

Syntax Description
upm_profile_name Specifies the name of the UPM log target to be disabled.

1974 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
This command disables the log target and retains any configurations applied to that
target. To delete a target and any configuration applied to the target, use the following
command:
delete log target upm {upm_profile_name}

Example
The following example disables the UPM log target "testprofile1":
disable log target upm testprofile1

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the Universal Port feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

disable log target xml-notification

disable log target xml-notification xml_target_name

Description
Disables a Web server target.

Syntax Description
xml_target_name Specifies the name of the xml-notification target.

Default
N/A.

Usage Guidelines
Use this command to disable a web server EMS target.

Switch Engine™ Command Reference Guide for version 32.7.1 1975

Example Commands

Example
The following command disables the Web server target target2:
disable log target xml-notification target2

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

disable loopback-mode vlan

disable loopback-mode [ {vlan} vlan_name | vlan vlan_list]

Description
Disallows a VLAN to be placed in the UP state without an external active port. This
allows (disallows) the VLANs routing interface to become active.

Syntax Description
vlan_name Specifies a VLAN name.
vlan_list Specifies a VLAN list of IDs.

Default
N/A.

Usage Guidelines
Use this command to specify a stable interface as a source interface for routing
protocols. This decreases the possibility of route flapping, which can disrupt
connectivity.

Example
The following example disallows the VLAN accounting to be placed in the UP state
without an external active port:
disable loopback-mode vlan accounting

History
This command was first available in ExtremeXOS 10.1.

1976 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

The vlan_list option was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable mac-lockdown-timeout ports

disable mac-lockdown-timeout ports [all | port_list]

Description
Disables the MAC address lock down timeout feature for the specified port or group of
ports or for all ports on the switch.

Syntax Description
all Specifies all ports.
port_list Specifies one or more ports or slots and ports.

Default
By default, the MAC address lock down feature is disabled.

Usage Guidelines
If you disable the MAC lock down timer on a port, existing MAC address entries for the
port will time out based on the FDB aging period.

Example
The following command disables the MAC address lock down timer set for ports 2:3
and 2:4:

disable mac-lockdown-timeout ports 2:3, 2:4

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1977

disable mac-locking ports Commands

disable mac-locking ports

disable mac-locking ports [port_list | all]

Description
Disables MAC locking on the specified port.

Syntax Description
port_list Specifies one or more ports or slots and ports.
all Specifies all ports.

Default
MAC locking is disabled by default.

Usage Guidelines
None.

Example
The following example disables MAC locking on port 14:
disable mac-locking ports 14

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable mac-locking
disable mac-locking

Description
Disables MAC locking globally on the switch.

Syntax Description
This command has no arguments or variables.

1978 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
MAC locking is disabled by default.

Usage Guidelines
If you disable MAC locking globally, you cannot enable MAC locking on a specific port.

Example
The following example disables MAC locking on the switch.
disable mac-locking

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable mirror
disable mirror [mirror_name | all]

Description
Disables a mirror instance.

Syntax Description
mirror_name Specifies the mirror name.
all Specifies all mirror instance are deleted.

Default
Disabled.

Usage Guidelines
Use this command to disable mirrors. Disabling an instance only changes the state, its
configuration remains as defined (a change from current operation, which loses some
configuration parameters).

Switch Engine™ Command Reference Guide for version 32.7.1 1979

Example Commands

Example
The following example disable a mirror instance named "mirror1" :

disable mirror mirror1

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable mirror control_index

disable mirror control_index {mirror mirror_name}

Description
Disables a Mirror MIB instance or the assigned instance to an existing mirror.

Syntax Description
control_index Selects the Mirror MIB instance to disable. Range is 1
through 4.
mirror Designates specifying a mirror name associated within the
specified control index.
mirror_name Specifies the mirror name associated within the specified
control index.

Default
Disabled.

Usage Guidelines
Specifying a mirror name only disables that mirror within the Mirror MIB group (control
index).

Example
The following example disables Mirror MIB specified by control index "1":
# disable mirror 1

1980 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The following example disables the mirror named "m1" within the Mirror MIB specified
by control index "1":
# disable 1 mirror m1

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable mlag port

disable mlag port port

Description
Removes a local port or LAG from an .

Syntax Description
port Specifies a local member port of the MLAG group.

Default
N/A.

Usage Guidelines
Use this command to remove a local port or LAG from an MLAG.

Example
The following command unbinds the local member port 2:
# disable mlag port 2

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 1981

disable mlag port reload-delay Commands

disable mlag port reload-delay

disable mlag port reload-delay

Description
This command disables reload-delay on Multi-switch Link Aggregation Group (MLAG)
ports.

Syntax Description
This command has no arguments or variables.

Default
MLAG reload-delay is disabled by default.

Usage Guidelines
There are cases where MLAG ports comes up quicker than ISC ports after a switch
reboot causing traffic loss during this time gap. This command disables this timer
feature.

Example
The following example disables the MLAG reload-delay timer:
# disable mlag port reload-delay

History
This command was first available in ExtremeXOS 22.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable mld
disable mld {vlan name}

Description
Disables MLD on a router interface. If no VLAN is specified, MLD is disabled on all router
interfaces.

1982 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
name Specifies a VLAN name.

Default
Disabled.

Usage Guidelines
MLD is a protocol used by an IPv6 host to register its IPv6 multicast group membership
with a router. Periodically, the router queries the multicast group to see if the group is
still in use. If the group is still active, hosts respond to the query, and group registration
is maintained.

MLD is disabled by default on the switch. However, the switch can be configured to
enable the generation and processing of MLD packets. MLD should be enabled when
the switch is configured to perform IPv6 unicast or IPv6 multicast routing.

This command disables all MLD versions. When MLD is disabled, the MLDv2
compatibility mode setting is lost. If compatibility mode is not specified in the
command when MLD is enabled again, MLDv1 compatibility mode is set.

Example
The following example disables MLD on VLAN accounting:
disable mld vlan accounting

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

disable mld snooping

disable mld snooping {with-proxy | vlan name}

Description
Disables MLD snooping.

Switch Engine™ Command Reference Guide for version 32.7.1 1983

Syntax Description Commands

Syntax Description
with-proxy Disables the MLD snooping proxy.
name Specifies a VLAN.

Default
The with-proxy option is enabled by default.

Usage Guidelines
If a VLAN is specified, MLD snooping is disabled only on that VLAN, otherwise MLD
snooping is disabled on all VLANs.

The with-proxy option can be used for troubleshooting purpose. It should be enabled
for normal network operation.

Enabling the proxy allows the switch to suppress the duplicate join requests on a group
to forward to the connected Layer 3 switch. The proxy also suppresses unnecessary
MLD done messages so that they are forwarded only when the last member leaves the
group.

Example
The following example disables MLD snooping on the VLAN accounting:
disable mld snooping accounting

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

disable mld-ssm map

disable mld-ssm map {{vr} vr_name}

Description
Disables MLD SSM mapping on a VR.

Syntax Description
vr vr_name Specifies a virtual router name.

1984 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Disabled.

Usage Guidelines
Use this command to disable MLD SSM mapping on a VR.

Example
The following example disables SSM mapping on VR1:
disable mld-ssm map vr vr1

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

disable mpls
disable mpls

Description
Disables MPLS on the switch.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
When MPLS is disabled, no label traffic is received or transmitted, and all MPLS-related
protocol peer sessions are terminated.

Example
The following command globally disables MPLS on the switch:
disable mpls

Switch Engine™ Command Reference Guide for version 32.7.1 1985

History Commands

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable mpls bfd

disable mpls bfd [vlan all | {vlan} vlan_name] {delete-sessions}

Description
Disables the Bidirectional Forwarding Detection (BFD) client for MPLS on the specified
VLAN or on all VLANs.

Syntax Description
vlan_name Specifies the VLAN on which to disable the MPLS BFD
client.
delete-sessions Specifies to delete all MPLS BFD sessions.

Default
Keep existing MPLS BFD sessions.

Usage Guidelines
This command instructs MPLS to cease the establishment of new BFD sessions with
neighbors as LSPs are established with those neighbors. The default behavior retains
the existing BFD sessions and ignores status updates from those existing sessions. The
delete-sessions option instructs MPLS to request the deletion of existing sessions.
Whether the sessions are deleted or not, the link state presented to the upper MPLS
layers reverts to the normal link operational status.

Note
Deleting existing sessions can result in a neighbor DOWN indication from BFD
to MPLS on the other end of the session (the peer switch) and a subsequent
interface DOWN indication presented to the upper layers of MPLS on that peer
switch. These actions can cause MPLS to reroute or fail the affected LSPs.

To disable the MPLS BFD client and delete all BFD sessions without disrupting the LSPs
between two switches, do the following:
• Log into switch A as an admin user and issue the command: disable mpls bfd
vlanx.

1986 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

• Log into switch B as an admin user and issue the command: disable mpls bfd
vlanx delete-sessions

Example
The following command disables the MPLS BFD client on VLAN vlan1:

disable mpls bfd vlan1

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable mpls exp examination

disable mpls exp examination

Description
Disables assigning an MPLS packet to a QoS profile based on the MPLS packet’s EXP
value.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command disables assigning an MPLS packet to a QoS profile based on the MPLS
packet's EXP value.

When disabled, all received MPLS packets are assigned to QoS profile qp1.

Example
The following command disables the assignment of an MPLS packet to a QoS profile
based on the MPLS packet’s EXP value:
disable mpls exp examination

Switch Engine™ Command Reference Guide for version 32.7.1 1987

History Commands

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable mpls exp replacement

disable mpls exp replacement

Description
Disables setting an MPLS packet's EXP value based on the packet's QoS profile.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command disables setting an MPLS packet's EXP value based on the packet's QoS
profile. The QoS profiles to EXP value mappings are configured using the configure
mpls exp replacement command.

When disabled, all MPLS packets are transmitted with an EXP value of zero.

Example
The following command disables the setting of an MPLS packet's EXP value based on
the packet's QoS profile:
disable mpls exp replacement

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

1988 Switch Engine™ Command Reference Guide for version 32.7.1

Commands disable mpls ldp bgp-routes

disable mpls ldp bgp-routes

disable mpls ldp bgp-routes

Description
Disables LDP’s use of IP prefixes learned from BGP when establishing LDP LSPs.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
This command disables LDP’s establishment of LSPs to routes learned via BGP, thus
reducing the internal resources used by LDP. Note that MPLS LSPs can still be used
to transport packets to routes learned via BGP through the use of the enable bgp
mpls-next-hop command.

When enabled, LDP uses routes learned via BGP when establishing LDP LSPs. As each
established LSP consumes internal resources, it is recommended that this setting be
used only in BGP environments where the number of BGP routes is controlled.

Example
The following command disables the use of BGP routes by LDP:
disable mpls ldp bgp-routes

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable mpls ldp loop-detection

disable mpls ldp loop-detection

Switch Engine™ Command Reference Guide for version 32.7.1 1989

Description Commands

Description
Disables LDP loop detection on the switch.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Loop detection provides a mechanism for finding looping LSPs and for preventing
Label Request messages from looping in the presence of non-merge-capable LSRs. The
mechanism makes use of Path Vector and Hop Count TLVs carried by Label Request
and Label Mapping messages.

When LDP loop detection is disabled, LDP does not attempt to detect routing loops.

Example
The following command globally disables LDP loop detection on the switch:
disable mpls ldp loop-detection

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable mpls ldp

disable mpls ldp [{vlan} vlan_name | vlan all]

Description
Disables LDP for the specified MPLS-configured VLANs.

1990 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan Disables LDP for one or more specific VLANs.
vlan_name Disables LDP on the specified VLAN.
vlan all Disables LDP for all VLANs that have been added to MPLS.

Default
Disabled.

Usage Guidelines
When LDP is disabled, all LDP-advertised labels are withdrawn and all LDP peer
sessions are terminated on the specified VLAN(s). By default, LDP is disabled for all
VLANs. Specifying the optional all keyword disables LDP for all VLANs that have been
added to MPLS.

Example
The following command disables LDP for all VLANs:

disable mpls ldp vlan all

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable mpls php

disable mpls php [{vlan} vlan_name | vlan all]

Description
Disables penultimate hop popping (PHP) on the specified VLAN. When enabled, PHP is
requested on all LSPs advertised over that VLAN for which the switch is the egress LSR.

Syntax Description
vlan Disables PHP for one or more specific VLANs.
vlan_name Disables PHP on the specified VLAN.
vlan all Disables PHP for all VLANs that have been added to MPLS.

Switch Engine™ Command Reference Guide for version 32.7.1 1991

Default Commands

Default
Disabled

Usage Guidelines
When PHP is disabled on a VLAN, penultimate hop popping is not requested on any
LSPs advertised over that VLAN for which the switch is the egress LSR. Therefore,
the Implicit Null Label is not used for any advertised mapping. Extreme's MPLS
implementation always performs penultimate hop popping when requested to do so
by a peer LSR. When the all VLANs option is selected, PHP is disabled on all existing
MPLS interfaces.

Note
PHP is sometimes used to reduce the number of MPLS labels in use. If PHP is
enabled on any MPLS interface, a unique MPLS label is consumed for every
label advertised over that interface. Therefore, if PHP is being disabled to
reduce label consumption, it should be done on all interfaces for minimal label
consumption.

In ExtremeXOS, this command can be executed while MPLS is enabled.

Example
The following command disables penultimate hop popping (PHP) on the specified
VLAN:

disable mpls php vlan vlan1

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable mpls protocol ldp

disable mpls protocol ldp

Description
Disables LDP for the switch.

Syntax Description
This command has no arguments or variables.

1992 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Disabled.

Usage Guidelines
When LDP is disabled, all advertised LDP labels are withdrawn and LDP peer sessions
are terminated. Note that this includes any LDP peer sessions established for L2 VPNs.
By default, LDP is globally disabled. While LDP is transitioning to the enabled state,
only the MPLS show commands are accepted.

Example
The following command globally disables LDP on the switch:
disable mpls protocol ldp

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable mpls protocol rsvp-te

disable mpls protocol rsvp-te

Description
Disables RSVP-TE for the switch.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
When RSVP-TE is disabled, all TE LSPs are released and TE LSPs cannot be established
or accepted. While RSVP-TE is transitioning to the disabled state, only the MPLS show
commands are accepted.

Switch Engine™ Command Reference Guide for version 32.7.1 1993

Example Commands

Example
The following command globally disables RSVP-TE on the switch:
disable mpls protocol rsvp-te

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable mpls rsvp-te bundle-message

disable mpls rsvp-te bundle-message [{vlan} vlan_name | vlan all]

Description
Disables the bundling of RSVP-TE messages for the specified VLAN interface.

Syntax Description
vlan Specifies that message-bundling is to be disabled on a
specific VLAN.
vlan_name Identifies the VLAN interface on which message bundling
is disabled.
vlan all Specifies that message bundling is disabled on all VLAN
interfaces that have been added to MPLS.

Default
Disabled.

Usage Guidelines
This command disables the bundling of RSVP-TE messages for the VLAN specified
interface. By default, message bundling is disabled. Specifying the all keyword
disables message bundling on all VLANs that have been added to MPLS.

Example
The following command disables message bundling on the specified VLAN:

disable mpls rsvp-te bundle-message vlan vlan_1

1994 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable mpls rsvp-te fast-reroute

disable mpls rsvp-te fast-reroute

Description
Disables the MPLS RSVP-TE fast reroute (FRR) protection feature.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
When FRR is disabled on the LSR, all established FRR LSPs on the local LSR are torn
down, and only standard LSPs can be signaled and processed. The configuration for
any existing FRR LSPs is retained, but it is not used until the FRR protection feature is
enabled. This command can be used to test the performance of an LSR without the
FRR functionality or when the LSR doesn't behave as expected for either standard or
FRR LSPs.

Example
The following command disables FRR protection on the local switch:
disable mpls rsvp-te fast-reroute

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 1995

disable mpls rsvp-te lsp Commands

disable mpls rsvp-te lsp

disable mpls rsvp-te lsp [lsp_name | all]

Description
Disables an RSVP-TE LSP.

Syntax Description
lsp_name Specifies the LSP within the switch to be disabled.
all Disables all RSVP-TE configured LSPs.

Default
Enabled.

Usage Guidelines
This command disables an RSVP-TE LSP. When an RSVP-TE LSP is disabled, the switch
terminates the LSP by signaling the destination by sending a PATH_TEAR message. If
there are other LSPs configured to the same destination, traffic may continue to be
transmitted to the destination over another LSP. Disabling an LSP does not otherwise
change its configuration.

Example
The following command disables the LSP named lsp598:
disable mpls rsvp-te lsp lsp598

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable mpls rsvp-te summary-refresh

disable mpls rsvp-te summary-refresh [{vlan} vlan_name | vlan all]

Description
Disables the sending of summary refresh messages, instead of path messages, to
refresh RSVP-TE path state for the specified VLAN interface.

1996 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan Specifies that summary refresh messages cannot refresh
the RSVP-TE path state on one or more VLAN interfaces.
vlan_name Specifies the VLAN interface for which RSVP-TE summary
refresh messages are to be disabled.
vlan all Specifies that summary refresh messages are to be
disabled on all VLAN interfaces that have been added to
MPLS.

Default
Disabled.

Usage Guidelines
This command disables the sending of summary refresh messages to refresh RSVP-TE
path state for the specified VLAN interface. By default, summary refresh is disabled.
Specifying the all keyword disables summary refresh on all VLANs that have been
added to MPLS.

Example
The following command disables summary refresh on the specified VLAN:

disable mpls rsvp-te summary-refresh vlan vlan_1

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable mpls rsvp-te

disable mpls rsvp-te te [{vlan} vlan_name | vlan all]

Description
Disables RSVP-TE for the specified MPLS-configured VLAN.

Switch Engine™ Command Reference Guide for version 32.7.1 1997

Syntax Description Commands

Syntax Description
vlan Specifies that RSVP-TE is to be disabled on a specific VLAN.
vlan_name Specifies the VLAN for which RSVP-TE is disabled.
vlan all Disables RSVP-TE on all VLANS that have been added to
MPLS.

Default
Disabled.

Usage Guidelines
This command disables RSVP-TE for the specified MPLS configured VLANs. When
RSVP-TE is disabled, all TE LSPs are released and TE LSPs cannot be established or
accepted. By default, RSVP-TE is disabled for all MPLS configured VLANs. Specifying the
optional all keyword disables RSVP-TE for all VLANs that have been added to MPLS.

Example
The following command disables RSVP-TE on the named VLAN:

disable mpls rsvp-te vlan vlan_10

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable mpls static lsp

disable mpls static lsp {lsp_name | all }

Description
Administratively disables one or all static LSPs.

Syntax Description
lsp_name Identifies an LSP to be disabled.
all Specifies that all static LSPs on this LSR are to be disabled.

1998 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
On executing this command, the software de-activates the specified LSPs by setting
the administrative state of each LSP to down.

Example
The following command disables a static LSP:

disable mpls static lsp lsp598

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable mpls vlan

disable mpls [{vlan} vlan_name | vlan all]

Description
Disables the MPLS interface for the specified VLAN(s).

Syntax Description
vlan Disables an MPLS interface for one or more specific VLANs.
vlan_name Disables an MPLS interface on the specified VLAN.
vlan all Disables an MPLS interface for all VLANs that have been
added to MPLS.

Default
The MPLS interface is disabled for a VLAN.

Usage Guidelines
Disabling MPLS causes all LSPs to be released and all LDP and RSVP-TE peer sessions
to be terminated on the specified VLAN(s).

Switch Engine™ Command Reference Guide for version 32.7.1 1999

Example Commands

Example
The following command disables an MPLS interface for the specified VLAN:

disable mpls vlan vlan-nyc

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable msdp
disable msdp {vr vrname}

Description
Disables MSDP on a virtual router.

Syntax Description
vrname Specifies the name of the virtual router on which MSDP is being
enabled or disabled. If a name is not specified, it is extracted from
the current CLI context.

Default
MSDP is disabled by default.

Usage Guidelines
Use this command to disable MSDP on a virtual router.

Example
The following command disables MSDP on a virtual router:
disable msdp

History
This command was first available in ExtremeXOS 12.0.

2000 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.ature-link-22.1"/>

disable msdp data-encapsulation

disable msdp data-encapsulation {vr vrname}

Description
Disables the encapsulation of locally originated SA messages with multicast data (if
available).

Syntax Description
vrname Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current CLI
context.

Default
By default, multicast data packet encapsulation is enabled for locally originated SA
messages.

Usage Guidelines
None.

Example
The following command disables multicast data packet encapsulation:
disable msdp data-encapsulation

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 2001

disable msdp export local-sa Commands

disable msdp export local-sa

disable msdp export local-sa {vr vrname}

Description
Disables the advertisement of local sources to groups for which the router is an RP.

Syntax Description
vrname Specifies the name of the virtual router to which this command applies.
If a name is not specified, it is extracted from the current CLI context.

Default
By default, the export of local sources is enabled. All sources are advertised if the router
is an RP for the groups. Use this command to disable it.

Usage Guidelines
You can create a policy to filter out some of the local sources so that they are not
advertised to MSDP peers and exposed to the external multicast domain. To configure
an export filter, you must first disable the export of local sources (with the disable
msdp export local-sa command), and then re-enable it with an export filter (with the
enable msdp export local-sa export-filter command).

Example
The following example disables the advertisement of local sources:
disable msdp export local-sa

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable msdp peer

disable msdp [{peer} remoteaddr | peer all] {vr vr_name}

2002 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures the administrative state of an MSDP peer.

Syntax Description
remoteaddr Specifies the IP address of the MSDP peer to disable.
all Disables all MSDP peers.
vr_name Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current
CLI context.

Default
By default, MSDP peers are disabled.

Usage Guidelines
Use this command to administratively disable MSDP peers to stop exchanging SA
messages.

Example
The following command disables an MSDP peer:

disable msdp peer 192.168.45.43

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable msdp process-sa-request

disable msdp [{peer} remoteaddr | peer all] process-sa-request {vr
vrname}

Description
This command configures a router to reject SA request messages from a specified peer
or all peers.

Switch Engine™ Command Reference Guide for version 32.7.1 2003

Syntax Description Commands

Syntax Description
peer all Specifies all MSDP peers.
remoteaddr Specifies the IP address of the MSDP peer.
vrname Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current CLI
context.

Default
By default, all SA request messages are accepted from all peers.

Usage Guidelines
Use this command to configure the router to reject SA request messages from a
specified peer or all peers.

You cannot change an SA request filter while SA request processing is enabled for an
MSDP peer. You must first disable SA request processing for a peer and then re-enable
it with an SA request filter.

You can use the following policy attributes in an SA request policy. All other attributes
are ignored.
• Match:
◦ multicast-group
◦ multicast-source
◦ pim-rp
• Set:
◦ permit
◦ deny

Example
The following example disables processing of SA request messages received from a
peer with the IP address 192.168.45.43:
disable msdp peer 192.168.45.43 process-sa-request

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

2004 Switch Engine™ Command Reference Guide for version 32.7.1

Commands disable msrp

disable msrp
disable msrp

Description
Disables MSRP on the switch.

Syntax Description
msrp Multiple Stream Registration Protocol.

Default
Disabled.

Usage Guidelines
Use this command to disable MSRP on a switch.

Example
The following command disables MSRP:
disable msrp

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all platforms if the AVB feature pack license is installed on
the switch.

disable mvr
disable mvr

Description
Disables MVR on the system.

Syntax Description
This command has no arguments or variables.

Switch Engine™ Command Reference Guide for version 32.7.1 2005

Default Commands

Default
Disabled.

Usage Guidelines
None.

Example
The following example disables MVR on the system:
disable mvr

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MVR feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable mvrp
disable mvrp

Description
Disables MVRP globally on a switch.

Syntax Description
mvrp Multiple VLAN Registration Protocol.

Default
Disabled.

Usage Guidelines
Use this command to disable MVRP globally on a switch. MVRP is run on the MVRP
enabled ports only if the global setting is enabled. By default, MVRP is disabled
globally and on individual ports. When MVRP is disabled globally, all MVRP packets
are forwarded transparently.

2006 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command disables MVRP:
disable mvrp

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable mvrp ports

disable mvrp ports [port_list | all]

Description
Disable MVRP on a given set of ports.

Syntax Description
mvrp Multiple VLAN Registration Protocol.
port_list Port(s) on which MVRP is to be enabled.
all All ports.

Default
Disabled.

Usage Guidelines
Use this command to disable MVRP on given set of ports. MVRP is run on the MVRP
enabled ports only if the global setting is enabled. By default MVRP is disabled globally
and on individual ports. When MVRP is disabled globally, all MVRP packets will be
forwarded transparently.

Example
The following command disables MVRP on ports 4 and 5:
disable mvrp ports 4-5

History
This command was first available in ExtremeXOS 15.3.

Switch Engine™ Command Reference Guide for version 32.7.1 2007

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

disable neighbor-discovery refresh

disable neighbor-discovery {vr vr_name} refresh

Description
Prevents the IPv6 neighbor cache from refreshing an entry before the timeout period
expires.

Syntax Description
vr_name Specifies a VR or VRF.

Default
Enabled.

Usage Guidelines
None.

Example
The following example disables the refresh of neighbor discovery cache entries:
disable neighbor-discovery refresh

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

disable netlogin authentication failure vlan ports

disable netlogin authentication failure vlan ports [ports | all]

Description
Disables the configured authentication failure VLAN on the specified ports.

2008 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
all Specifies all ports included in the authentication failure
VLAN.
ports Specifies one or more ports or slots and ports on which the
authentication failure VLAN is enabled.

Default
All ports.

Usage Guidelines
Use this command to disable the configured authentication failure VLAN on either the
specified ports, or all ports.

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable netlogin authentication service-unavailable vlan ports

disable netlogin authentication service-unavailable vlan ports [ports |
all]

Description
Disable the configured authentication service-unavailable VLAN on the specified ports.

Syntax Description
ports Specifies one or more ports or slots and ports on which the
authentication service-unavailable VLAN is enabled.
all Specifies all ports included in the authentication service-
unavailable VLAN.

Default
All ports.

Switch Engine™ Command Reference Guide for version 32.7.1 2009

Usage Guidelines Commands

Usage Guidelines
Use this command to disable the configured authentication service-unavailable VLAN
on the specified ports, or on all ports.

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable netlogin dot1x guest-vlan ports

disable netlogin dot1x guest-vlan ports [all | ports]

Description
Disables the guest VLAN on the specified 802.1X network login ports.

Syntax Description
all Specifies all ports included in the guest VLAN.
ports Specifies one or more ports included in the guest VLAN.

Default
Disabled.

Usage Guidelines
Use this command to disable the guest VLAN feature.

Enabling Guest VLANs

To enable the guest VLAN, use the following command:
enable netlogin dot1x guest-vlan ports [all | ports]

Example
The following command disables the guest VLAN on all ports:

disable netlogin dot1x guest-vlan ports all

2010 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable netlogin logout-privilege

disable network login logout-privilege

Description
Disables network login logout window pop-up.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
This command controls the logout window pop-up on the web-based network client.
This command applies only to the web-based authentication mode of network login.
When disabled, the logout window pop-up will no longer appear. However, if session
refresh is enabled, the login session will be terminated after the session refresh
timeout.

Example
The following command disables network login logout-privilege:

disable netlogin logout-privilege

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 2011

disable netlogin ports Commands

disable netlogin ports

disable netlogin ports ports [{dot1x} {mac} {web-based}]

Description
Disables network login on a specified port for a particular method.

Syntax Description
ports Specifies the ports for which network login should be
disabled.
dot1x Specifies 802.1X authentication.
mac Specifies MAC-based authentication.
web-based Specifies web-based authentication.

Default
Network login is disabled by default.

Usage Guidelines
Network login must be disabled on a port before you can delete a VLAN that contains
that port.

This command applies to the MAC-based, web-based, and 802.1X mode of network
login. To control which authentication mode is used by network login, use the following
commands:
enable netlogin [{dot1x} {mac} {web-based}] disable netlogin [{dot1x}
{mac} {web-based}]

Example
The following command disables dot1x and web-based network login on port 2:9:
disable netlogin ports 2:9 dot1x web-based

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

2012 Switch Engine™ Command Reference Guide for version 32.7.1

Commands disable netlogin reauthenticate-on-refresh

disable netlogin reauthenticate-on-refresh

disable netlogin reauthenticate-on-refresh

Description
Disables network login reauthentication on refresh.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
The web-based Netlogin client's session is periodically refreshed by sending an HTTP
request which acts as a keep-alive without actually re-authenticating the user's
credentials with the back-end RADIUS server or local database. If reauthenticate-on-
refresh is enabled, re-authentication occurs with the session refresh.

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable netlogin redirect-page

disable netlogin redirect-page

Description
Disables the network login redirect page function.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2013

Usage Guidelines Commands

Usage Guidelines
This command disables the network login redirect page so that the client is sent to the
originally requested page.

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable netlogin session-refresh

disable netlogin session-refresh

Description
Disables network login session refresh.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Network login sessions can refresh themselves after a configured timeout. After the
user has been logged in successfully, a logout window opens which can be used to
close the connection by clicking on the LogOut link. Any abnormal closing of this
window is detected on the switch and the user is logged out after a time interval as
configured for session refresh. The session refresh is enabled and set to three minutes
by default.

This command applies only to the web-based authentication mode of network login.

Example
The following command disables network login session refresh:

disable netlogin session-refresh

2014 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable netlogin
disable netlogin [{dot1x} {mac} {web-based}]

Description
Disables network login modes.

Syntax Description
dot1x Specifies 802.1X authentication.
mac Specifies MAC-based authentication.
web-based Specifies web-based authentication.

Default
All types of authentication are disabled.

Usage Guidelines
Any combination of authentication types can be disabled on the same switch. To
enable an authentication mode, use the following command:
enable netlogin [{dot1x} {mac} {web-based}]

Example
The following command disables MAC-based network login:

disable netlogin mac

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 2015

disable network-clock gptp ports Commands

disable network-clock gptp ports

disable network-clock gptp ports [port_list {only} | all]

Description
Disables gPTP on one or more ports.

Syntax Description
port_list Specifies one or more the the switch's physical ports.
only Apply change only to specified port, even if port is master
of a load sharing group.
all Specifies all of the switch's physical ports.

Default
Disabled.

Usage Guidelines
Use this command to configure on which ports gPTP runs. gPTP runs on no ports if it is
not enabled in the switch by enable network-clock gptp.

Example
disable network-clock gptp ports 1-3

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all platforms if the AVB feature pack license is installed on
the switch.

disable network-clock gptp

disable network-clock gptp

Description
Disables gPTP on the switch.

2016 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
network-clock Network clock.
gptp IEEE 802.1AS Generalized Precision Time Protocol (gPTP).

Default
Disabled.

Usage Guidelines
Use this command to disable gPTP after having enabled it.

Example
disable network-clock gptp

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the AVB feature pack license and
have it installed. For complete information about software licensing, including how to
obtain and upgrade your license, and which platforms support the AVB feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

disable nodealias ports

disable nodealias ports [port_list | all]

Description
This command disables the Node Alias feature on specified ports. Node Alias discovers
information about the end systems on a per-port basis. Information from packets from
end systems, such as VLANID, source MAC address, source IP address, protocol, etc. are
captured in a database that can be queried.

Syntax Description
nodealias Node Alias feature that maps source IP address, MAC
address, host name, and protocol on a per port basis.
ports Designates that Node Alias should be disabled on specified
ports.

Switch Engine™ Command Reference Guide for version 32.7.1 2017

Default Commands

port_list Specifies on which ports to have Node Alias disabled.

Designated as a port list separated by comma (,) or dash
(-).
all Specifies that all ports have Node Alias disabled.

Default
Node Alias is disabled by default on all ports.

Usage Guidelines
If the port is part of a LAG, Node Alias should be disabled separately on each LAG port.

Example
The following example disables Node Alias on all ports:
disable nodealias ports all

History
This command was first available in ExtremeXOS 22.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable nodealias protocol

disable nodealias protocol [protocol_name | any]

Description
This command designates the specific protocols to remove from the list of detected
protocols for the Node Alias feature. Node Alias discovers information about the
end systems on a per-port basis. Information from packets from end systems, such
as VLANID, source MAC address, source IP address, protocol, etc. are captured in a
database that can be queried.

Syntax Description
nodealias Node Alias feature that maps source IP address, MAC
address, host name, and protocol on a per port basis.
protocol Designates selection of protocols to detect.

2018 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

protocol_name Specifies disabling a protocol to detect (one at a time).

The following protocols are enabled by default: IPv4, IPv6,
OSPF, BGP, VRRP, DHCPS, DHCPC, BOOTPS, BOOTPC,
UDP, BPDU, LLMNR, SSDP, and mDNS.
any Specifies disabling all protocols.

Default
The following protocols are enabled by default: IPv4, IPv6, OSPF, BGP, VRRP, DHCPS,
DHCPC, BOOTPS, BOOTPC, UDP, BPDU, LLMNR, SSDP, and mDNS.

Note
• ARP is categorized under IP.
• UDP entry is created when destination IP address is broadcast.
• BPDU means STP and GVRP frames.

Usage Guidelines
By default, the following protocols are enabled (IPv4, IPv6, OSPF, BGP, VRRP, DHCPS,
DHCPC, BOOTPS, BOOTPC, UDP, BPDU, LLMNR, SSDP, mDNS). You can optionally
disable any of these protocols (and then enable them back if desired).

Example
The following example disables BGP from being detected:
disable nodealias protocol bgp

History
This command was first available in ExtremeXOS 22.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ntp
disable ntp

Description
Disables NTP globally on the switch.

Syntax Description
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 2019

Default Commands

Default
NTP is disabled by default.

Usage Guidelines
N/A.

Example
The following command disables NTP globally on the switch:

disable ntp

History
This command was first available in ExtremeXOS 12.7.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ntp authentication

disable ntp authentication

Description
Disables NTP authentication globally on the switch.

Syntax Description
N/A.

Default
NTP authentication is disabled by default.

Usage Guidelines
If authentication is disabled, NTP will not use any authentication mechanism to
a server or from clients. To use authentication for a specific server, enable NTP
authentication globally, and then configure an RSA Data Security, Inc. MD5 Message-
Digest Algorithm or SHA256 key index for the specific server.

2020 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command disables NTP authentication globally on the switch:
# disable ntp authentication

History
This command was first available in ExtremeXOS 12.7.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ntp broadcast-client

disable ntp broadcast-client {{vr} vr_name}

Description
Disables an NTP broadcast client on the switch.

Syntax Description
broadcast-client Specifies enabling NTP broadcast client.
vr Specifies disabling NTP broadcast client for a VR.
vr_name Specifies the VR name. If a VR name is not specified, the VR
of current command context is used.

Default
An NTP broadcast client is enabled by default.

If a VR name is not specified, the VR of current command context is used.

Usage Guidelines
If the broadcast client function is enabled, the system can receive broadcast-based NTP
messages and process them only if a VLAN is enabled for NTP and the VLAN is active.

Example
The following command disables an NTP broadcast client on the switch:

disable ntp broadcast client

Switch Engine™ Command Reference Guide for version 32.7.1 2021

History Commands

History
This command was first available in ExtremeXOS 12.7.

The vr was added in ExtremeXOS 22.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ntp broadcast-server

disable ntp {vlan} vlan-name broadcast-server

Description
Prevents NTP from sending broadcast messages to a VLAN.

Syntax Description
vlan-name Specifies the name of a particular VLAN.

Default
NTP does not send broadcast messages to a VLAN by default.

Usage Guidelines
N/A.

Example
The following command prevents NTP from sending broadcast messages to a VLAN
called “Northwest”:

disable ntp vlan Northwest broadcast-server

History
This command was first available in ExtremeXOS 12.7.

Platform Availability
This command is available on all Universal switches supported in this document.

2022 Switch Engine™ Command Reference Guide for version 32.7.1

Commands disable ntp vlan

disable ntp vlan

disable ntp [{vlan} vlan-name | all] {{vr} vr_name}

Description
Disables NTP on a VLAN.

Syntax Description
disable Disables NTP on a VLAN.
vlan-name Specifies the name of a particular VLAN on which to enable
or disable NTP.
all Enables or disables NTP on all VLANs.
vr Specifies disabling NTP on a VR.
vr_name Specifies the VR name to disable NTP on. If a VR name is
not specified, the VR of current command context is used.

Default
NTP is disabled on all VLANs by default.

Usage Guidelines
N/A.

Example
The following command disables NTP on all VLANs:

disable ntp all

The following command disables NTP on specific VLAN:

disable ntp vlan vlan-1

History
This command was first available in ExtremeXOS 12.7.

The vr option was added in ExtremeXOS 22.2

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 2023

disable ntp vr Commands

disable ntp vr
disable ntp vr vr_name

Description
This command disables NTP from the specified VR.

Syntax Description
vr Specifies disabling NTP on a VR.
vr_name Specifies the VR name to disable NTP from. If a VR name is
not specified, the VR of current command context is used.

Default
If a VR name is not specified, the VR of current command context is used.

Example
The following example disables NTP from a VR named "vr1".
disable ntp vr vr1

History
This command was first available in ExtremeXOS 22.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ospf
disable ospf

Description
Disables the OSPF process for the router.

Syntax Description
This command has no keywords or arguments.

Default
N/A.

2024 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Not applicable.

Example
The following command disables the OSPF process for the router:

disable ospf

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable ospf capability opaque-lsa

disable ospf capability opaque-lsa

Description
Disables opaque LSAs across the entire system.

Syntax Description
This command has no keywords or arguments.

Default
Enabled.

Usage Guidelines
Opaque LSAs are a generic OSPF mechanism used to carry auxiliary information in
the OSPF database. Opaque LSAs are most commonly used to support OSPF traffic
engineering.

Normally, support for opaque LSAs is auto-negotiated between OSPF neighbors. In the
event that you experience interoperability problems, you can disable opaque LSAs.

If your network uses opaque LSAs, all routers on your OSPF network should support
opaque LSAs. Routers that do not support opaque LSAs do not store or flood them. At
minimum a well-interconnected subsection of your OSPF network needs to support
opaque LSAs to maintain reliability of their transmission.

Switch Engine™ Command Reference Guide for version 32.7.1 2025

Example Commands

On an OSPF broadcast network, the designated router (DR) must support opaque LSAs
or none of the other routers on that broadcast network will reliably receive them. You
can use the OSPF priority feature to give preference to an opaque-capable router, so
that it becomes the elected DR.

For transmission to continue reliably across the network, the backup designated router
(BDR) must also support opaque LSAs.

Example
The following command disables opaque LSAs across the entire system:

disable ospf capability opaque-lsa

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable ospf export

disable ospf export [bgp | direct | direct-inter-vr | host-mobility |
e-bgp | i-bgp | rip | static | isis | isis-level-1| isis-level-1-
external | isis-level-2 | isis-level-2-external]

Description
Disables redistribution of routes to OSPF.

Syntax Description
bgp Specifies BGP routes.
direct Specifies direct routes.
Specifies Inter-VR leaked Specifies Inter-VR leaked direct routes.
direct routes.
host-mobility Specifies host mobility.
e-bgp Specifies E-BGP routes.
i-bgp Specifies I-BGP routes.
rip Specifies RIP routes.
static Specifies static routes.
isis Specifies IS-IS routes.

2026 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

isis-level-1 Specifies ISIS Level 1 routes.

isis-level-1-external Specifies ISIS Level 1 External routes.
isis-level-2 Specifies ISIS Level 2 routes.
isis-level-2-external Specifies ISIS Level 2 External routes.

Default
The default setting is disabled.

Usage Guidelines
Use this command to stop OSPF from exporting routes derived from other protocols.

Example
The following command disables OSPF to export BGP-related routes to other OSPF
routers:
disable ospf export bgp

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable ospf export vr

disable ospf export {vr} vr-name route-type

Description
Disables redistribution of routes between OSPF instances.

Syntax Description
vr Specifies Virtual Router.
vr-name Specifies the source Virtual Router for exported routes.
route-type Specifies the OSPF inter-VR export route type.

Default
The default setting is disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2027

Usage Guidelines Commands

Usage Guidelines
Use this command to stop OSPF from exporting routes between other protocols.

Example
The following command disables OSPF to redistribute routes between OSPF instances:
disable ospf export vr ??

History
This command was first available in ExtremeXOS 32.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ospf mpls-next-hop

disable ospf mpls-next-hop {vr vrf_name}

Description
Disables IP forwarding over calculated MPLS LSPs to subnets learned via OSPF.

Syntax Description
vrf_name Specifies OSPF on a particular VRF.

Default
Disabled.

Usage Guidelines
This command disables IP forwarding over calculated MPLS LSPs to subnets learned
via OSPF. (Calculated refers to an LSP that only reaches part of the way to the
destination). By default, IP forwarding over MPLS LSPs to subnets learned via OSPF
is disabled.

In order to disable OSPF on a particular VRF, you must supply the optional vr vr-name
CLI parameter.

Example
The following command disables OSPF’s use of MPLS LSPs to reach OSPF routes:
disable ospf mpls-next-hop

2028 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.6.

The vr keyword and vrf_name variable were added in ExtremeXOS 15.3.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable ospf originate-default

disable ospf originate-default

Syntax Description
There are no keywords or variables for this command.

Default
Not applicable.

Usage Guidelines
Not applicable.

Example
The following command disables generating a default external LSA:

disable ospf originate-default

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable ospf restart-helper-lsa-check

disable ospf [vlan [all | vlan-name] | area area-identifier | virtual-
link router-identifier area-identifier] restart-helper-lsa-check

Switch Engine™ Command Reference Guide for version 32.7.1 2029

Description Commands

Description
Disables the restart helper router from terminating graceful OSPF restart when
received LSAs would affect the restarting router.

Syntax Description
all Specifies all VLANs.
vlan-name Specifies a VLAN name.
router-identifier Specifies the router ID of the remote router of the virtual
link.
area-identifier Specifies an OSPF area.

Default
The default is enabled.

Usage Guidelines
This command disables the restart helper router from terminating graceful OSPF
restart when received LSAs would affect the restarting router.

Example
The following command disables a router from terminating graceful OSPF restart for all
routers in area 10.20.30.40 if it receives an LSA that would affect routing:

disable ospf area 10.20.30.40 restart-helper-lsa-check

History
This command was first available in ExtremeXOS 11.3.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable ospf use-ip-router-alert

disable ospf use-ip-router-alert

Description
Disables the router alert IP option in outgoing OSPF control packets.

2030 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
This command has no keywords or arguments.

Default
Disabled.

Usage Guidelines
Not applicable.

Example
The following command disables the OSPF router alert IP option:

disable ospf use-ip-router-alert

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable ospf vxlan-extensions

disable ospf vxlan-extensions

Description
This command disables the OSPFv2 VXLAN extensions.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 2031

Example Commands

Example
# disable ospf vxlan-extensions

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is supported on ExtremeSwitching 5420 and 5520 series switches, and
stacks with 5420 and 5520 slots only.

disable ospfv3
disable ospfv3

Description
Disables OSPFv3 for the router.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

Example
The following command disables OSPFv3 for the router:

disable ospfv3

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Advanced Edge or Core license as
described in the Switch Engine 32.7.1 Feature License Requirements document.

2032 Switch Engine™ Command Reference Guide for version 32.7.1

Commands disable ospfv3 restart-helper-lsa-check

disable ospfv3 restart-helper-lsa-check

disable ospfv3 [[vlan | tunnel] all | vlanvlan-name | {tunnel} tunnel-
name | area area-identifier] restart-helper-lsa-check

Description
This command configures the restart helper router to terminate OSPFv3 graceful
restart when received LSAs would affect the restarting router. This occurs when the
restart helper receives an LSA that is flooded to the restarting router or when there
is a changed LSA on the restarting router's retransmission list when graceful restart is
initiated.

Syntax Description
vlan VLAN.
all All VLANs.
vlan-name VLAN name.
area OSPFv3 area.
area-identifier Area identifier.
restart-helper-lsa-check Terminate graceful restart mode when there is a change to
an LSA.

Default
LSA check is enabled by default.

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ospfv3 export

disable ospfv3 export [direct | ripng | static | isis | isis-level-1
| isis-level-1-external | isis-level-2 | isis-level-2-external | bgp
e-bgp i-bgp]

Description
Disables redistribution of routes to OSPFv3.

Switch Engine™ Command Reference Guide for version 32.7.1 2033

Syntax Description Commands

Syntax Description
direct Specifies direct routes.
ripng Specifies RIP routes.
static Specifies static routes.
isis Specifies IS-IS routes.
isis-level-1 Specifies IS-IS Level 1 routes.
isis-level-1-external Specifies IS-IS Level 1 External routes.
isis-level-2 Specifies IS-IS Level 2 routes.
isis-level-2-external Specifies IS-IS Level 2 External routes.
bgp Specifies BGP IPv6 routes.
e-bgp Specifies EBGP routes.
i-bgp Specifies EBGP routes.

Default
The default setting is disabled.

Usage Guidelines
Use this command to stop OSPFv3 from exporting routes derived from other protocols.

Example
The following command disables OSPFv3 to export RIPng routes to other OSPFv3
routers:

disable ospfv3 export ripng

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable ospfv3 virtual-link restart-helper-lsa-check

disable ospfv3 virtual-link {routerid} router-identifier {area} area-
identifier restart-helper-lsa-check

2034 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
This command configures the restart helper router to terminate OSPF graceful restart
when received LSAs would affect the restarting router. This occurs when the restart
helper receives an LSA that will be flooded to the restarting router or when there is
a changed LSA on the restarting router's retransmission list when graceful restart is
initiated.

Syntax Description
virtual-link OSPFv3 virtual link.
routerid OSPFv3 router ID.
router-identifier Router ID of neighbor OSPFv3 router.
area OSPFv3 area.
area-identifier Transit area ID of virtual link.
restart-helper-lsa- Terminates graceful restart helper mode when there is a
check change to an LSA (default is enabled).

Default
Enabled.

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable pim iproute sharing

disable pim {ipv4 | ipv6} iproute sharing

Description
Disables the PIM ECMP feature.

Syntax Description
iproute IP Route
sharing Equal Cost Multipath Routing

Default
Disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2035

Usage Guidelines Commands

Usage Guidelines
None.

Example
The following command disables the PIM ECMP feature:
disable pim ipv4 iproute sharing

History
This command was first available in ExtremeXOS 15.3.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable pim snooping

disable pim snooping {{vlan} name}

Description
Disables PIM snooping and clears all the snooping PIM neighbors, joins received on the
VLAN, and the forwarding entries belonging to one or all VLANs.

Syntax Description
name Specifies a VLAN.

Default
Disabled.

Usage Guidelines
None.

Example
The following command disables PIM snooping for all VLANs on the switch:
disable pim snooping

2036 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable pim ssm tunnel

disable pim {ipv4} ssm tunnel [tunnel_name | tunnel all]

Description
Disables PIM SSM tunnels on a router interface.

Syntax Description
ipv4 Specifies the IPv4 address family.
ssm Specifies PIM SSM mode.
tunnel Specifies the tunnel name.
tunnel_name Specifies to configure PIM information for interfaces.
all Specifies to configure PIM information on all Layer 3
interfaces.

Default
Disabled on all interfaces.

Usage Guidelines
This command disables PIM-SSM on the specified Layer 3 VLAN.

IGMPv3 include messages for multicast addresses in the SSM range is only processed
by PIM if PIM-SSM is enabled on the interface. Any non-IGMPv3 messages in the SSM
range are not processed by PIM on any switch interface, whether SSM is enabled or not.

Example
The following example disables PIM-SSM multicast routing on tunnel accounting:
disable pim ssm tunnel accounting

Switch Engine™ Command Reference Guide for version 32.7.1 2037

History Commands

History
This command was first available in ExtremeXOS 32.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable pim ssm vlan

disable pim {ipv4 | ipv6} ssm vlan [vlan_name | all]

Description
Disables PIM SSM on a router interface.

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.
vlan_name Specifies a VLAN name.
all Specifies all VLANs.

Default
Disabled on all interfaces.

Usage Guidelines
This command disables PIM-SSM on the specified Layer 3 VLAN.

IGMPv3 include messages for multicast addresses in the SSM range is only processed
by PIM if PIM-SSM is enabled on the interface. Any non-IGMPv3 messages in the SSM
range are not processed by PIM on any switch interface, whether SSM is enabled or not.

Example
The following example disables PIM-SSM multicast routing on VLAN accounting:
disable pim ssm vlan accounting

History
This command was first available in ExtremeXOS 11.4.

2038 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable pim
disable pim {ipv4 | ipv6}

Description
Disables PIM on the system.

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.

Default
Disabled.

Usage Guidelines
None.

Example
The following example disables PIM on the system:
disable pim ipv4

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable policy
disable policy

Switch Engine™ Command Reference Guide for version 32.7.1 2039

Description Commands

Description
This command disables the ONEPolicy functionality.

Syntax Description
This command has no arguments or variables.

Default
None.

Usage Guidelines
None.

Example
The following example shows how to disable ONEPolicy:
# disable policy

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable port
disable port [port_list | all]

Description
Disables one or more ports on the switch.

Syntax Description
port_list Specifies one or more ports or slots and ports.
all Specifies all ports on the switch.

Default
Enabled.

2040 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use this command for security, administration, and troubleshooting purposes.

When a port is disabled, the link is brought down.

Example
The following command disables ports 3, 5, and 12 through 15 on a stand-alone switch:

disable ports 3,5,12-15

The following command disables ports 3, 5, and 12 through 15 on a switch:

disable port 3,5,12-15

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable ports mlag-id

disable ports [mlag-id mlag_id]

Description
Disables the current ports associated with the given ID.

Syntax Description
mlag-id Port associated with MLAG.
mlag_id MLAG identifier value of the MLAG port. Range is 1–65,000.

Default
N/A.

Usage Guidelines
If any ports are added or deleted from the LAG, the port state for those ports is not
changed.

In MLAG orchestration mode, this command is executed on the other MLAG peer
before it is executed on the MLAG peer on which the command is run. In orchestration

Switch Engine™ Command Reference Guide for version 32.7.1 2041

Example Commands

mode, if the MLAG port numbers are not same on both the peers, it is possible that a
different set of port numbers are disabled on the different MLAG peers. This command
helps ensure that the correct set of ports associated with the MLAG ID are disabled.

If the port associated with the given MLAG ID is a load shared port, all the member
ports associated with this load shared group are disabled.

If the port associated with the given MLAG ID is a virtual port, the command is ignored.

Example
The following example disables the ports associated with MLAG ID "123":

# disable ports mlag-id 123

History
This command was first available in ExtremeXOS 32.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable radius
disable radius {mgmt-access | netlogin}

Description
Disables the RADIUS client.

Syntax Description
mgmt-access Specifies the switch management RADIUS authentication
server.
netlogin Specifies the network login RADIUS authentication server.

Default
RADIUS authentication is disabled for both switch management and network login by
default.

Usage Guidelines
Use the mgmt-access keyword to disable RADIUS authentication for switch
management functions.

Use the netlogin keyword to disable RADIUS authentication for network login.

2042 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

If you do not specify a keyword, RADIUS authentication is disabled on the switch for
both management and network login.

Example
The following command disables RADIUS authentication on the switch for both
management and network login:

disable radius

The following command disables RADIUS authentication on the switch for network
login:

disable radius netlogin

History
This command was first available in ExtremeXOS 10.1.

The mgmt-access and netlogin keywords were added in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable radius-accounting
disable radius-accounting {mgmt-access | netlogin}

Description
Disables RADIUS accounting.

Syntax Description
mgmt-access Specifies the switch management RADIUS accounting
server.
netlogin Specifies the network login RADIUS accounting server.

Default
RADIUS accounting is disabled for both switch management and network login by
default.

Switch Engine™ Command Reference Guide for version 32.7.1 2043

Usage Guidelines Commands

Usage Guidelines
Use the mgmt-access keyword to disable RADIUS accounting for switch management
functions.

Use the netlogin keyword to disable RADIUS accounting for network login.

If you do not specify a keyword, RADIUS accounting is disabled on the switch for both
management and network login.

Example
The following command disables RADIUS accounting on the switch for both
management and network login:

disable radius-accounting

The following command disables RADIUS accounting on the switch for network login:

disable radius-accounting netlogin

History
This command was first available in ExtremeXOS 10.1.

The mgmt-access and netlogin keywords were added in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable radius dynamic-authorization

disable radius dynamic-authorization

Description
Disables dynamic authorization on RADIUS client.

Syntax Description
This command has no arguments or variables.

Default
RADIUS dynamic authorization is disabled by default.

2044 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command disables dynamic authorization RADIUS authentication on the
switch:

disable radius dynamic-authorization

History
This command was first available in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable rip
disable rip

Description
Disables RIP for the whole router.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
RIP has a number of limitations that can cause problems in large networks, including:
• A limit of 15 hops between the source and destination networks.
• A large amount of bandwidth taken up by periodic broadcasts of the entire routing
table.
• Slow convergence.
• Routing decisions based on hop count; no concept of link costs or delay.
• Flat networks; no concept of areas or boundaries.

Example
The following command disables RIP for the whole router:
# disable rip

Switch Engine™ Command Reference Guide for version 32.7.1 2045

History Commands

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

disable rip aggregation

disable rip aggregation

Description
Disables the RIP aggregation of subnet information on a RIP version 2 (RIPv2) router.

Syntax Description
This command has no arguments or variables.

Default
RIP aggregation is disabled by default.

Usage Guidelines
The disable RIP aggregation command disables the RIP aggregation of subnet
information on a switch configured to send RIPv2-compatible traffic. The switch
summarizes subnet routes to the nearest class network route. The following rules apply
when using RIP aggregation:
• Within a class boundary, no routes are aggregated.
• If aggregation is disabled, subnet routes are never aggregated, even when crossing
a class boundary.

Example
The following command disables RIP aggregation on the interface:
# disable rip aggregation

History
This command was first available in ExtremeXOS 10.1.

2046 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

disable rip export

disable rip export [bgp | direct | e-bgp | i-bgp | ospf | ospf-
extern1 | ospf-extern2 | ospf-inter | ospf-intra | static | isis
| isis-level-1| isis-level-1-external | isis-level-2| isis-level-2-
external ]

Description
Disables RIP from redistributing routes from other routing protocols.

Syntax Description
bgp Specifies BGP routes.
direct Specifies interface routes (only interfaces that have IP
forwarding enabled are exported).
e-bgp Specifies external BGP routes.
i-bgp Specifies internal BGP routes.
ospf Specifies all OSPF routes.
ospf-extern1 Specifies OSPF external route type 1.
ospf-extern2 Specifies OSPF external route type 2.
ospf-inter Specifies OSPF-inter area routes.
ospf-intra Specifies OSPF-intra area routes.
static Specifies static routes.
isis Specifies IS-IS routes.
isis-level-1 Specifies ISIS Level 1 routes.
isis-level-1-external Specifies ISIS Level 1 External routes.
isis-level-2 Specifies ISIS Level 2 routes.
isis-level-2-external Specifies ISIS Level 2 External routes.

Default
Disabled.

Usage Guidelines
This command disables the exporting of BGP, static, direct, and OSPF-learned routes
into the RIP domain.

Switch Engine™ Command Reference Guide for version 32.7.1 2047

Example Commands

Example
The following command disables RIP from redistributing any routes learned from
OSPF:
# disable rip export ospf

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

disable rip originate-default

disable rip originate-default

Description
Disables the advertisement of a default route.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
None.

Example
The following command unconfigures a default route to be advertised by RIP if no
other default route is advertised:
# disable rip originate-default

History
This command was first available in ExtremeXOS 10.1.

2048 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

disable rip poisonreverse

disable rip poisonreverse

Description
Disables poison reverse algorithm for RIP.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
Like split horizon, poison reverse is a scheme for eliminating the possibility of loops in
the routed topology. In this case, a router advertises a route over the same interface
that supplied the route, but the route uses a hop count of 16, defining it as unreachable.

Example
The following command disables the split horizon with poison reverse algorithm for
RIP:
# disable rip poisonreverse

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

disable rip splithorizon

disable rip splithorizon

Switch Engine™ Command Reference Guide for version 32.7.1 2049

Description Commands

Description
Disables the split horizon algorithm for RIP.

Syntax Description
This command has no arguments or variable.

Default
Enabled.

Usage Guidelines
Split horizon is a scheme for avoiding problems caused by including routes in updates
sent to the router from which the route was learned. Split horizon omits routes learned
from a neighbor in updates sent to that neighbor.

Example
The following command disables the split horizon algorithm for RIP:
# disable rip splithorizon

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

disable rip triggerupdates

disable rip triggerupdates

Description
Disables the trigger update mechanism. Triggered updates are a mechanism for
immediately notifying a router’s neighbors when the router adds or deletes routes or
changes their metric.

Syntax Description
This command has no arguments or variables.

2050 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Enabled.

Usage Guidelines
Triggered updates occur whenever a router changes the metric for a route and it is
required to send an update message immediately, even if it is not yet time for a regular
update message to be sent. This will generally result in faster convergence, but may
also result in more RIP-related traffic.

Example
The following command disables the trigger update mechanism:
# disable rip triggerupdate

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

disable rip use-ip-router-alert

disable rip use-ip-router-alert

Description
Disables router alert IP option in outgoing RIP control packets.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
None.

Switch Engine™ Command Reference Guide for version 32.7.1 2051

Example Commands

Example
The following command disables the RIP router alert IP option:
# disable rip use-ip-router-alert

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

disable ripng
disable ripng

Description
Disables RIPng for the whole router.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
None.

Example
The following command disables RIPng for the whole router:

disable ripng

History
This command was first available in ExtremeXOS 11.2.

2052 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

disable ripng export

disable ripng export [direct | ospfv3 | ospfv3-extern1 | ospfv3-extern2
| ospfv3-inter | ospfv3-intra | static | isis | isis-level-1| isis-
level-1-external | isis-level-2| isis-level-2-external | bgp e-bgp i-
bgp]

Description
Disables RIPng from redistributing routes from other routing protocols.

Syntax Description
direct Specifies directly reachable subnets from the router (only
interfaces that have IP forwarding enabled are exported).
ospfv3 Specifies all OSPFv3 routes.
ospfv3-extern1 Specifies OSPFv3 external route type 1.
ospfv3-extern2 Specifies OSPFv3 external route type 2.
ospfv3-inter Specifies OSPFv3-inter area routes.
ospfv3-intra Specifies OSPFv3-intra area routes.
static Specifies user configured static routes.
isis Specifies IS-IS routes.
isis-level-1 Specifies IS-IS Level 1 routes.
isis-level-1-external Specifies IS-IS Level 1 External routes.
isis-level-2 Specifies IS-IS Level 2 routes.
isis-level-2-external Specifies IS-IS Level 2 External routes.
bgp Specifies BGP IPv6 routes
e-bgp Specifies EBGP routes.
i-bgp Specifies IBGP routes.

Default
Disabled.

Usage Guidelines
This command disables the exporting of static, direct, IS-IS, and OSPF-learned routes
from the switch routing table into the RIPng domain.

Switch Engine™ Command Reference Guide for version 32.7.1 2053

Example Commands

Example
The following command disables RIPng from redistributing any routes learned from
OSPFv3:

disable ripng export ospfv3

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

disable ripng originate-default

disable ripng originate-default

Description
Disables the advertisement of a default route to the neighbors.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
None.

Example
The following command unconfigures a default route to be advertised by RIPng if no
other default route is advertised:

disable ripng originate-default

History
This command was first available in ExtremeXOS 11.2.

2054 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

disable ripng poisonreverse

disable ripng poisonreverse {vlan vlan-name | tunnel tunnel_name | [vlan
| tunnel] all}

Description
Disables poison reverse algorithm for RIPng.

Syntax Description
vlan-name Specifies an IPv6 configured VLAN.
tunnel_name Specifies an IPv6 tunnel.
all Specifies all interfaces.

Default
Enabled.

Usage Guidelines
Like split horizon, poison reverse is a scheme for eliminating the possibility of loops in
the routed topology. In this case, a router advertises a route over the same interface
that supplied the route, but the route uses a hop count of 16, defining it as unreachable.

Example
The following command disables the split horizon with poison reverse algorithm for
RIPng:

disable ripng poisonreverse

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

Switch Engine™ Command Reference Guide for version 32.7.1 2055

disable ripng splithorizon Commands

disable ripng splithorizon

disable ripng splithorizon {vlan vlan-name | tunnel tunnel_name | [vlan
| tunnel] all}

Description
Disables the split horizon algorithm for RIPng.

Syntax Description
vlan-name Specifies an IPv6 configured VLAN.
tunnel_name Specifies an IPv6 tunnel.
all Specifies all interfaces.

Default
Enabled.

Usage Guidelines
Split horizon is a scheme for avoiding problems caused by including routes in updates
sent to the router from which the route was learned. Split horizon omits routes learned
from a neighbor in updates sent to that neighbor.

Example
The following command disables the split horizon algorithm for RIPng:

disable rip splithorizon

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

disable ripng triggerupdate

disable ripng triggerupdate {vlan vlan-name | tunnel tunnel_name | [vlan
| tunnel] all}

2056 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Triggered updates are a mechanism for immediately notifying a router’s neighbors
when the router adds or deletes routes or changes their metric. This command disables
the trigger update mechanism.

Syntax Description
vlan-name Specifies an IPv6 configured VLAN.
tunnel_name Specifies an IPv6 tunnel.
all Specifies all interfaces.

Default
Enabled.

Usage Guidelines
Triggered updates occur whenever a router changes the metric for a route and it is
required to send an update message immediately, even if it is not yet time for a regular
update message to be sent. This will generally result in faster convergence, but may
also result in more RIPng-related traffic.

When this feature is disabled, any metric change on the interface, or an interface going
down will not be communicated until the next periodic update. To configure how often
periodic updates are sent, use the following command:
configure ripng updatetime

Example
The following command disables the trigger update mechanism:

disable ripng triggerupdate

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

disable rmon
disable rmon

Switch Engine™ Command Reference Guide for version 32.7.1 2057

Description Commands

Description
Disables the collection of RMON statistics on the switch.

Syntax Description
This command has no arguments or variables.

Default
By default, RMON is disabled. However, even in the disabled state, the switch responds
to RMON queries and sets for alarms and events.

Usage Guidelines
The switch supports four out of nine groups of Ethernet RMON statistics. In a disabled
state, the switch continues to respond queries of statistics. Collecting of history, alarms,
and events is stopped; however, the switch still queries old data.

To view the status of RMON polling on the switch, use the show management command.
The show management command displays information about the switch including the
enable/disable state for RMON polling.

To view the RMON memory usage statistics for a specific memory type (for example,
statistics, events, logs, history, or alarms) or for all memory types, use the following
command:
show rmon memory {detail | memoryType}

Example
The following command disables the collection of RMON statistics on the switch:

disable rmon

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable router-discovery
disable router-discovery {ipv6} vlan vlan_name

2058 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Disables router discovery advertisements on the VLAN and the processing of router
discovery messages.

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.

Default
N/A.

Usage Guidelines
None.

Example
The following example disables router discovery for the VLAN "top_floor":
disable router-discovery vlan top_floor

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

disable sflow ports

disable sflow ports port_list

Description
Disables sFlow statistical packet sampling and statistics gathering on a particular list of
ports.

Syntax Description
port_list Specifies a list of ports.

Default
Disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2059

Usage Guidelines Commands

Usage Guidelines
This command disables sFlow on a particular list of ports. Once sFlow is disabled on
a port, sampling and polling will stops. If sFlow is disabled globally, all sampling and
polling stops

Use the following command to disable sFlow globally:

disable sflow

Example
The following command disables sFlow sampling on port 3:1:

disable sflow ports 3:1

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

disable sflow
disable sflow

Description
Globally disables sFlow statistical packet sampling.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command disables sFlow globally on the switch. When you disable sFlow globally,
the individual ports are also put into the disabled state. If you later enable the global
sFlow state, individual ports return to their previous state.

2060 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command disables sFlow sampling globally:

disable sflow

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

disable sharing
disable sharing port

Description
Disables a load-sharing group of ports, also known as a LAG.

Syntax Description
port Specifies the logical port of a load-sharing group or link
aggregation group (LAG). Specifies a port or a combination
of the slot and port number.

Default
Disabled.

Usage Guidelines
When sharing is disabled, the logical port retains all configuration including VLAN
membership. All other member ports are removed from all VLANs to prevent loops and
their configuration is reset to default values.

Any attempt to disable sharing on ports that have configuration is denied with the
following error message:
ERROR: Sharing configuration on MLAG ports cannot be modified. Use
"disable mlag port <port>" to remove port from MLAG group first.

Switch Engine™ Command Reference Guide for version 32.7.1 2061

Example Commands

Example
The following command disables sharing on master logical port 9, which contains ports
9 through 12, on a switch:

disable sharing 9

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable slpp guard

disable slpp guard ports [port_list | all]

Description
Disable the Simple Loop Protection Protocol (SLPP) Guard feature.

Syntax Description
slpp Specifies disabling SLPP.
guard Specifies not using the SLPP Guard feature, which disables
a port as soon as an SLPP PDU is received.
ports Specifies selecting ports on which to disable SLPP guard.
port_list Selects which ports on which to disable SLPP guard.
all Specifies disabling SLPP guard on all ports.

Default
By default, SLPP Guard is disabled on all ports.

Usage Guidelines
SLPP is an application that detects loops in a Split Multi-link Trunking (SMLT) network.
SLPP Guard is a complementary feature that helps prevent loops in networks by
administratively disabling an edge port if a switch receive an SLPP PDU from an SMLT
network.

2062 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example disables SLPP Guard on port 5:
# disable slpp guard ports 5

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable smartredundancy
disable smartredundancy port_list

Description
Disables the Smart Redundancy feature.

Syntax Description
port_list Specifies one or more ports or slots and ports.

Default
Enabled.

Usage Guidelines
The Smart Redundancy feature works in concert with the software-controlled
redundant feature. When Smart Redundancy is disabled, the switch attempts only
to reset the primary port to active if the redundant port fails. That is, if you disable
Smart Redundancy, the traffic does not automatically return to the primary port once
it becomes active again; the traffic continues to flow through the redundant port even
after the primary port comes up again.

Example
The following command disables the Smart Redundancy feature on ports 1 through 4
on a switch:

disable smartredundancy 1-4

Switch Engine™ Command Reference Guide for version 32.7.1 2063

History Commands

History
This command was available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable snmp access vr

disable snmp access vr [vr_name | all]

Description
Selectively disables SNMP access on virtual routers.

Syntax Description
vr_name Specifies the virtual router name.
all Specifies all virtual routers.

Default
Enabled on all virtual routers.

Usage Guidelines
Use this command to disable SNMP access on any or all virtual routers.

When SNMP access is disabled on a virtual router, the incoming SNMP request is
dropped and an EMS message is logged.

To enable SNMP access on virtual routers use the enable snmp access vr command.

To display the SNMP configuration and statistics on a specified virtual router, use the
show snmp vr_name command.

Example
The following command disables SNMP access on the virtual router vr-finance:
disable snmp access vr vr-finance

History
This command was first available in ExtremeXOS 12.4.2.

2064 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

disable snmp access

disable snmp access {snmp-v1v2c | snmpv3}

Description
Selectively disables SNMP on the switch.

Syntax Description
snmp-v1v2c Specifies SNMPv1/v2c access only.
snmpv3 Specifies SNMPv3 access only.

Default
Disabled.

Usage Guidelines
Disabling SNMP access does not affect the SNMP configuration (for example,
community strings). However, if you disable SNMP access, you will be unable to access
the switch using SNMP.

This command allows you to disable either all SNMP access, v1/v2c access only, or v3
access only.

To allow access, use the following command:

enable snmp access {snmp-v1v2c | snmpv3}

Example
The following command disables all SNMP access on the switch:

disable snmp access

History
This command was first available in ExtremeXOS 10.1.

SNMPv3 was added to ExtremeXOS 12.2. It was also included in ExtremeXOS 11.6.4 and
12.1.2.

Switch Engine™ Command Reference Guide for version 32.7.1 2065

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

disable snmp community

disable snmp community [encrypted enc_community_name | community_name |
alphanumeric-community-string | hex hex_community_name]

Description
Disables SNMP community strings on the switch.

Syntax Description
encrypted Community name is encrypted.
enc_community_name Encrypted community name.
community_name Community name in ASCII format.
hex Provide value in hexadecimal.
hex_community_name Community name in hexadecimal.
alphanumeric- Specifies the SNMP community string name.
community-string

Default
N/A.

Usage Guidelines
This command allows the administrator to disable an snmp community. It sets the row
status of the community to NotInService. When disabled, SNMP access to the switch
using the designated community is not allowed.

Example
The following command disables the community string named extreme:

disable snmp community hex 61:01

History
This command was first available in ExtremeXOS 12.1.

The hex keyword and hex_community_name variable were added in ExtremeXOS 15.6.

2066 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

disable snmp trap l3vpn

disable snmp trap l3vpn {vr name}

Description
This command disables Layer 3 VPN MIB notification traps for the child VPN VRFs of
the specified VR.

Syntax Description
vr-name Specifies the name of the parent VR where this RFC
4382 scalar is applied. If vr-name is not provided, then this
command is applied to the VR in the current context.

Default
Disabled.

Usage Guidelines
None.

Example
The following example disables SNMP traps for Layer 3 VPNs on the default VR:

disable snmp traps l3vpn vr vr-default

History
This command was first available in ExtremeXOS 12.6.0-BGP.

Platform Availability
This command is available on all Universal switches supported in this document.

disable snmp traps

disable snmp traps

Description
Prevents SNMP traps from being sent from the switch.

Switch Engine™ Command Reference Guide for version 32.7.1 2067

Syntax Description Commands

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
This command does not clear the SNMP trap receivers that have been configured. The
command prevents SNMP traps from being sent from the switch even if trap receivers
are configured.

To view if SNMP traps are being sent from the switch, use the show management
command. The show management command displays information about the switch
including the enabled/disabled state of SNMP traps being sent.

Example
The following command prevents SNMP traps from being sent from the switch to the
trap receivers:

disable snmp traps

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable snmp traps bfd

disable snmp traps bfd session down | session-up

Description
This command disables session up/down trap reception for BFD.

Syntax Description
snmp Configure SNMP specific settings.
traps Configure SNMP Trap generation settings.
bfd BFD-specific traps.

2068 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

session-down Generate trap when BFD session goes down.

session-up Generate trap when BFD session goes up.

Default
Both session-down and session-up.

Usage Guidelines
Use this command to disable trap reception for BFD session up/down.

Example
The following command will disable trap generation for BFD session down events.
# disable snmp traps bfd session-down

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

disable snmp traps configuration

disable snmp traps configuration [save | change]

Description
Disables sending SNMP trap when saving or changing the switch configuration.

Syntax Description
configuration Sends SNMP trap for switch configuration.
save Disables SNMP trap when switch configuration is saved
(default is disabled).
change Disables SNMP trap when switch configuration is changed
(default is disabled).

Default
The default is that SNMP traps are disabled for switch configuration changes/saves.

Switch Engine™ Command Reference Guide for version 32.7.1 2069

Example Commands

Example
The following example disables SNMP traps for switch configuration saves:
disable snmp traps configuration save

History
This command was first available in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document..

disable snmp traps fdb mac-tracking

disable snmp traps fdb mac-tracking

Description
Disables SNMP trap generation when MAC-tracking events occur for a tracked MAC
address.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
None.

Example
The following example disables SNMP traps for MAC-tracking events:
disable snmp traps fdb mac-tracking

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is available on all platforms.

2070 Switch Engine™ Command Reference Guide for version 32.7.1

Commands disable snmp traps identity-management

disable snmp traps identity-management

disable snmp traps identity-management

Description
Disables the identity management feature to send SNMP traps for low memory
conditions.

Syntax Description
This command has no arguments or variables.

Default
No traps are sent.

Usage Guidelines
None.

Example
The following command disables the identity management SNMP trap feature:

disable snmp traps identity-management

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

disable snmp traps l2vpn

disable snmp traps l2vpn

Description
Disables SNMP traps associated with Layer 2 VPNs for all MPLS configured VLANs.

Syntax Description
This command has no arguments or variables.

Switch Engine™ Command Reference Guide for version 32.7.1 2071

Default Commands

Default
All Layer 2 VPN traps are disabled.

Example
The following command disables SNMP traps associated with Layer 2 VPNs:

disable snmp traps l2vpn

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable snmp traps l3vpn

disable synmp traps l3vpn {vr vr_name}

Description
Use this command to turn off SNMP trap support for L3 VPN.

Syntax Description
vr_name Specifies the name of the parent VR where this RFC 4382
scalar is applied. If vr_name is not provided, then this
command is applied to the VR in the current context.

Default
Enabled.

Usage Guidelines
Use this command to disable L3VPN SNMP traps.

Example
The following example disables L3 VPN SNMP traps support on the switch:
disable snmp traps l3vpn vr vr-default

2072 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable snmp traps lldp

disable snmp traps lldp {ports [all | port_list]}

Description
Disables the sending of LLDP-specific SNMP traps on the specified port or ports.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.

Default
Disabled.

Usage Guidelines
If you do not specify any ports, the system stops sending LLDP traps from all ports on
the switch.

Example
The following example disables sending LLDP SNMP traps on all switch ports:

disable snmp traps lldp ports all

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

disable snmp traps lldp-med

disable snmp traps lldp-med {ports [all | port_list]}

Switch Engine™ Command Reference Guide for version 32.7.1 2073

Description Commands

Description
Disables the sending of LLDP MED-specific SNMP traps on the specified port or ports.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.

Default
Disabled.

Usage Guidelines
If you do not specify any ports, the system stops sending LLDP MED traps from all ports
on the switch.

Example
The following example disables sending LLDP MED SNMP traps on all switch ports:

disable snmp traps lldp-med ports all

History
This command was first available in ExtremeXOS 11.5.

Platform Availability
This command is available on all Universal switches supported in this document.

disable snmp traps mpls

disable snmp traps mpls

Description
Disables SNMP traps associated with MPLS for all MPLS configured VLANs.

Syntax Description
This command has no arguments or variables.

Default
All MPLS traps are disabled.

2074 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command disables SNMP traps associated with MPLS:

disable snmp traps mpls

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable snmp traps ospf

disable snmp traps ospf

Description
Disables the OSPF module from sending traps on various OSPF events.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
None.

Example
The following command disables the OSPF process:
disable snmp traps ospf

History
This command was first available in ExtremeXOS 12.6.

Switch Engine™ Command Reference Guide for version 32.7.1 2075

Platform Availability Commands

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable snmp traps ospfv3

disable snmp traps ospfv3

Description
Disables the transmission of OSPFv3 SNMP notifications.

Syntax Description
ospfv3 OSPFv3-related traps.

Default
The default is disabled.

Example
The following example disables the transmission of OSPFv3 SNMP notifications:
disable snmp traps ospfv3

History
This command was first available in ExtremeXOS 22.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable snmp traps port-up-down ports

disable snmp traps port-up-down ports [port_list | all]

Description
Disables port up/down trap reception for specified ports.

Syntax Description
port_list Specifies one or more ports or slots and ports.
all Specifies all ports on the switch.

2076 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Enabled.

Usage Guidelines
Use this command to stop receiving SNMP trap messages when a port transitions
between being up and down.

Example
The following command stops ports 3, 5, and 12 through 15 on a stand-alone switch
from receiving SNMP trap messages when the port goes up/down:

disable snmp traps port-up-down ports 3,5,12-15

History
This command was first available in ExtremeXOS 10.6.

Platform Availability
This command is available on all Universal switches supported in this document.

disable snmpv3
disable snmpv3 default-group

Description
Disables SNMPv3 default-group access on the switch.

Syntax Description
default-group Specifies SNMPv3 default-group.

Default
Enabled.

Usage Guidelines
This command is used to disable SNMPv3 default-group access.

Disabling SNMPv3 default-group access removes access to default-users and user-

created users who are part of the default-group. The user-created authenticated
SNMPv3 users (who are part of a user-created group) are able to access the switch.

Switch Engine™ Command Reference Guide for version 32.7.1 2077

Example Commands

The default groups are: admin, initial, v1v2c_ro, v1v2c_rw.

Example
The following command disables the default group on the switch:

disable snmp default-group

History
This command was available in ExtremeXOS 12.2.

It was also included in ExtremeXOS 11.6.4 and ExtremeXOS 12.1.2.

The default-user option was removed in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable snmpv3 community

disable snmpv3 community [ community_index | hex hex_community_index ]

Description
This command disables a community entry specified by the community index.

Syntax Description
community_index Community index in ASCII.
hex Provide value in hexadecimal.
hex_community_index Community index in hexadecimal.

Default
Enabled.

Usage Guidelines
This command is used to disable a community entry specified by the community index.

Example

disable snmpv3 community hex 61:62:63:64

2078 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was available in ExtremeXOS 15.6.

Platform Availability
This command is available on all Universal switches supported in this document.

disable sntp-client
disable sntp-client

Description
Disables the SNTP client.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
SNTP can be used by the switch to update and synchronize its internal clock from
a Network Time Protocol (NTP) server. After the SNTP client has been enabled, the
switch sends out a periodic query to the indicated NTP server, or the switch listens
to broadcast NTP updates. In addition, the switch supports the configured setting for
Greenwich Mean Time (GMT) offset and the use of Daylight Savings Time (DST).

Example
The following command disables the SNTP client:

disable sntp-client

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 2079

disable ssh2 Commands

disable ssh2
disable ssh2

Description
Disables the SSH2 server for incoming SSH2 sessions to switch.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
SSH2 options (non-default port setting) are not saved when SSH2 is disabled.

To view the status of SSH2 on the switch, use the show management command. The
show management command displays information about the switch including the
enable/disable state for SSH2.

Example
The following command disables the SSH2 server:

disable ssh2

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable stacking
disable stacking {node-address node-address}

Description
This command disables the stacking on one or all nodes in the stack topology.

2080 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
node-address Specifies the MAC address of a node in the stack. To view
the MAC addresses for all nodes in a stack, enter the show
stacking command.

Default
Default value is stacking disabled.

Usage Guidelines
If you do not specify the node-address, stacking is disabled on all nodes in the stack
topology.

If the node-address parameter is present, stacking is disabled on the node with the
specified node-address. This is the MAC address assigned to the stackable by the
factory.

A node in the stack topology that is disabled for stacking does not forward the
customer's data through its stacking links and does not become a member of the
active topology.

A disabled node becomes its own master and processes and executes its own
configuration independently.

When this command is executed successfully, the following message appears:

This command will take effect at the next reboot of the specified
node(s).

Use show stacking configuration command to see the current configuration of

the stack. Verify the flags in show stacking configuration output to confirm that
stacking is disabled on the specified node(s).

Example
The following example disables stacking on an 8 node stack:

* Switch.3 # disable stacking

This command will take effect at the next reboot of the specified node(s).

The following example disables stacking on the node with the factory assigned MAC
address 00:04:96:26:6b:ed:

* Switch.3 # disable stacking node-address 00:04:96:26:6b:ed

This command will take effect at the next reboot of the specified node(s).

History
This command was first available in ExtremeXOS 12.0.

Switch Engine™ Command Reference Guide for version 32.7.1 2081

Platform Availability Commands

Platform Availability
This command is available with all licenses and platforms that support the
SummitStack feature. For information about which licenses and platforms support
the SummitStack feature, see the Switch Engine 32.7.1 Feature License Requirements
document.

disable stacking-support
disable stacking-support

Description
This command disables the stacking-support option on a switch with dual-purpose
hardware.

Syntax Description
This command does not have additional syntax.

Default
Disabled.

Usage Guidelines
The Stacking-Support Option Control column in Table 17 on page 1417 displays Yes
in the rows for switch configurations for which you can disable the stacking-support
option.

After you disable the stacking-support option, you must reboot the switch to activate
the configuration change.

If you disable the stacking-support option on a switch and reboot, stacking

communication stops and the data ports listed in Table 17 on page 1417 use Ethernet
protocols instead of stacking protocols.

Example
To disable the stacking ports, enter the following command:
# disable stacking-support
This setting will take effect at the next reboot of this switch.

History
This command was first available in ExtremeXOS 12.2.

2082 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

disable stpd
disable stpd {stpd_name}

Description
Disables the STP protocol on a particular STPD or for all STPDs.

Syntax Description
stpd_name Specifies an STPD name on the switch.

Default
Disabled.

Usage Guidelines
After you have created the STPD with a unique name, the keyword stpd is optional.

If you want to disable the STP protocol for all STPDs, do not specify an STPD name.

In an MSTP environment, you cannot delete or disable a CIST if any of the MSTIs are
active in the system.

Example
The following command disables an STPD named purple_st:

disable stpd purple_st

The following command disables the STP protocol for all STPDs on the switch:

disable stpd

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 2083

disable stpd auto-bind Commands

disable stpd auto-bind

disable stpd stpd_name auto-bind [ {vlan} vlan_name | vlan vlan_list]

Description
Disables the ability to automatically add ports to an STPD when they are added to a
member VLAN.

Syntax Description
stpd_name Specifies an STPD name on the switch.
vlan_name Specifies the name of a member VLAN with autobind
enabled.
vlan_list Specifies a VLAN list of IDs.

Default
The autobind feature is disabled on user-created STPDs. The autobind feature is
enabled on the default VLAN that participates in the default STPD S0.

Usage Guidelines
Note
Ports already in the STPD remain in that domain (as if they were added
manually).

If you create an STPD and a VLAN with unique names, the keywords stpd and vlan are
optional.

Ports added to the STPD automatically when autobind is enabled are not removed
when autobind is disabled. The ports are present after a switch reboot.

To view STP configuration status of the ports in a VLAN, use the following command:
show {vlan} {vlan_name | vlan_list} stpd

Example
The following example disables autobind on an STPD named s8:
disable stpd s8 auto-bind v5

History
This command was first available in ExtremeXOS 10.1.

The vlan_list variable was added in ExtremeXOS 16.1.

2084 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

disable stpd ports

Disables STP on one or more ports for a given STPD.
disable stpd stpd_name ports [all | port_list]

Syntax Description
stpd_name Specifies an STPD name on the switch.
all Specifies all ports for a given STPD.
port_list Specifies one or more ports or slots and ports.

Default
Enabled.

Usage Guidelines
If you create the STPD with a unique name, the keyword stpd is optional.

Disabling STP on one or more ports puts those ports in the forwarding state; all BPDUs
received on those ports are disregarded and dropped.

Use the all keyword to specify that all ports of a given STPD are disabled.

Use the port_list parameter to specify a list of ports of a given STPD are disabled.

If you do not use the default STPD, you must create one or more STPDs and configure
and enable the STPD before you can use the disable stpd ports command.

Example
The following command disables slot 2, port 4 on an STPD named Backbone_st:

disable stpd backbone_st ports 2:4

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 2085

disable stpd rapid-root-failover Commands

disable stpd rapid-root-failover

disable stpd stpd_name rapid-root-failover

Description
Disables rapid root failover for STP recovery times.

Syntax Description
stpd_name Specifies an STPD name on the switch.

Default
Disabled.

Usage Guidelines
This command is applicable for STPDs operating in 802.1D.

After you have created the STPD with a unique name, the keyword stpd is optional.

To view the status of rapid root failover on the switch, use the show stpd command.
The show stpd command displays information about the STPD configuration on the
switch including the enable/disable state for rapid root failover.

Example
The following command disables rapid root fail over on STPD Backbone_st:

disable stpd backbone_st rapid-root-failover

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable switch bluetooth

disable switch bluetooth {discovery | pairing }

Description
Disables Bluetooth capability on a switch.

2086 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
switch Designates disabling switch capabilities.
bluetooth Designates disabling Bluetooth capabilities on a switch.
discovery Disables discoverable mode of the switch. Default is
enabled.
pairing Disables pairing ability with other Bluetooth-capable
devices. Default is enabled.

Default
By default, discovery and pairing modes are enabled.

Usage Guidelines
Using the command with no options disables Bluetooth capability on the switch.
The discovery and pairing options disable discoverable mode and pairing ability,
respectively.

To enable Bluetooth capabilities, use the enable switch bluetooth {discovery |

pairing } command.

To view Bluetooth and discovery/pairing status, use the show switch bluetooth
[statistics | inventory] command.

Example
The following example disables Bluetooth capability on a switch:
# disable switch bluetooth

The following example disables discovery mode on a switch:

# disable switch bluetooth discovery

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable switch locally-administered-address

disable switchlocally-administered-address

Switch Engine™ Command Reference Guide for version 32.7.1 2087

Description Commands

Description
Disables the switch from generating locally administered per-port MAC addresses.

Syntax Description
This command has no arguments or variables.

Default
This feature is disabled by default.

Usage Guidelines
ExtremeXOS switches do not use a unique per-port MAC address when transmitting
bridge protocol data units (BPDUs). As a result, switch management can become
inaccessible when switch MAC addresses are learned on the wrong L2 path
(corresponding to a blocking port). This command allows you to disable the switch
from generating locally administered MAC addresses.

Example
The following example disables the switch from generating locally administered MAC
addresses:
disable switch locally-administered-address

History
This command was first available in ExtremeXOS 22.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable switch usb

disable switch usb

Description
Disables use of the switch's USB port.

Syntax Description
usb Specifies USB port on switch.

2088 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Enabled by default.

Usage Guidelines
This command requires a reboot to take effect.

Stack support is not available. You need to run this command individually on each node
in a stack.

Running unconfigure switch all removes this USB setting and returns to the
default of enabled.

Example
The following example disables use of the USB port:
disable switch usb
This setting will take effect at the next system reboot.

History
This command was first available in ExtremeXOS 22.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable syslog
disable syslog

Description
Disables logging to all remote syslog server targets.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Disables logging to all remote syslog server targets, not to the switch targets. This
setting is saved in FLASH, and will be in effect upon boot up.

Switch Engine™ Command Reference Guide for version 32.7.1 2089

Example Commands

Example
The following command disables logging to all remote syslog server targets:

disable syslog

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable subvlan-proxy-arp vlan

disable subvlan-proxy-arp vlan [vlan-name | all]

Description
Disables the automatic entry of subVLAN information in the proxy ARP table.

Syntax Description
vlan-name Specifies a superVLAN name.
all Specifies all VLANs.

Default
Enabled.

Usage Guidelines
To facilitate communication between subVLANs, by default, an entry is made in the
IP ARP table of the superVLAN that performs a proxy ARP function. This allows
clients on one subVLAN to communicate with clients on another subVLAN. In certain
circumstances, intra-subVLAN communication may not be desired for isolation reasons.

Note
The isolation option works for normal, dynamic, ARP-based client
communication.

Example
The following example disables the automatic entry of subVLAN information in the
proxy ARP table of the superVLAN "vsuper":
disable subvlan-proxy-arp vlan vsuper

2090 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable tacacs
disable tacacs

Description
Disables TACACS+ authentication.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

Example
The following command disables TACACS+ authentication for the switch:

disable tacacs

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable tacacs-accounting
disable tacacs-accounting

Switch Engine™ Command Reference Guide for version 32.7.1 2091

Description Commands

Description
Disables TACACS+ accounting.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

Example
The following command disables TACACS+ accounting:

disable tacacs-accounting

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable tacacs-authorization
disable tacacs-authorization

Description
Disables TACACS+ authorization.

Syntax Description
This command has no arguments or variables.

Default
N/A.

2092 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This disables CLI command authorization but leaves user authentication enabled.

Example
The following command disables TACACS+ CLI command authorization:

disable tacacs-authorization

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable tech-support collector

disable tech-support collector

Description
Disables the tech support feature.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command disables the tech-support feature. In the ExtremeXOS 15.4 release, the
feature is disabled by default. When the feature is disabled, the previous scheduled
reports are canceled, and the bootup event and critical severity events are ignored.

Example
The following command disables the tech-support feature:

disable tech-support collector

Switch Engine™ Command Reference Guide for version 32.7.1 2093

History Commands

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

disable telnet
disable telnet

Description
Disables external Telnet services on the system.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
You must be logged in as an administrator to enable or disable Telnet.

Note
Telnet sessions between the nodes of a stack are not affected by this
command.

Example
With administrator privilege, the following command disables external Telnet services
on the switch:

disable telnet

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

2094 Switch Engine™ Command Reference Guide for version 32.7.1

Commands disable tunnel

disable tunnel
disable {tunnel} tunnel_name

Description
Allows GRE tunnels to be disabled.

Syntax Description
tunnel_name GRE tunnel name.

Default
Enabled.

Usage Guidelines
Use this command to disable GRE tunnels.

Example
This exanple disables the tunnel named "myGREtunnel":
disable myGREtunnel

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable twamp reflector

disable twamp reflector {restrict}

Description
This command disables the Session-Reflector.

Syntax Description
restrict Restricts only TWAMP control sessions to create test
sessions and reflector does not respond to TWAMP-test
packets tgat do not match a test session created by a
control session.

Switch Engine™ Command Reference Guide for version 32.7.1 2095

Default Commands

Default
N/A.

Usage Guidelines
If the you disable the Session-Reflector, the application terminates all current TWAMP
test sessions. If you specify the restrict keyword, only TWAMP control sessions may
create test sessions and the reflector will not respond to TWAMP-test packets that do
not match a test session created by a control session.

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable twamp server

disable twamp server

Description
This command disables the TWAMP server.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
If you disable the TWAMP server, all current TWAMP control sessions are terminated
and any test sessions set up by the control sessions are deleted.

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
The command is available on all platforms.

2096 Switch Engine™ Command Reference Guide for version 32.7.1

Commands disable udp-echo-server

disable udp-echo-server
disable udp-echo-server {vr vrid}

Description
Disables UDP echo server support.

Syntax Description
vrid Specifies a VR or VRF.

Default
Disabled.

Usage Guidelines
UDP echo packets are used to measure the transit time for data between the
transmitting and receiving end.

Example
The following example disables UDP echo server support:
disable udp-echo-server

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable upm profile

disable upm profile profile-name

Description
Disables the use of the specified Universal Port profile on the switch.

Syntax Description
profile-name Specifies the UPM profile to be disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2097

Default Commands

Default
A UPM profile is enabled by default.

Example
The following command disables a UPM profile called sample_1 on the switch:

disable upm profile sample_1

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the Universal Port feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

disable virtual-network remote-endpoint vxlan

disable virtual-network remote-endpoint vxlan [ ipaddress ipaddress {vr
vr_name} | all ]

Description
Disables a VXLAN remote endpoint.

Syntax Description
virtual-network Virtual overlay network.
remote-endpoint Remote tunnel endpoint information.
vxlan VXLAN virtual networks remote endpoint.
ipaddress Specifies an IP address of a remote endpoint.
ipaddress Specifies the IP address of the desired remote endpoint.
vr Specifies a VR/VRF instance the remote endpoint is
associated with.
vr_name Specifies the desired existing VR/VRF instance the remote
endpoint is associated with. Default is VR-Default.
all Specifies all remote tunnel endpoints.

Default
If a VR is not specified, VR-Default is the VR.

2098 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Extreme Loop Recognition Protocol (ELRP) detects loops across VXLAN tunnels. If a
loop is detected across the tunnel, ELRP takes down the VXLAN remote endpoint. You
can use this command to disable a remote endpoint manually.

Example
The following example disables the remote endpoint at 100.1.1.1 on VR-Default (not
specified, command default):
# disable virtual-network remote-endpoint vxlan ipaddress 100.1.1.1

History
This command was first available in ExtremeXOS 22.4.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

disable virtual-router
disable virtual-router vrf-name

Description
Disables a VRF.

Note
This command is only applicable for VRFs.

Syntax Description
vrf-name Specifies the name of the VRF.

Default
Enabled.

Usage Guidelines
When you disable a VRF, the software does the following:
• Disables Layer 3 protocols.
• Marks static routes as inactive and removes them from the hardware forwarding
tables.
• Flushes the IP ARP and IPv6 neighbor-discovery caches.

Switch Engine™ Command Reference Guide for version 32.7.1 2099

Example Commands

Example
The following example disables VRF "vrf1":
disable virtual-router vrf1

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

disable vlan
disable [ {vlan} vlan_name | vlan vlan_list]

Description
Use this command to disable the specified VLAN.

Syntax Description
vlan_name Specifies the VLAN you want to disable.
vlan_list Specifies the VLAN list of IDs to disable.

Default
Enabled.

Usage Guidelines
This command allows you to administratively disable specified VLANs. The following
guidelines apply to working with disabling VLANs:
• Disabling a VLAN stops all traffic on all ports associated with the specified VLAN.
• You cannot disable a VLAN that is running Layer 2 protocol control traffic for
protocols such as EAPS, STP, or ESRP.

When you attempt to disable a VLAN running Layer 2 protocol control traffic, the
system returns a message similar to the following:
VLAN accounting cannot be disabled because it is actively used by an L2 Protocol

• You can disable the default VLAN; ensure that this is necessary prior to disabling the
default VLAN.
• You cannot disable the management VLAN.

2100 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

• You cannot bind Layer 2 protocols to a disabled VLAN.

• You can add ports to or delete ports from a disabled VLAN.

Caution
Disabling the Mgmt VLAN disables access to the Ethernet Management port
on a switch (disable vlan Mgmt).

Example
The following example disables the VLAN named "accounting":
disable vlan accounting

History
This command was first available in ExtremeXOS 11.4.

The ability to add ports to a disabled VLAN was added in ExtremeXOS 12.5.

The vlan_list option was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

disable vm autostart
disable vm vm_name autostart

Description
Disables automatic start-up of guest virtual machines (VMs).

Syntax Description
vm Designates a virtual machine.
vm_name Specifies the VM name.
autostart Specifies disabling automatic start-up of the specified VM.
Default is disabled.

Default
By default, automatic start-up is disabled.

Usage Guidelines
This command disables automatically starting up a specific VM when the system starts.

Switch Engine™ Command Reference Guide for version 32.7.1 2101

Example Commands

You must reboot the switch for this command to take effect.

To enable automatic start-up, use the command enable vm vm_name autostart.

The Integrated Application Hosting (IAH) feature requires the Solid State Storage
Device SSD-120.

Example
The following example disables automatic start-up of VM "vm1":
# disable vm vm1 autostart

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all platforms that support the Integrated Application
Hosting (IAH) feature and have a Core or Premier license installed. For a list of platforms
that support the IAH feature and for information about licenses, see the Switch Engine
32.7.1 Feature License Requirements.

disable vm-tracking dynamic-vlan ports

disable vm-tracking dynamic-vlan ports port_list

Description
This command disables VM-tracking dynamic VLAN on specific ports.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Use this command to disable VM-tracking dynamic VLAN on specific ports. The ALL
option is not supported because VM-tracking dynamic VLAN should not be enabled on
a switch's uplink port.

2102 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
This example disables VM-tracking dynamic VLAN on port 2:1:
# disable vm-tracking dynamic-vlan ports 2:1

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable vm-tracking
disable vm-tracking

Description
Disables the Extreme Network Virtualization (XNV) feature on the switch.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command disables the XNV feature, which tracks virtual machines (VMs) that
connect to the switch.

Note
When the VM tracking feature is disabled, file synchronization with the FTP
server stops.

Example
The following command disables the XNV feature:
# disable vm-tracking

History
This command was first available in ExtremeXOS 12.5.

Switch Engine™ Command Reference Guide for version 32.7.1 2103

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

disable vm-tracking ports

disable vm-tracking ports port_list

Description
Disables the XNV feature on the specified ports.

Syntax Description
port_list Specifies one or more ports or slots and ports.

Default
Disabled.

Usage Guidelines
This command disables VM tracking on the specified ports.

Example
The following command disables VM tracking on port 2:1:
# disable vm-tracking ports 2:1

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

disable vman cep egress filtering ports

disable vman cep egress filtering ports {port_list | all}

Description
Disables the egress filtering of CVIDs that are not configured in the CVID map for a CEP.

2104 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
port_list Specifies a list of ports.
all Specifies all switch ports.

Default
Egress CVID filtering is disabled.

Usage Guidelines
To view the configuration setting for the egress CVID filtering feature, use the show
ports information command.

Note
When CVID egress filtering is enabled, it reduces the maximum number of
CVIDs supported on a port. The control of CVID egress filtering applies to fast-
path forwarding. When frames are forwarded through software, CVID egress
filtering is always enabled.

Example
The following example disables egress CVID filtering on port 1:
disable vman cep egress filtering port 1

History
This command was first available in ExtremeXOS 12.6.

Platform Availability
This command is available on all Universal switches supported in this document.

disable vpex
disable vpex

Description
Disables VPEX mode for using bridge port extenders (BPEs).

Syntax Description
vpex Specifies Virtual Port Extender (VPEX).

Switch Engine™ Command Reference Guide for version 32.7.1 2105

Default Commands

Default
N/A.

Usage Guidelines
Disabling VPEX mode removes all BPE slot number assignments made using
configure vpex ports port_list slot slot_num. A reboot of the switch is required
for this command to take effect.

Example
The following example disables VPEX mode:
# disable vpex

History
This command was first available in ExtremeXOS 22.5.

Platform Availability
This command is available on ExtremeSwitching 5420 and 5520 series switches, and
Extreme 7520-48Y switches.

disable vpex auto-configuration

disable vpex auto-configuration

Description
Disables automatic configuration of the Extended Edge Switching architecture
(controlling bridge (CB) and bridge port extenders (BPEs)).

Syntax Description
vpex Specifies Virtual Port Extender (VPEX).
auto-configuration Specifies disabling automatic configuration of the
Extended Edge Switching architecture.

Default
Disabled.

Usage Guidelines
Auto-configuration allows the controlling bridge switch to detect new BPEs connected
to ports not configured as cascade ports, and automatically configure cascade

2106 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

ports, LAG membership, ports, and extended slots. This command disables this auto-
configuring capability.

To disable auto-configuration, you must first enter VPEX mode (see enable vpex on
page 2457).

Example
The following example disables auto-configuration mode:
# disable vpex auto-configuration

History
This command was first available in ExtremeXOS 22.6.

Platform Availability
This command is available on ExtremeSwitching 5420 and 5520 series switches, and
Extreme 7520-48Y switches.

disable vpex auto-upgrade

disable vpex auto-upgrade

Description
Disables automatic upgrading on Extended Edge Switching topologies.

Syntax Description
vpex Specifies Virtual Port Extender (VPEX).
auto-upgrade Specifies that the controlling bridge (CB) automatically
upgrades bridge port extender (BPE) slots in mode (default
is enabled).

Default
Automatic upgrading is enabled by default.

Usage Guidelines
Automatic upgrading can occur only when both CBs in the MLAG have the same BPE
xmod versions installed, and only after all slots are synchronized between the CBs.

To disable automatic upgrading, you must first enter VPEX mode (see enable vpex on
page 2457). To view the status of automatic upgrading, use the command show vpex.

Switch Engine™ Command Reference Guide for version 32.7.1 2107

Example Commands

Example
The following example disables automatic upgrading:
# disable vpex auto-upgrade

History
This command was first available in ExtremeXOS 30.5.

Platform Availability
This command is available on ExtremeSwitching 5420 and 5520 series switches, and
Extreme 7520-48Y switches.

disable vpls
disable vpls [vpls_name | all]

Note
This command has been replaced with the following command: disable
l2vpn [vpls [vpls_name | all] | vpws [vpws_name | all]].
This command is still supported for backward compatibility, but it will be
removed from a future release, so we recommend that you start using the
new command.

Description
Disables the VPLS instance specified by vpls_name.

Syntax Description
vpls_nam Identifies the VPLS within the switch (character string)
e
all Specifies all VPLS.

Default
All newly created VPLS instances are enabled.

Usage Guidelines
This command disables the VPLS instance specified by vpls_name. When a VPLS
instance is disabled, all sessions to its configured peers are terminated. Any locally
attached service VLAN/VMAN is immediately isolated from other devices residing in the
VPN. If this is an H-VPLS core node, then all spoke nodes connected to this peer are
isolated unless redundant core access is configured.

2108 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example disables the VPLS named "myvpls":
disable vpls myvpls

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable vpls fdb mac-withdrawal

disable vpls fdb mac-withdrawal

Note
This command has been replaced with the following command: disable
l2vpn vpls fdb mac-withdrawal .
This command is still supported for backward compatibility, but it will be
removed from a future release, so we recommend that you start using the
new command.

Description
Disables the VPLS MAC address withdrawal capability.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
When disabled, the switch does not send MAC address withdrawal messages. If a
MAC address withdrawal message is received from another VPLS peer, the local VPLS
peer processes the message and withdraws the specified MAC addresses from its FDB,
regardless of the MAC address withdrawal configuration.

Switch Engine™ Command Reference Guide for version 32.7.1 2109

Example Commands

Example
The following command disables MAC address withdrawal:

disable vpls fdb mac-withdrawal

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable vpls health-check vccv

disable vpls [vpls_name | all] health-check vccv

Note
This command has been replaced with the following command: disable
l2vpn [vpls [vpls_name | all] | vpws [vpws_name | all]]
health-check vccv .
This command is still supported for backward compatibility, but it will be
removed from a future release, so we recommend that you start using the
new command.

Description
Disables the VCCV health check feature on one or all VPLS instances on the local node.

Syntax Description
vpls_nam Identifies the VPLS for which health check is to be disabled.
e
all Specifies that health check is to be disabled on all VPLS instances on the
local node.

Default
Health check is disabled.

Usage Guidelines
None.

2110 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command disables the health check feature on the VPLS instance
myvpls:

disable vpls myvpls health-check vccv

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable vpls service

disable vpls [vpls_name | all] service

Note
This command has been replaced with the following command: disable
l2vpn [vpls [vpls_name | all] | vpws [vpws_name | all]]
service .
This command is still supported for backward compatibility, but it will be
removed from a future release, so we recommend that you start using the
new command.

Description
Disables the configured VPLS services for the specified vpls_name.

Syntax Description
vpls_nam Identifies the VPLS within the switch (character string).
e
all Specifies all VPLS.

Default
Enabled.

Usage Guidelines
When services are disabled, the VPLS is removed from all peer sessions. The keyword
all disables services for all VPLS instances.

Switch Engine™ Command Reference Guide for version 32.7.1 2111

Example Commands

Example
The following command disables the configured VPLS services for the specified VPLS:

disable vpls myvpls service

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

disable vrrp group

disable vrrp group group_name {configuration | members}

Description
This command disables group mode on member VRs so that they can operate in
individual VR mode.

Syntax Description
group Form a group of VRRP VRs to operate in high-scale mode.
group_name Specifies the VRRP group name.
configuration Removes group configuration on individual VRs (default).
members Disables all VRs that are members of the group.

Default
If you do not specify, group configuration is removed from individual VRs.

Example
The following example disables administratively all member VRs of the group. This may
be useful for debugging issues:
disable vrrp group ExtremeNet members

History
This command was first available in ExtremeXOS 22.2.

2112 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable vrrp vrid

disable vrrp {vlan [vlan_name | vlan_list] vrid [vridval | vrid_list]}

Description
Disables a specific VRRP instance or all VRRP instances.

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vlan_list VLAN list (1–4,094).
vridval Specifies the VRID for the VRRP instance. To display the
configured VRRP router instances, enter the show vrrp
command.
vrid_list List of virtual router IDs (1–255).

Default
N/A.

Usage Guidelines
This disables a specific VRRP instance on the switch. If no VRRP VLAN is specified, all
VRRP instances on the switch are disabled.

Example
The following command disables all VRRP instances on the switch:
disable vrrp

History
This command was first available in ExtremeXOS 10.1.

VLAN and VR list options added in ExtremeXOS 22.3.

Switch Engine™ Command Reference Guide for version 32.7.1 2113

Platform Availability Commands

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

disable watchdog
disable watchdog

Description
Disables the system watchdog timer.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
The watchdog timer monitors the health of the switch hardware and software events.
For example, the watchdog timer reboots the switch if the system cannot reset the
watchdog timer. This can be caused by a long CPU processing loop, any unhandled
exception, or a hardware problem with the communication channel to the watchdog.
In most cases, if the watchdog timer expires, the switch captures the current CPU
status and posts it to the console and the system log. In some cases, if the problem is
so severe that the switch is unable to perform any action, the switch reboots without
logging any system status information prior to reboot.

This command takes affect immediately.

The watchdog settings are saved in the configuration file.

To display the watchdog state of your system, use the show switch command.

Example
The following command disables the watchdog timer:

disable watchdog

History
This command was first available in ExtremeXOS 11.0.

2114 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

disable web http

disable web http

Description
Disables the hypertext transfer protocol (HTTP) access to the switch on the default port
(80).

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Use this command to disallow users from connecting with HTTP. Disabling HTTP
access forces a user to use a secured HTTPS connection if web HTTPS is enabled.

Use the following command to enable web HTTPS:

enable web https

Example
The following command disables HTTP on the default port:
disable web http

History
This command was first available in the ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

disable web https

disable web https

Switch Engine™ Command Reference Guide for version 32.7.1 2115

Description Commands

Description
Disables the secure socket layer (SSL) access to the switch on the default port (443).

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Use this command to disable SSL before changing the certificate or private key.

Example
The following command disables SSL on the default port:
disable web https

History
This command was first available in the ExtremeXOS 11.2 and supported with the SSH
module.

Platform Availability
This command is available on all Universal switches supported in this document.

disable cli xml-mode

disable cli xml-mode

Description
Disables XML configuration mode on the switch.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

2116 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use this command to disable the XML configuration mode on the switch. XML
configuration mode is not supported for end users.

See the command:

enable xml-mode

Example
The following command disables XML configuration mode on the switch:
disable cli xml-mode

History
This command was first available in an ExtremeXOS 11.2.

The cli keyword was added for syntax consistency in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

disable msrp ports

disable msrp ports [port_list | all]

Description
Disables MSRP on the ports listed in the command after the keyword ports.

Syntax Description
msrp Multiple Stream Registration Protocol.
port_list Port list separated by a comma or "-".
all All ports.

Default
Disabled.

Usage Guidelines
Use this command to disable MSRP in the ports listed or all ports.

Switch Engine™ Command Reference Guide for version 32.7.1 2117

Example Commands

Example
disable msrp ports all

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all platforms if the AVB feature pack license is installed on
the switch.

download bootrom
download bootrom [[ipaddress | hostname] filename {{vr} vrname} {block-
size block_size}] {slot slotid} {install} {reboot}}

Description
Downloads a BootROM image after the switch has booted.

The downloaded image replaces the BootROM in the onboard FLASH memory.

Syntax Description
ipaddress Specifies the IP address of the TFTP server.
hostname Specifies the host name of the TFTP server.
Use of the hostname option requires that DNS be enabled.
filename The name of the bootROM file (.xtr extension).
vrname Specifies the name of the virtual router.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

block_size Specifies the data block size, excluding TFTP header. Data
block size ranges from 24-65,000 bytes.
slotid This parameter is available only on the SummitStacks.
On a SummitStack, the slotid specifies the slot number of
the node on which the image should be downloaded.
install Specifies installing the system image after download.
reboot Specifies rebooting after installation.

Default
The default block size is 1,400 bytes.

2118 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Upgrade the BootROM image only when asked to do so by an Extreme Networks
technical representative.

The BootROM image file is designated with a .xtr file extension.

Prior to downloading the BootROM image on the switch, you must download the
image you received from Extreme Networks to a TFTP server on your network. You can
also download the image to a USB 2.0 storage device.

When you download a BootROM image, you are prompted to install the image
immediately after the download is finished. You can also use the install option to
choose in advance to install the bootROM image. If you choose to install the image at
a later time, use the install bootrom [from-image | fname | local-file] {slot
slot-number} {reboot} command to install the software on the switch.

If this command does not complete successfully it could prevent the switch from
booting. If the switch does not boot properly, some boot option functions can be
accessed through a special Bootloader menu.

Displaying the BootROM Versions

To display the BootROM version for the switch, use the show version command.

Host Name and Remote IP Address Character Restrictions

When specifying a host name or remote IP address, the switch permits only the
following characters:
• Alphabetical letters, upper case and lower case (A-Z, a-z)
• Numerals (0-9)
• Period ( . )
• Dash ( - ) Permitted only for host names
• Underscore ( _ ) Permitted only for host names
• Colon ( : )

Local and Remote File Name Character Restrictions

When specifying a local or remote file name, the switch permits only the following
characters:
• Alphabetical letters, upper case and lower case (A-Z, a-z)
• Numerals (0-9)
• Period ( . )
• Dash ( - )
• Underscore ( _ )
• Slash ( / ) Permitted only for remote files

Switch Engine™ Command Reference Guide for version 32.7.1 2119

SummitStack Only Commands

SummitStack Only
You can run this command only from the master node. The file to be downloaded has
to be compatible with the type of switch in the specified slot.

If you do not specify a slot number and you elect to install the image after
downloading, an attempt is made to install the BootROM image on all active nodes.
The BootROM image is not installed on any node if the BootROM image specified is not
compatible with all active nodes.

Example
The following example downloads a BootROM image from the TFTP server "tftphost"
with the file name "bootimage":
# download bootrom tftphost bootimage

History
This command was first available in ExtremeXOS 11.0.

The slot parameter was added to support SummitStack in ExtremeXOS 12.0.

Support for USB 2.0 storage devices was added in ExtremeXOS 12.5.3.

Block size support was added in ExtremeXOS 15.7.1.

The memorycard option was removed in ExtremeXOS 30.7.

The install and reboot options were added in ExtremeXOS 31.1.

Platform Availability
This command is available on all Universal switches supported in this document.

download image
Using TFTP: download [url url {vr vrname} | image [active |
inactive] [[hostname | ipaddress] filename {{vr} vrname} {block-size
block_size}] {partition} {install {reboot}}

To download an image to a stack: download image [[hostname | ipaddress]

filename {{vr} vrname} {block-size block_size}] {partition} {install
{reboot}}

Description
Downloads a new version of the ExtremeXOS software image or a new Fabric Engine
image when changing the switch's network operating system.

2120 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

The image file can be downloaded using TFTP (which is not a secure method), or SFTP
and SCP2 (which are secure methods). The procedure using TFTP begins above and
using SFTP/SCP2.

Syntax Description
url Uniform Resource Locator (URL) of the file to download,
which is of a supported type (for example, cfg, lic, lst,
pol, py, Fabric Engine, xmod, xos, xsf, xtr).
url Specifies the URL of the supported file (for example,
http://ipaddress/path.xos or ftp://ipaddress:port/
path.xmod or ftp://ipaddress/some_list.lst)
active Specifies automatic determination for active (primary)
partition.

Note: Not applicable Fabric Engine specifying a Fabric

Engine image.

inactive Specifies automatic determination for inactive (secondary)

partition.

Note: Not applicable when specifying a Fabric Engine

image.

hostname Specifies the hostname of the TFTP server from which the
image should be obtained.
ipaddress Specifies the IP address of TFTP server from which the
image should be obtained.
filename Specifies the file name of the new image. Uou can use
this command to change the operating system to Fabric
Engine by downloading and installing a Fabric Engine
image.
vrname Specifies the name of the virtual router.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

block_size Specifies the maximum block size, not including the TFTP
header. The range is 24–65000 bytes.
partition Specifies which partition the image should be saved to:
primary or secondary. Select primary to save the image to
the primary partition and secondary to save the image to
the secondary partition.

Note: Not applicable when specifying a Fabric Engine

image.

install Specifies installing the image after download.

reboot Specifies rebooting after installation.

Switch Engine™ Command Reference Guide for version 32.7.1 2121

Default Commands

Default
Stores the downloaded image in the alternate (inactive) partition.

SFTP and SCP2 provide secure methods of downloading the ExtremeXOS software
image files, *.xos or *.xmod. You can use one of three procedures:
• From the switch, running the command SCP2. connect to and “get” from a remote
server. This is similar to the download image command.
• From outside the switch, connect to the switch that is acting as the server and “put”
from the remote server. There is no TFTP equivalent for this method.
◦ Using SFTP
◦ Using SCP2

If you do not specify block size, the default value is 1,400 bytes.

Usage Guidelines
Prior to downloading an image on the switch, you must download the image you
received from Extreme Networks to a TFTP server on your network. If your switch has a
removable storage device, you can also download the image to that device.

Note
The download image command causes the switch to use the newly
downloaded software image during the next switch reboot. To modify or reset
the software image used during a switch reboot, use the use image command.
Use this command after downloading and installing the image for it to be
effective.

Specify the IP address or host name parameters to download an image from a TFTP
server on the network. Use of the host name parameter requires that DNS be enabled.

When you download and install a new version of an ExtremeXOS image, the system
automatically compares the currently installed bootROM image against the bootROM
image contained in the new ExtremeXOS image. If the installed version is older,
the system automatically upgrades to the bootROM version contained in the new
ExtremeXOS image.

Core Software Images

A switch can store up to two core images: an active and inactive. When downloading
a new image, you must select on which partition to install the new image. You must
install the software image to the inactive partition, and must specify that partition
while downloading the image to the switch.

Image Filenames
The software image file can be an .xos file, which contains a Switch Engine core image,
or an .xmod file, which contains a Switch Engine modular software package.

2122 Switch Engine™ Command Reference Guide for version 32.7.1

 Changing the Switch Network Operating System to
Commands Fabric Engine

As of ExtremeXOS 16.1, the download command now accepts a URL as the name of the
file to download. URL protocols can be tftp, http, ftp. The format of a URL is:
• http://10.10.10.1/filename.xos
• tftp://10.10.10.1/filename.xos
• ftp://10.10.10.1/filename.xmod

In addition to accepting a URL that ends in .xos or .xmod, the URL file name can end
in .lst. A .lst file contains file names at the same location as the .lst file URL and
is downloaded/installed one after the other. The .lst file method defines bundles of
downloads for:
• aspen, summit480 –image file size issues
• SSH installs with ExtremeXOS
• Customer files ending in '.cfg', '.xsf', '.pol', '.lic', '.py', '.ssh'
• Other bundling that makes it easier to download with a single command

For additional installation requirements, see the sections Installing a Core Image and
Installing a Modular Software Package in the .Switch Engine 32.7.1 User Guide.

Changing the Switch Network Operating System to Fabric Engine

For ExtremeSwitching Universal platforms, you can change the switch's network
operating system to Fabric Engine by specifying a Fabric Engine image in filename.

Caution
Changing your network operating systems deletes all configuration files,
debug information, logs, events, statistics, and license information of the
previous network operating system.

Displaying the Software Image Versions

To display the software image version running on the switch, use the show version or
show switch commands.

Host Name and Remote IP Address Character Restrictions

This section provides information about the characters supported by the switch for host
names and remote IP addresses.

When specifying a host name or remote IP address, the switch permits only the
following characters:
• Alphabetical letters, upper case and lower case (A-Z, a-z)
• Numerals (0-9)
• Period ( . )
• Dash ( - ) Permitted only for host names

Switch Engine™ Command Reference Guide for version 32.7.1 2123

Local and Remote Filename Character Restrictions Commands

• Underscore ( _ ) Permitted only for host names

• Colon ( : )

When naming or configuring an IP address for your network server, remember the
requirements listed above.

Local and Remote Filename Character Restrictions

This section provides information about the characters supported by the switch for
local and remote filenames.

When specifying a local or remote filename, the switch permits only the following
characters:
• Alphabetical letters, upper case and lower case (A-Z, a-z)
• Numerals (0-9)
• Period ( . )
• Dash ( - )
• Underscore ( _ )
• Slash ( / ) Permitted only for remote files

When naming a local or remote file, remember the requirements listed above.

Messages Displayed by the Switch

When you download a new image, you will see the following message:
Do you want to install image after downloading? (y - yes, n - no, <cr> - cancel)

Do one of the following:

• Enter y if you want to install the image after download.
• Enter n if you want to install the image at a later time.
• Press [Enter] if you want to cancel the download.

The Image Integrity Check feature was added in ExtremeXOS 16.1. The CLI output of this
command is modified:

1. If the signature is verified and there is no error, there is no change to the output.
2. If the downloaded image does not have a signature, the following messages are
added. This is considered as a warning, since it could be simply a downgrading. The
user is given the choice to continue or quit the installation.
Warning: Signature Validation - Image is not digitally signed. Do you want to continue?
(y/N)

If the user decides to continue, then it follows the normal installation path; if the user
decides to stop here, the following message is printed and then the installation is
canceled.
Installation canceled

2124 Switch Engine™ Command Reference Guide for version 32.7.1

Commands SummitStack Only

3. If the certificate (keys) to verify the image is missing, the following messages are
added. This is considered as a non-fatal and rare error, digital signature verification is
bypassed. The user is given the choice to continue or quit the installation.
Warning: Signature Validation - Certificates missing; Image signature validation will
be bypassed. Do you want to continue? (y/N)

If the user decides to continue, then it follows the normal installation path; if the user
decides to stop here, the following message is printed and then the installation is
canceled.
Installation canceled
4. If the certificate (keys) itself cannot be verified, the following messages are added.
This is STILL considered as a non-fatal and rare error, digital signature verification is
bypassed. You have the choice to continue or quit the installation.
Warning: Signature Validation - Certificates verification failed; Image signature
validation will be bypassed. Do you want to continue? (y/N)

If you decide to continue, the normal installation continues. If you decide to stop
here, the following message appears and the installation is canceled.
Installation canceled
5. If the image digital signature validation fails, the following message is added as a
new reason why download fails. This is considered a fatal error like a CRC check
failure, installation is terminated immediately.
Error: Failed to download image - Error: Image signature cannot be validated.

SummitStack Only
You can issue this command only from the master node.

If a slot is not specified, the image is downloaded to every node in the active topology. If
a slot is specified, the image is downloaded to that slot only.

If all nodes to be downloaded are not running the same partition, the command is not
executed and following message is displayed:
Error: all nodes do not have the same image partition selected.

If all nodes to be downloaded have the same partition selected but the ExtremeXOS is
currently running from the selected partition, the command is not executed and the
following message appears:
Error: the image partition selected must not be the active partition.

Downloading a New Image

For information about upgrading .xos and .xmod images, see the Software Upgrade
and Boot Options section in the Switch Engine 32.7.1 User Guide.

Example
The following example shows how the .lst file can contain filenames ending in .lst to
get a list of lists (of lists etc…) from an HTTP server on 10.68.9.7 port 8080 for directory
16.1/cougar/cougar/release:

Switch Engine™ Command Reference Guide for version 32.7.1 2125

Example Commands

cat big.lst – big.lst contains other list file names:

• xos.lst
• xmod.lsts
• cript.lst

cat xos.lst – xos.lst contains an ExtremeXOS image:

• summitX-16.1.0.18.xos

cat xmod.lst – xmod.lst :contains a number of .xmod filenames:

• summitX-16.1.0.18-debug.xmod
• summitX-16.1.0.18-LegacyCLI.xmod
• summitX-16.1.0.18-reachnxt-1.8.1.8.xmod
• summitX-16.1.0.18-techSupport.xmod

cat script.lst – script.lst contains a number of Python scripts the user wants to
download to a switch:
• jsonrpc.py
• jsontest.py
• otst.py
• ping.py
• readvr.py

A single download command downloads all of the above files.

# download url
http://10.68.9.7/big.lst
http://10.68.9.7/xos.lst
Downloading http://10.68.9.7/summitX-16.1.0.18.xos

Downloading to Switch.............................................
Installing to primary partition!

Installing to Switch.............................................
Image installed successfully
This image will be used only after rebooting the switch!

Image installed successfully

http://10.68.9.7:8080/xmod.lst
Downloading http://10.68.9.7/summitX-16.1.0.18-debug.xmod

Downloading to Switch.....
Installing to primary partition!

Installing to Switch..............................................
Image installed successfully
Downloading http://10.68.9.7/summitX-16.1.0.18-LegacyCLI.xmod

Downloading to Switch..
Installing to primary partition!

Installing to Switch........................
Legacy CLI framework was Successfully Installed !!!

Image installed successfully

2126 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

Downloading http://10.68.9.7/summitX-16.1.0.18-reachnxt-1.8.1.8.xmod

Downloading to Switch...
Installing to primary partition!

Installing to Switch....
Image installed successfully
Downloading http://10.68.9.7/summitX-16.1.0.18-techSupport.xmod

Downloading to Switch..
Installing to primary partition!

Installing to Switch..
Image installed successfully
http://10.68.9.7/script.lst
http://10.68.9.7/jsonrpc.py
http://10.68.9.7/jsontest.py
http://10.68.9.7/otst.py
http://10.68.9.7/ping.py
http://10.68.9.7/readvr.py
(pacman debug) 5520-24t #

The following example changes the operating system to Fabric Engine:

# download image 10.68.9.9 voss-8.2.tgz
Do you want to install image after downloading? (y - yes, n - no, <cr> - cancel)
Downloading to Slot-1.................................................................
......................................................................................
.......................................................
WARNING: The specified image is for the VOSS Network Operating System and the EXOS
Network Operating System is currently running. If you continue, all configuration, logs,
and debug will be cleared and VOSS will be installed. Continue? (y – yes, n – no, <cr> -
cancel)

History
This command was first available in ExtremeXOS 10.1.

The memorycard option was added in ExtremeXOS 11.0.

Support for USB 2.0 storage devices was added in ExtremeXOS 12.5.3.

Block size support was added in ExtremeXOS 15.7.1.

The memorycard keyword was removed in ExtremeXOS 30.7.

Support for downloading Fabric Engine images and the install and reboot options
were added in ExtremeXOS 31.1.

Platform Availability
This command is available on all Universal switches supported in this document.

download ssl certificate

download ssl ipaddress certificate {ssl-cert | trusted-ca | ocsp-
signature-ca | {csr-cert {ocsp [on | off]}} file_name

Switch Engine™ Command Reference Guide for version 32.7.1 2127

Description Commands

Description
Permits downloading of certificate file(s) from files stored on a TFTP server.

Syntax Description
ipaddress Specifies the IP address of the TFTP server.
ssl-cert Specifies SSL/TLS certificate (default).
trusted-ca Specifies CA certificates.
ocsp-signature-ca Specifies signature CA files.
file_name Specifies the name of the certificate file.
csr-cert Specifies an SSL/TLS certificate signed through a
Certificate Signing Request (CSR) generated by the switch.
Trust chain verification is performed during download.
ocsp Specifies using or not using Online Certificate Status
Protocol (OCSP) for certificate checking.
on Enables OCSP for SSL/TLS certificate signed through CSR
generated by switch.
off Disables OCSP for SSL/TLS certificate signed through CSR
generated by switch (off).

Default
If no option is selected, SSL/TLS certificate (ssl-cert) is the default.

By default, OCSP is disabled.

Usage Guidelines
If the download operation is successful, any existing certificate is overwritten. For
SSL/TLS certificates, after a successful download, the software attempts to match the
public key in the certificate against the private key stored. If the private and public keys
do not match, the switch displays a warning message similar to the following: Warning:
The Private Key does not match with the Public Key in the certificate. This warning acts
as a reminder to also download the private key.

Note
You can only download a certificate key in the VR-Mgmt virtual router.

Downloaded certificates and keys are not saved across switch reboots unless you save
your current switch configuration. After you issue the save command, the downloaded
certificate is stored in the configuration file and the private key is stored in the
EEPROM.

You can purchase and obtain SSL certificates from Internet security vendors.

2128 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Remote IP Address Character Restrictions

Remote IP Address Character Restrictions

This section provides information about the characters supported by the switch for
remote IP addresses.

When specifying a remote IP address, the switch permits only the following characters:
• Alphabetical letters, upper case and lower case (A-Z, a-z).
• Numerals (0-9).
• Period ( . ).
• Colon ( : ).

When configuring an IP address for your network server, remember the requirements
listed above.

Remote File Name Character Restrictions

This section provides information about the characters supported by the switch for
remote file names.

When specifying a remote file name, the switch permits only the following characters:
• Alphabetical letters, upper case and lower case (A-Z, a-z).
• Numerals (0-9).
• Period ( . ).
• Dash ( - ).
• Underscore ( _ ).
• Slash ( / ).

When naming a remote file, remember the requirements listed above.

Example
The following command downloads a certificate from a TFTP server with the IP address
of 123.45.6.78:
# download ssl 123.45.6.78 certificate g0ethner1

The following command downloads a trusted-ca certificate:

# download ssl 10.120.89.79 certificate trusted-ca cacert.pem

The following command downloads an ocsp-signature-ca certificate:

# download ssl 10.120.89.79 certificate ocsp-signature-ca oscrcert.pem

History
This command was first available in the ExtremeXOS 11.2 and supported with the SSH
module.

The trusted-ca and ocsp-signature-ca options were added in ExtremeXOS 22.1.

Switch Engine™ Command Reference Guide for version 32.7.1 2129

Platform Availability Commands

The csr-cert and ocsp were added in ExtremeXOS 31.2.

Platform Availability
This command is available on all Universal switches supported in this document.

download ssl privkey

download ssl ipaddress privkey key_file

Description
Permits downloading of a private key from files stored in a TFTP server.

Syntax Description
ipaddress Specifies the IP address of the TFTP server.
key_file Specifies the name of the private key file.

Default
N/A.

Usage Guidelines
If the operation is successful, the existing private key is overwritten.

After a successful download, a check is performed to find out whether the private key
downloaded matches the public key stored in the certificate. If the private and public
keys do not match, the switch displays a warning similar to the following: Warning: The
Private Key does not match with the Public Key in the certificate. This warning acts as a
reminder to also download the corresponding certificate.

The certificate and private key file should be in PEM format and generated using RSA as
the cryptography algorithm.

Downloaded certificates and keys are not saved across switch reboots unless you save
your current switch configuration. Once you issue the save command, the downloaded
certificate is stored in the configuration file and the private key is stored in the
EEPROM.

Remote IP Address Character Restrictions

This section provides information about the characters supported by the switch for
remote IP addresses.

2130 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Remote Filename Character Restrictions

When specifying a remote IP address, the switch permits only the following characters:
• Alphabetical letters, upper case and lower case (A-Z, a-z).
• Numerals (0-9).
• Period ( . ).
• Colon ( : ).

When configuring an IP address for your network server, remember the requirements
listed above.

Remote Filename Character Restrictions

This section provides information about the characters supported by the switch for
remote filenames.

When specifying a remote filename, the switch permits only the following characters:
• Alphabetical letters, upper case and lower case (A-Z, a-z).
• Numerals (0-9).
• Period ( . ).
• Dash ( - ).
• Underscore ( _ ).
• Slash ( / ).

When naming a remote file, remember the requirements listed above.

Example
The following command downloads a private key from a TFTP server with the IP
address of 123.45.6.78:

download ssl 123.45.6.78 privkey t00Ts1e

History
This command was first available in the ExtremeXOS 11.2 and supported with the SSH
module.

Platform Availability
This command is available on all Universal switches supported in this document.

edit policy
edit policy filename

Description
Edits a policy text file.

Switch Engine™ Command Reference Guide for version 32.7.1 2131

Syntax Description Commands

Syntax Description
filename Specifies the filename of the policy text file.

Default
N/A.

Usage Guidelines
This command edits policy text files that are on the switch. All policy files use “.pol” as
the filename extension, so to edit the text file for the policy boundary use boundary.pol
as the filename. If you specify the name of a file that does not exist, you will be
informed and the file will be created.

This command spawns a VI-like editor to edit the named file. For information on using
VI, if you are not familiar with it, do a web search for “VI editor basic information”, and
you should find many resources. The following is only a short introduction to the editor.

Edit operates in one of two modes; command and input. When a file first opens, you are
in the command mode. To write in the file, use the keyboard arrow keys to position your
cursor within the file, then press one of the following keys to enter input mode:
• i - To insert text ahead of the initial cursor position.
• a- To append text after the initial cursor position.

To escape the input mode and return to the command mode, press the Escape key.

There are several commands that can be used from the command mode. The following
are the most commonly used:
• dd - To delete the current line.
• yy - To copy the current line.
• p - To paste the line copied.
• :w - To write (save) the file.
• :q - To quit the file if no changes were made.
• :q! - To forcefully quit the file without saving changes.
• :wq - To write and quit the file.

Refresh Policy
After you have edited the text file for a policy that is currently active, you will need to
refresh the policy if you want the changes to be reflected in the policy database. When
you refresh the policy, the text file is read, the syntax is checked, the policy information
is added to the policy manager database, and the policy then takes effect. Use the
following command to refresh a policy:
refresh policy policy-name

If you just want to check to be sure the policy contains no syntax errors, use the
following command:

2132 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

check policypolicy-name{access-list}

Example
The following command allows you to begin editing the text file for the policy
boundary:

edit policy boundary.pol

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

edit upm profile

edit upm profile profile-name

Description
Allows you to edit the specified profile.

Syntax Description
profile-name Specifies the UPM profile to be edited.

Default
N/A.

Usage Guidelines
Use the command to have VI-like editor features for editing the profile. Changes appear
when you close the file for editing, not when you save it.

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and

Switch Engine™ Command Reference Guide for version 32.7.1 2133

eject usb Commands

upgrade your license and which licenses support the Universal Port feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

eject usb
eject usb-device

Description
Ensures that USB 2.0 storage device can be safely removed from the switch.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
After the switch writes to a USB 2.0 storage device, and before you can view the
contents on the device, you must ensure it is safe to remove the device from the switch.
Use this command to prepare the device for removal. After you run this command, you
can manually remove the device.

If you have configured the configure debug core-dumps on page 406 command to
write files to the device that you are trying to eject, you are reminded to select another
location to write the bebug files to:
Note: The destination of debug core dump is still configured to memorycard.
If a memory card will not be present, it is recommended to use
"configure debug core-dumps" to change the core dump destination.

For more information about removing a USB 2.0 storage device, see the hardware
documentation.

To access and read the data on the card, use a PC with appropriate hardware such as
a compact flash reader/writer and follow the manufacturer’s instructions to access the
compact flash card and read the data.

Example
The following command prepares a compact flash card or USB 2.0 storage device to be
removed from the switch:
# eject usb

History
This command was first available in ExtremeXOS 11.1.

2134 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Support for USB 2.0 storage devices was added in ExtremeXOS 12.5.3.

The memorycard was deprecated in ExtremeXOS 30.7.

Platform Availability
This command is available on all Universal switches supported in this document.

ELSE
ELSE

Note
This is a script statement and operates only in scripts when scripting
is enabled with the following command: enable cli scripting
{permanent} .

Description
Command block to be executed if the condition specified in the associated IF
statement is not met.

Syntax Description
statements Actions to be executed when the conditions specified in
the associated IF statement are not met.

Default
N/A.

Usage Guidelines
CLI scripting must be enabled before using this command.

This command must be preceded by IF _expression THEN statements and followed

by ENDIF.

You can insert comments by using a number sign (#).

Example
The following example executes the show switch command if the value of the variable x
is greater than 2, and execute the show vlan command otherwise:

IF ($x > 2) THEN

show switch

Switch Engine™ Command Reference Guide for version 32.7.1 2135

History Commands

ELSE

show vlan

ENDIF

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

enable access-list permit to-cpu

enable access-list permit to-cpu

Description
Enables control packets to reach CPU, even if an ACL would deny them.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
This command allows control packets to reach the CPU, even if the packets match ACLs
that would otherwise deny them. The control packets include STP and EAPS BPDUs,
and ARP replies for the switch.

If this feature is disabled, these same packets will be denied if an ACL is applied that
contains a matching entry that denies the packets. Contrary to expectations, when this
feature is disabled, the packets will still be denied if there is a higher precedence entry
that permits the packets.

To disable this feature, use the following command:

disable access-list permit to-cpu

2136 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command enables STP BPDU packets to reach the switch CPU, despite
any ACL:
enable access-list permit to-cpu

History
This command was first available in ExtremeXOS 11.3.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable access-list refresh blackhole

Enables blackholing of packets during ACL refresh.
enable access-list refresh blackhole

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
When access control lists (ACLs) are refreshed, this command provides that any packets
arriving during the refresh will be blackholed. As the ACL is being refreshed, packets
may arrive while the ACL is in an indeterminate state, and packets may be permitted
that otherwise are dropped. This feature protects the switch during an ACL refresh.

To disable this feature, use the following command:

disable access-list refresh blackhole

Example
The following command enables dropping of packets during an ACL refresh:
enable access-list refresh blackhole

History
This command was first available in ExtremeXOS 11.0.

Switch Engine™ Command Reference Guide for version 32.7.1 2137

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

enable account
enable account [all {admin|user | name } ]

Description
Enables the specified account locally.

Syntax Description
all Specifies that all accounts, or all accounts of a certain type,
will be enabled locally.
admin Specifies that adminstrative privileged accounts will be
enabled locally.
user Specifies that user privileged accounts, including lawful
intercept accounts, will be enabled locally.
name Specifies the name of the account that will be enabled
locally.

Default
Enabled.

Usage Guidelines
Enabling accounts affects the following northbound interfaces:
• Console
• TELNET
• SSH
• HTTP
• XML

Example
The following example enables all accounts locally:
enable account all

History
This command was first available in ExtremeXOS 15.7.1.

2138 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

enable auto-provision cloud-connector

enable auto-provision cloud-connector

Description
Starts the Cloud Connector process on the switch.

Syntax Description
N/A

Default
Enabled.

Usage Guidelines
Use this command to start the Cloud Connector process.

Example
The following command starts the Cloud Connector process.:
enable auto-provision cloud-connector

History
This command was first available in ExtremeXOS 32.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable avb
enable avb

Description
This command is a macro command that can be used to enable all AVB protocols
globally on the switch. It is equivalent to issuing the following three commands:

enable mvrp

Switch Engine™ Command Reference Guide for version 32.7.1 2139

Syntax Description Commands

enable msrp

enable network-clock gptp

Syntax Description
avb Audio Video Bridging.

Default
Disabled.

Usage Guidelines
Use this command to enable all AVB protocols globally on the switch.

Example
enable avb

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable avb ports

enable avb ports [port_list | all]

Description
This command is a macro command that can be used to enable all AVB protocols on a
given set of ports. It is equivalent to issuing the following three commands:

enable mvrp ports

enable msrp ports

enable network-clock gptp ports

2140 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
avb Audio Video Bridging.
port_list Port list separated by a comma or "-".
all All ports.

Default
Disabled.

Usage Guidelines
Use this command to enable all AVB protocols on the given ports.

Example
enable avb ports 1-5

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable bgp
enable bgp

Description
Enables BGP.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command enables the Border Gateway Protocol (BGP) on the router. Before
invoking this command, the local AS number and BGP router ID must be configured.

Switch Engine™ Command Reference Guide for version 32.7.1 2141

Example Commands

Example
The following command enables BGP:

enable bgp

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bgp advertise-inactive-route

enable bgp {address-family [ipv4-unicast | ipv4-multicast |ipv6-unicast
| ipv6-multicast]} advertise-inactive-route

Description
Enables advertisement of BGP inactive routes, which are defined as those routes that
are rated best by BGP and not best in the IP routing table.

Syntax Description
address-family Specifies an IPv4 or IPv6 unicast or multicast address
family.

Default
Disabled.

If no address family is specified, IPv4 unicast is the default address family.

Usage Guidelines
This command can be successfully executed only when BGP is globally disabled. It is
best to enable this feature before you enable BGP (enable bgp). If BGP is enabled, you
must disable BGP (disable bgp), enable this feature, and then enable BGP.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

2142 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command enables inactive route advertisement for IPv4 unicast traffic:
enable bgp address-family ipv4-unicast advertise-inactive-route

History
This command was first available in ExtremeXOS 12.1.3.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bgp aggregation

enable bgp aggregation

Description
Enables BGP route aggregation.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Route aggregation is the process of combining the characteristics of several routes
so that they are advertised as a single route. Aggregation reduces the amount of
information that a BGP speaker must store and exchange with other BGP speakers.
Reducing the information that is stored and exchanged also reduces the size of the
routing table.

To use BGP route aggregation, follow these steps:

1. Enable aggregation using the following command:

enable bgp aggregation

2. Create an aggregate route using the following command:

Switch Engine™ Command Reference Guide for version 32.7.1 2143

Example Commands

configure bgp add aggregate-address {address-family [ipv4-unicast |

ipv4-multicast |ipv6-unicast | ipv6-multicast]} ipaddress/masklength
{as-match | as-set} {summary‑only} {advertise-policy policy}
{attribute-policy policy}

Example
The following command enables BGP route aggregation:

enable bgp aggregation

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bgp always-compare-med

enable bgp always-compare-med

Description
Enables BGP to use the Multi Exit Discriminator (MED) from neighbors in different
autonomous systems (ASs) in the route selection algorithm.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
MED is only used when comparing paths from the same AS, unless always-compare-
med is enabled. When this command is issued, MEDs from different AS are used in
comparing paths. A MED value of zero is treated as the lowest MED and therefore the
most preferred route.

2144 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

BGP must be disabled before you can change the configuration with this command.

Example
The following command enables BGP to use the Multi Exit Discriminator (MED) from
neighbors in different autonomous systems in the route selection algorithm:

enable bgp always-compare-med

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bgp community format

enable bgp community format AS-number : number

Description
Enables the as-number:number format of display for the communities in the output of
show commands.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
If not enabled, the communities are displayed as a single decimal value.

Switch Engine™ Command Reference Guide for version 32.7.1 2145

Example Commands

Example
The following command enables the AS-number:number format of display for
communities:

enable bgp community format AS-number : number

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bgp export

For IPv4 and IPv6 routes:
enable bgp export route_type {{address-family} address_family} {export-
policy policy-name}

For VPNv4 routes:

enable bgp export remote-vpn {{address-family} ipv4-unicast} {export-
policy policy-name}

Description
For IPv4 and IPv6 routes, this command enables the export of routes learned from BGP
peers to the specified protocol.

For VPNv4 routes, this command enables the exchange of routes between a BGP PE
router and a CE router.

Syntax Description
bgp For Layer 3 VPNs, this specifies that BGP routes learned
from CE routers are to be exported to remote PE routers.
route_type Specifies the BGP export route type. Valid route_type
values are: blackhole; direct; isis; isis-level-1; isis-level-2;
isis-level-1-external; isis-level-2-external; ospf; ospf-extern1;
ospf-extern2; ospf-inter; ospf-intra; rip; static; ospfv3; ospfv3-
extern1; ospfv3-extern2; ospfv3-inter; ospfv3-intra; ripng;
address-family Valid address_family values are: ipv4-unicast; ipv4-
multicast; ipv6-unicast; ipv6-multicast

2146 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

remote-vpn For Layer 3 VPNs, this specifies that BGP routes learned
from remote PE routers are to be exported to the local VRF.
policy-name Name of policy to be associated with network export.
Policy can filter and/or change the route parameters.

Default
Disabled.

If no address family is specified for an IPv6 protocol, the default IPv6 unicast family
applies; otherwise if no address family is specified, IPv4 unicast is the default.

Usage Guidelines
The exporting of routes between any two routing protocols is a discrete configuration
function. For example, you must configure the switch to export routes from OSPF to
BGP and, if desired, you must configure the switch to export routes from BGP to OSPF.
You must first configure both protocols and then verify the independent operation of
each. Then, you can configure the routes to export from OSPF to BGP, and the routes to
export from BGP to OSPF.

You can use a policy to associate BGP attributes including Community, NextHop, MED,
Origin, and Local Preference with the routes. A policy can also be used to filter out
exported routes.

Using the export command to redistribute routes complements the redistribution of

routes using the configure bgp add network command. The configure bgp add
network command adds the route to BGP only if the route is present in the routing
table. The enable bgp export command redistributes an individual route from the
routing table to BGP. If you use both commands to redistribute routes, the routes
redistributed using the network command take precedence over routes redistributed
using the export command.

Note
For this command to execute, the specified protocol must support the
specified address family. For example, the command fails if you specify OSPF
and the IPv6 unicast address family. You can specify blackhole, direct, static,
and IS-IS routes with IPv4 or IPv6 address families.

To export Layer 3 VPN routes to the CE peer in a VPN VRF, the source must be remote-
vpn and destination address family must be ipv4-unicast.

Example
The following command enables BGP to export OSPF routes to other BGP routers:

enable bgp export ospf

Switch Engine™ Command Reference Guide for version 32.7.1 2147

History Commands

The following command enables export of Layer 3 VPN Routes recevied from the PE
Core in a VPN-VRF to its CE peers:
enable bgp export remote-vpn address-family ipv4-unicast

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

The blackhole option was added in ExtremeXOS 12.1.3.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bgp export vr

enable bgp export {vr} vr_name route_type {address-family} vpnv4
{export-policy policy_name}

Description
For IPv4 and IPv6 routes, this command enables the PE router to export and
redistribute local VRF routes to remote PE routers through BGP.

Syntax Description
vr Specifies the source VPN VRF of the exported routes .
vr_name Specifies the name of the source VPN VRF.
route_type Specifies the source or origin of the route types to be
exported to remote PE routers. Valid Types: blackhole,
direct, and bgp, and static .
address-family Specifies the address family for the exported routes.
Valid types are vpnv4.

2148 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

export-policy vpnv4 (Optional) The export policy can be specified when

you enable bgp export.
Specifies that routes from the VRF are exported as
vpnv4 routes over MPBGP.
policy_name Name of export policy to be associated with export
of VRF routes into BGP’s VPN-IPv4 domain for
advertisement to other PE routers.

Default
Disabled.

Usage Guidelines
This command enables a PE router to advertise learned routes from CE routers to
remote PE routers in a Service Provider's backbone. Executing this command allows
the PE router to convert VRF native IPv4 routes into VPN-IPv4 route,s and advertise to
all remote PE BGP neighbors as VPN-IPv4 routes.
• This export command is applicable in Parent VR context only. If you execute it in a
VRF context, an error message is returned.
• The source VPN VRF must be a child of the Parent VR.
• BGP need not be added to a VPN VRF to export routes from a VPN VRF.
• The direction of where the redistribution is targeted is implicit on the keywords
used. Similarly bgp only applies to EBGP routes from CE exported as VPN routes,
hence we use it only with address family vpnv4. Other sources such as “static” and
“direct” are redistributed both ways.
• Use show vr parent_vr_name to check routes exported from various VPN VRFs
into the MBGP’s VPN-IPv4 domain.
• Use show vr vpn_vrf_name to check routes exported from a VPN VRF into the
MBGP’s VPN-IPv4 domain.

Example
The following command enables BGP to advertise a vpnv4 route named
"corp1_vpn_vrf":

switch 19 # enable bgp export "corp1_vpn_vrf" bgp address-family vpnv4

History
This command was first added in ExtremeXOS 15.3.

Switch Engine™ Command Reference Guide for version 32.7.1 2149

Platform Availability Commands

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature,see the Switch Engine 32.7.1
Feature License Requirements document.

enable bgp export [static | direct] l2vpn-evpn

enable bgp export [static | direct] {address-family address_family}
l2vpn-evpn {vr vr_name}

Description
Exports direct, static, and BGP routes from a VRF into BGP, running on the specified VR,
as EVPN routes to be advertised by BGP as Type 5 routes.

Syntax Description
bgp Specifies showing the BGP configuration.
export Specifies redistributing information from another routing
protocol.
static Specifies static routes.
direct Specifies direct routes.
address-family Specifies the address family.
address_family Sets the address family type.
l2vpn-evpn Specifies the L2VPN EVPN address family.
vr Specifies the source VR.
vr_name Designates the source VR name. Both VPN-VRFs and non-
VPN-VRFs are supported.

Default
N/A.

Usage Guidelines
N/A.

Example
The following example exports static routes on VR "vr-a" as EVPN routes to be
advertised by BGP as Type 5 routes:
# enable bgp export static l2vpn-evpn vr vr-a

2150 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 30.6.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bgp fast-external-fallover

enable bgp fast-external-fallover

Description
Enables BGP fast external fallover functionality.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command enables the BGP fast external fallover on the router. This command
applies to all directly-connected external BGP neighbors.

When BGP fast external fallover is enabled, the directly-connected EBGP neighbor
session is immediately reset when the connecting link goes down.

If BGP fast external fallover is disabled, BGP waits until the default hold timer expires
(3 keepalives) to reset the neighboring session. In addition, BGP might teardown the
session somewhat earlier than hold timer expiry if BGP detects that the TCP session
and it's directly connected link is broken (BGP detects this while sending or receiving
data from TCP socket).

Example
The following command enables BGP fast external fallover:

enable bgp fast-external-fallover

Switch Engine™ Command Reference Guide for version 32.7.1 2151

History Commands

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bgp mpls-next-hop

enable bgp mpls-next-hop

Description
Enables IP forwarding over calculated MPLS LSPs to subnets learned via BGP.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command enables IP forwarding over calculated MPLS LSPs to subnets learned via
BGP. (Calculated refers to an LSP that only reaches part of the way to the destination).
IP forwarding over MPLS LSPs must be enabled to forward over calculated LSPs. By
default, IP forwarding over MPLS LSPs to subnets learned via BGP is disabled.

Example
The following command enables BGP’s use of MPLS LSPs to reach BGP routes:
enable bgp mpls-next-hop

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

2152 Switch Engine™ Command Reference Guide for version 32.7.1

Commands enable bgp multipath-relax

enable bgp multipath-relax

enable bgp multipath-relax

Description
Enables BGP multipath-relax feature, which modifies the definition of an equal cost
BGP route.

Syntax Description
multipath-relax Selects BGP multipath relax feature.

Default
This feature is disabled by default.

Usage Guidelines
This feature modifies the definition of equal cost BGP routes as specified in RFC-4271. In
particular, routes with the same AS-path length, but differing AS numbers in the path
are not considered equal cost by default. However, with multipath-relax enabled, routes
with the same AS-path length can have differing AS number values in the AS-path and
still be considered equal cost.

BGP must be disabled (disable bgp ) first to enable this feature.

Example
The following example enables BGP multipath-relax feature:
enable bgp multipath-relax

History
This command was first available in ExtremeXOS 22.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bgp neighbor

enable bgp neighbor [remoteaddr | all]

Switch Engine™ Command Reference Guide for version 32.7.1 2153

Desription Commands

Desription
Enables the BGP session. The neighbor must be created before the BGP neighbor
session can be enabled.

Syntax Description
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor.
all Specifies all IPv4 and IPv6 neighbors.

Default
Disabled.

Usage Guidelines
To create a new neighbor and add it to a BGP peer group, use the following command:
create bgp neighbor remoteaddr peer-group peer-group-name {multi-hop}

This command applies to the current VR or VRF context.

Example
The following command enables the BGP neighbor session:

enable bgp neighbor 192.168.1.17

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bgp neighbor address-family l2vpn-evpn

enable bgp {neighbor [remoteaddr | all]} {{address-family} l2vpn-evpn}
next-hop-unchanged

2154 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Enables overriding the BGP specification behavior with respect to the next-hop of
routes advertised to EBGP peers.

Syntax Description
bgp Specifies BGP.
neighbor Specifies BGP neighbor.
remoteaddr Specifies BGP neighbor IP address.
all Specifies all BGP neighbors.
address-family Specifies address family.
l2vpn-evpn Specifies L2VPN EVPN address-family type.
next-hop-unchanged Enables preserving the BGP next-hop when routes are
advertised to EBGP peers (default is disabled).

Default
Default is that next-hop-unchanged is disabled.

Usage Guidelines
This command enables overriding the specification behavior with respect to the next-
hop of routes advertised to EBGP peers. Specifically, it maintains the BGP next-hop
for routes advertised to EBGP peers instead of replacing the next-hop with either the
outgoing interface IP address or the local loopback address.

When enabling the address family l2vpn-evpn in an EBGP configuration, the option
next-hop-unchanged must also be enabled.

Example
The following example enables next-hop unchanged for BGP neighbor at 192.168.66.2:
# enable bgp neighbor 192.168.66.2 l2vpn-evpn next-hop-unchanged

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 2155

enable bgp neighbor capability Commands

enable bgp neighbor capability

enable bgp neighbor [all |remoteaddr] capability [ipv4-unicast | ipv4-
multicast | ipv6-unicast | ipv6-multicast | vpnv4 | route-refresh |
ipv4-vxlan | l2vpn-evpn]

Description
This command enables multi protocol BGP (MBGP) and route-refresh capabilities for
one or all BGP neighbors.

Syntax Description
all Specifies that the configuration applies to all neighbors
in the specified address family. If no address family
is specified or if an IPv4 address is specified, the
configuration applies to all IPv4 neighbors. If an IPv6
address family is specified, the configuration applies to all
IPv6 neighbors.
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor. The
switch uses the IP address format to determine if the
address is an IPv4 or IPv6 address.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies VPN ipv4 unicast address family for a BGP
neighbor. This is a required configuration for PE to PE BGP
neighbor session. You must configure it before you enable
a neighbor.
route-refresh Specifies ROUTE-REFRESH message capabilities.
ipv4-vxlan Specifies IPv4 VXLAN capability.
l2vpn-evpn Specifies L2 VPN EVPN address family.

Default
The following capabilities are enabled by default for IPv4 peers: IPv4 unicast, IPv4
multicast, and route refresh.

The following capabilities are enabled by default for IPv6 peers: route refresh.

Note
For IPv4 peers, the IPv4 unicast and IPv4 multicast capabilities are enabled
by default to support legacy peers that do not support MBGP. All other
capabilities (except route-refresh) are disabled by default.

2156 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
When you change the capability configuration, you must enable the BGP neighbor
before the configuration becomes active. If the BGP neighbor was enabled before the
change, you must disable and enable the BGP neighbor. After the capabilities have
been enabled, the BGP neighbor announces its capabilities to neighbors in an OPEN
message.

When one or more address families are enabled, routes from the specified address
families are updated, accepted, and installed. If more than one address family
capability is enabled,or if the VPNv4 address family is enabled,the MBGP extension is
automatically enabled. To disable MBGP, you must disable all enabled address families.

To support Layer 3 VPNs, you must enable the VPNv4 address family for all MBGP peers
that will distribute VPNv4 routes across the service provider backbone. The VPNv4
address family must be enabled on the MPLS-enabled VR; it is not supported for BGP
neighbors on the CE (VRF) side of the PE router.

Use the vpnv4 keyword for all PE to PE BGP neighbor sessions. This instructs BGP to
negotiate the vpnv4 address family in an open message with other PE routers. If this
command is executed when a BGP neighbor session is established, it will take effect
only after BGP session is reset. We recommend that you execute this command when a
BGP neighbor is operationally down. Do not issue this command for a neighbor that is
part of a VRF (PE – CE), or a warning message will be displayed.

Note
To inter-operate with Cisco routers for BGP graceful restart, you must enable
the IPv4 unicast address capability.

This command applies to the current VR or VRF context.

Note
For an IPv6 peer, an IPv6 address family must be specified. From 21.1
ExtremeXOS allows IPV4 peering sessions to carry IPV6 routes and IPV6
peering sessions to carry IPV4 routes for the Unicast and Multicast sub-address
families.

Note
You must enable a VPN IPv4 unicast address family for a BGP neighbor for a
PE to PE BGP neighbor session before you enable the neighbor.

Example
The following command enables the route-refresh feature for all neighbors:
enable bgp neighbor all capability route-refresh

The following command enables the VPNv4 address family for a BGP neighbor:
virtual router corp1_vrf
enable bgp neighbor 192.168.96.235 capability vpnv4

Switch Engine™ Command Reference Guide for version 32.7.1 2157

History Commands

The following command enables VXLAN capability for the BGP neighbor at 192.168.68.1:
enable bgp neighbor 192.168.68.1 capability ipv4-vxlan

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Support for IPv4 VXLAN was added in ExtremeXOS 22.3.

Support for L2 VPN EVPN address family was added in ExtremeXOS 30.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bgp neighbor capability address-family vpnv4

enable bgp {neighbor} [all | remoteaddr] capability address-family vpnv4
type [community | ext-community] {[send | receive | both]}

Description
This command enables Outbound Route Filtering (ORF) for one or all BGP neighbors
on a Layer 3 VPN.

Syntax Description
all Specifies that the configuration applies to all neighbors
in the specified address family. If no address family
is specified or if an IPv4 address is specified, the
configuration applies to all IPv4 neighbors.
remoteaddr Specifies the IPv4 address of a BGP neighbor.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.
community Enables neighbor capability for communities.
ext-community Enables neighbor capability for extended communities.
send Enables neighbor capability filter list send capability.

2158 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

receive Enables neighbor capability filter list receive capability.

both Enables neighbor capability filter list send and receive
capability.

Default
Disabled.

If the direction is not specified, the both option applies.

Usage Guidelines
Enter this command multiple times to configure the address family, type, and direction
attributes.

By specifying the address-family, type and direction in multiple commands, you can
better control the actual ORF capabilities sent to a peer. In the case where a particular
address-family is explicitly disabled for a peering, the ORF capability configuration for
that address-family is ignored and not sent.

ORF capabilities can only be enabled for IPv4 neighbors, and only for IPv4 address
families. If configured for IPv6 neighbors or address-families the command is rejected
with the following error message:
Outbound-route-filtering not supported for IPv6 neighbors
or
Outbound-route-filtering not supported for address family addr_family

Example
The following examples enables the neighbor capability feature for a Layer 3 VPN
neighbor:
enable bgp neighbor 1.1.1.1 capability address-family vpnv4

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 2159

enable bgp neighbor originate-default Commands

enable bgp neighbor originate-default

enable bgp [{neighbor} remoteaddr | neighbor all] {address-family [ipv4-
unicast | ipv4-multicast |ipv6-unicast | ipv6-multicast]} originate-
default {policy policy-name}

Description
Enables the origination and advertisement of a default route to a single BGP neighbor
or to all BGP neighbors.

Syntax Description
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor.
all Specifies that the configuration applies to all neighbors
in the specified address family. If no address family is
specified, the configuration applies to the IP Unicast family
on all IPv4 peers. If an IPv4 address family is specified,
the configuration applies to all IPv4 neighbors. If an IPv6
address family is specified, the configuration applies to all
IPv6 neighbors.
address-family Specifies an IPv4 or IPv6 unicast or multicast address
family.
policy-name Specifies a policy to be applied to the default route
origination.

Default
Disabled. BGP does not automatically originate and advertise default routes to BGP
neighbors.

If no address family is specified and an IPv4 address is detected, IPv4 unicast is the
default address family.

Note
You must specify an IPv6 address family for an IPv6 peer, because an IPv6
peer does not support the default IPv4 unicast address family. Similarly, if you
specify an IPv4 peer and an address family in the command, an IPv4 address
family must be specified.

Usage Guidelines
This command can be successfully executed at any time, irrespective of whether local
BGP or the remote BGP peer is enabled or disabled. The default route or routes are
created regardless of whether or not there are matching entries in the IP route table.

When a BGP neighbor is added to a peer group, it does not inherit the default route
origination configuration from the peer group. Also, default route origination for a
neighbor and the associated peer group can be different.

2160 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

If a policy is configured and specified in the command, a default route can be

originated only if there is a route in the local BGP RIB that matches the policy's
match rules. The default route's attribute can be modified using the same policy file
by including statements in the set block of the policy.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Example
The following command enables the origination and advertisement of default routes
for IPv4 unicast traffic for all BGP peer nodes:

enable bgp neighbor all originate-default

History
This command was first available in ExtremeXOS 12.3.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bgp neighbor remove-private-AS-numbers

enable bgp neighbor [remoteaddr | all] remove-private-AS-numbers

Description
Enables the removal of private AS numbers from the AS path in route updates sent to
EBGP peers.

Syntax Description
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor.
all Specifies all IPv4 and IPv6 neighbors.

Default
Disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2161

Usage Guidelines Commands

Usage Guidelines
Private AS numbers are AS numbers in the range 64512 through 65534. You can remove
private AS numbers from the AS path attribute in updates that are sent to external BGP
(EBGP) neighbors. Possible reasons for using private AS numbers include:
• The remote AS does not have officially allocated AS numbers.
• You want to conserve AS numbers if you are multi-homed to the local AS.

Private AS numbers should not be advertised on the Internet. Private AS numbers

can only be used locally within an administrative domain. Therefore, when routes are
advertised out to the Internet, the routes can be stripped out from the AS paths of the
advertised routes using this feature.

This command applies to the current VR or VRF context.

Example
The following command enables the removal of private AS numbers from the AS path
in route updates sent to the EBGP peers:

enable bgp neighbor 192.168.1.17 remove-private-AS-numbers

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bgp neighbor soft-in-reset

enable bgp neighbor [all | remoteaddr] {address-family [ipv4-unicast |
ipv4-multicast |ipv6-unicast | ipv6-multicast |vpnv4]} soft-in-reset

Description
Enables the soft input reset feature.

2162 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
all Specifies that the configuration applies to all neighbors
in the specified address family. If no address family is
specified, the configuration applies to the IP Unicast family
on all IPv4 peers. If an IPv4 address family is specified,
the configuration applies to all IPv4 neighbors. If an IPv6
address family is specified, the configuration applies to all
IPv6 neighbors.
remoteaddr Specifies the IPv4 or IPv6 address of a BGP neighbor.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.

Default
Disabled.

If no address family is specified and an IPv4 address is detected, IPv4 unicast is the
default address family.

Usage Guidelines
Before you can change the configuration with this command, you must disable BGP,
and you must disable the corresponding BGP neighbor session using the following
command:
disable bgp neighbor [remoteaddr | all]

To enable this feature on Layer 3 VPNs, you must do so in the context of the MPLS-
enabled VR; this feature is not supported for BGP neighbors on the CE (VRF) side of the
PE router.

This command applies to the current VR or VRF context.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
For an IPv6 peer, an IPv6 address family must be specified, because an IPv6
peer does not support IPv4 address families. If no address family is specified
for an IPv6 peer, the default, the IPv4 unicast address family, applies and the
command fails. Similarly an IPv4 peer only supports IPv4 address families and
the command fails if an IPv6 address family is specified.

Switch Engine™ Command Reference Guide for version 32.7.1 2163

Example Commands

Example
The following command enables the soft recognition feature:

enable bgp neighbor 192.168.1.17 soft-in-reset

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bgp peer-group

enable bgp peer-group peer-group-name

Description
Enables a peer group and all the neighbors of a peer group.

Syntax Description
peer-group-name Specifies a peer group.

Default
Disabled.

Usage Guidelines
You can use BGP peer groups to group together up to 200512 BGP neighbors. All
neighbors within the peer group inherit the parameters of the BGP peer group. The
following mandatory parameters are shared by all neighbors in a peer group:
• source-interface
• out-nlri-filter
• out-aspath-filter
• out-route-map

2164 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

• send-community
• next-hop-self

This command applies to the current VR or VRF context.

Example
The following command enables the BGP peer group outer and all its neighbors:

enable bgp peer-group outer

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bgp peer-group capability

enable bgp peer-group peer-group-name capability {[address-family [ipv4-
unicast | ipv4-multicast]} type [community | ext-community | prefix]
{[send | receive | both]}

Description
This command enables ORF capabilities for a particular peer, peer-group, or all peers
for one or all address-families and ORF types (for example, communities, extended
communities and prefixes). The command specifies whether ORF capabilities are sent
to the peer, and if they are honoured if received from the peer, or both.

Syntax Description
peer-group-name Specifies a peer group.
address-family Specifies outbound route filtering.
ipv4-unicast Specifies an IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
community Enables ORF for communities.
ext-community Enables ORF for extended communities.
prefix Enables ORF for prefixes.

Switch Engine™ Command Reference Guide for version 32.7.1 2165

Default Commands

send Enables ORF filter list send capability.

receive Enables ORF filter list receive capability.
both Enables ORF filter list send and receive capability.

Default
• ORF is disabled globally.
• ORF capabilities are assumed to be disabled by default for all neighbors.
• If address family is not specified, ipv4-unicast is assumed.
• If direction is not specified, both is assumed.

Note
prefix is not supported for vpnv4 address family.

The route refresh capability is enabled for IPv6 peer groups by default.

Usage Guidelines
By specifying the address-family, type and direction in multiple commands you
can better control the ORF capabilities sent to a peer. In cases where a particular
address-family is explicitly disabled for a peering, the ORF capability configuration for
that address-family is ignored and not sent.

ORF capabilities can only be enabled for IPv4 neighbors and only for IPv4 address
families. If configured for IPv6 neighbors or address-families the command is rejected
with the following error message:

Outbound-route-filtering not supported for IPv6 neighbors, or Outbound-

route-filtering not supported for address family addr_family .

Example
The following command enables send only ORF capabilities for an ipv4 multicast peer
group:
enable bgp peer-group capability orf address-family ipv4-multicast type community send

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

2166 Switch Engine™ Command Reference Guide for version 32.7.1

Commands enable bgp peer-group capability

enable bgp peer-group capability

enable bgp peer-group peer-group-name capability [ipv4-unicast | ipv4-
multicast |ipv6-unicast | ipv6-multicast |vpnv4 |route-refresh ]

Description
This command enables BGP Multiprotocol (MP) and route-refresh capabilities for a
peer-group.

Syntax Description
peer-group-name Specifies a peer group.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
route-refresh Specifies ROUTE-REFRESH message capabilities.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.

Default
All capabilities are enabled for IPv4 peer groups by default.

The route refresh capability is enabled for IPv6 peer groups by default.

Usage Guidelines
This command enables BGP Multiprotocol or route-refresh capabilities for a peer group.
When you change the capability configuration, you must enable the BGP peer group
before the configuration becomes active. If the BGP peer group was enabled before
the change, you must disable and enable the BGP peer group. After the capabilities
have been enabled, the BGP peer announces its capabilities to neighbors in an OPEN
message.

When one or more address families are enabled, routes from the specified address
families are updated, accepted, and installed. If more than one address family
capability is enabled,or if the VPNv4 address family is enabled,the MBGP extension is
automatically enabled. To disable MBGP, you must disable all enabled address families.

A peer group can be configured for either IPv4 or IPv6 address families, but not both.
Because a peer-group cannot support both IPv4 and IPv6 peers, the switch prevents
the enabling of address families that are not compatible with peers that are already in
the peer-group. Similarly if a particular address family is enabled for the peer-group, a
peer that is incompatible with the existing peer-group configuration cannot be added
to the group.

Switch Engine™ Command Reference Guide for version 32.7.1 2167

Example Commands

To support Layer 3 VPNs, you must enable the VPNv4 address family for all MBGP peers
that will distribute VPNv4 routes across the service provider backbone. The VPNv4
address family must be enabled on the MPLS-enabled VR; it is not supported for BGP
neighbors on the CE (VRF) side of the PE router.

This command applies to the current VR or VRF context.

Note
To inter-operate with Cisco routers for BGP graceful restart, you must enable
IPv4 unicast address capability.

Example
The following command enables the route-refresh feature for the peer group outer:
enable bgp peer-group outer capability route-refresh

The following command enables the VPNv4 address family for a peer group:
enable bgp peer-group backbone capability vpnv4

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bgp peer-group capability address-family vpnv4

disable bgp peer-group peer-group-name capability address-family vpnv4
type [community | ext-community] {[send | receive | both]}

Description
This command disables peer-group capability for a peer group on a Layer 3 VPN.

2168 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
remoteaddr Specifies the IPv4 address of a BGP neighbor.
vpn4 Specifies the VPNv4 address family for Layer 3 VPN
support.
community Disables peer-group capability for communities.
ext-community Disables peer-group capability for extended communities.
send Disables peer-group capability filter list send capability.
receive Disables peer-group capability filter list receive capability.
both Disables peer-group capability filter list send and receive
capability.

Default
Disabled. If the direction is not specified, the both option applies.

Usage Guidelines
Enter this command multiple times to configure the address family, type, and direction
attributes.

By specifying the address-family, type and direction in multiple commands, you can
better control the actual ORF capabilities sent to a peer. In the case where a particular
address-family is explicitly disabled for a peering, the ORF capability configuration for
that address-family is ignored and not sent.

ORF capabilities can only be enabled for IPv4 neighbors, and only for IPv4 address
families. If configured for IPv6 neighbors or address-families the command is rejected
with the following error message:

Outbound-route-filtering not supported for IPv6 neighbors, orOutbound-

route-filtering not supported for address family addr_family .

The following command disables the peer-group capability feature for a Layer 3 VPN
peer group:
disable bgp peer-group vpn capability address-family vpnv4

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 2169

enable bgp peer-group next-hop-unchanged Commands

enable bgp peer-group next-hop-unchanged

enable bgp peer-group peer-group-name 12vpn-evpn next-hop-unchanged

Description
Enables a peer group and with respect to the next-hop of routes advertised to EBGP
peers.

Syntax Description
peer-group-name Specifies a peer group.
12vpn-evpn Specifies L2VPN EVPN address-family type.
next-hop-unchanged Enables preserving the BGP next-hop when routes are
advertised to EBGP peers (default is disabled).

Default
Default is that next-hop-unchanged is disabled.

Usage Guidelines
This command enables overriding the specification behavior with respect to the next-
hop of routes advertised to EBGP peers. Specifically, it maintains the BGP next-hop for
routes advertised to EBGP peers.

When enabling the address family l2vpn-evpn in an EBGP configuration, the option
next-hop-unchanged must also be enabled.

Example
The following command enables next-hop unchanged for the BGP peer group pg2 :

enable bgp peer-group pg2 l2vpn-evpn next-hop-unchanged

History
This command was first available in ExtremeXOS 31.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

2170 Switch Engine™ Command Reference Guide for version 32.7.1

Commands enable bgp peer-group originate-default

enable bgp peer-group originate-default

enable bgp {peer-group} peer-group-name {address-family [ipv4-unicast
| ipv4-multicast |ipv6-unicast | ipv6-multicast]} originate-default
{policy policy_name}

Description
Enables the origination and advertisement of default routes to all BGP neighbors in the
specified peer group.

Syntax Description
peer-group peer-group- Specifies the BGP peer group for which the default routes
name are originated and advertised.
address-family Specifies an IPv4 or IPv6 unicast or multicast address
family.
policy_name Specifies a policy to be applied to the default routes during
origination.

Default
Disabled. BGP does not automatically originate and advertise default routes to BGP
neighbors.

Usage Guidelines
This command can be successfully executed at any time, irrespective of whether local
BGP or the remote BGP peers are enabled or disabled. The default routes are created
regardless of whether or not there are matching entries in the IGP route table.

When a BGP neighbor is added to a peer group, it does not inherit the default route
origination configuration from the peer group. Also, default route origination for a
neighbor and the associated peer group can be different.

If a policy is configured and specified in the command, a default route can be

originated only if there is a route in the local BGP RIB that matches the policy's
match rules. The default route's attribute can be modified using the same policy file
by including statements in the set block of the policy.

Switch Engine™ Command Reference Guide for version 32.7.1 2171

Example Commands

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
If the specified peer group contains IPv6 peers, it is an IPv6 peer group and you
must specify an IPv6 address-family. When the specified peer group is an IPv6
peer group, this command fails if no address family is specified or if an IPv4
address-family is specified. This command also fails if an IPv6 address family is
specified for an IPv4 peer-group.

Example
The following command enables the origination and advertisement of default routes
for IPv4 unicast traffic for all nodes in the test BGP peer group:

enable bgp peer-group test originate-default

History
This command was first available in ExtremeXOS 12.2.2.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bgp peer-group remove-private-AS-numbers

enable bgp peer-group peer-group-name remove-private-AS-numbers

Description
Enables the removal of private autonomous system (AS) numbers from the AS_Path
attribute of outbound updates.

Syntax Description
peer-group-name Specifies a peer group.

Default
Disabled.

2172 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This command applies to the current VR or VRF context.

Example
The following command enables the BGP peer group outer from removing private AS
numbers:

enable bgp peer-group outer remove-private-AS-numbers

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bgp peer-group soft-in-reset

enable bgp peer-group peer-group-name {address-family [ipv4-unicast |
ipv4-multicast |ipv6-unicast |ipv6-multicast |vpnv4]}soft-in-reset

Description
Enables the soft input reset feature.

Syntax Description
peer-group-name Specifies a peer group.
ipv4-unicast Specifies the IPv4 unicast address family.
ipv4-multicast Specifies an IPv4 multicast address family.
ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN
support.

Default
Disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2173

Usage Guidelines Commands

If no address family is specified, IPv4 unicast is the default.

Usage Guidelines
Disabling the soft input reset feature can potentially limit the amount of system
memory consumed by the RIB-in.

After you enter this command, the switch automatically disables and enables all
neighbors in the peer group before the change takes effect.

This command applies to the current VR or VRF context.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
If the specified peer group contains IPv6 peers, it is an IPv6 peer group and
you must specify an IPv6 address-family. When the specified peer group is an
IPv6 peer group, this command defaults to IPv4 unicast if no address family is
specified. This command fails if an IPv6 address family is specified for an IPv4
peer-group.

Example
The following command enables the soft input reset feature:

enable bgp peer-group outer soft-in-reset

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bootp vlan

enable bootp {ipv4} | dhcp {ipv4 | ipv6} ] vlan [vlan | all]

2174 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Enables the generation and processing of BOOTP packets on a VLAN to obtain an IP
address for the VLAN from a BOOTP server.

Syntax Description
bootp Enable BOOTP client.
ipv4 IPv4 client.
dhcp Enable DHCP client.
ipv6 IPv6 client.
vlan Specifies a VLAN name.
all Specifies all VLANs.

Default
Disabled.

Usage Guidelines
If IPv4/IPv6 keyword is not specified , ipv4 would be taken as default for the mentioned
VLAN.

Example
The following example enables the generation and processing of BOOTP packets on a
VLAN named "accounting":
enable bootp vlan accounting

History
This command was first available in ExtremeXOS 10.1.

The ipv4 and ipv6 keywords were added in ExtremeXOS 15.6.

Platform Availability
This command is available on all Universal switches supported in this document.

enable bootprelay ipv6

enable bootprelay {ipv4 | ipv6} {vlan vlan_name} | {vr vr_name} | all
{vr vr_name}

Switch Engine™ Command Reference Guide for version 32.7.1 2175

Description Commands

Description
Enables BOOTP Relay v6. This can be done across the VR or on a per VLAN basis.

Syntax Description
bootprelay BOOTP Relay service.
ipv4 DHCPv4 BOOTP Relay service.
ipv6 DHCPv6 BOOTP Relay service.
vlan_name Specifies a VLAN name
vr Uses a specific virtual router name.
vr_name Specifies a virtual router name.
all Enables all VLANs.

Default
IPv4.

Usage Guidelines
Use this command to enable BOOTP Relay across the VR or on a per VLAN basis.

Example
The following example displays IPv6 bootprelay information:
* switch # show bootprelay ipv6
BOOTP Relay: DHCPv6 BOOTP Relay enabled on virtual router "VR-Default"
BOOTP Relay Servers : 2001:0db8:85a3:0000:0000:8a2e:0370:7334
2001:0db8:85a3:0000:0000:8a2e:0370:7335
2001:0db8:85a3:0000:0000:8a2e:0370:7336
2001:0db8:85a3:0000:0000:8a2e:0370:7337
VLAN "Default":
BOOTP Relay : Disabled
VLAN "v1":
BOOTP Relay : Enabled
BOOTP Relay Servers : 2001:0db8:85a3:0000:0000:8a2e:0370:7338
Interface ID : v1-12
Remote ID :v1_remId
Prefix Snooping : Disabled
VLAN"v2":
BOOTP Relay : Enabled
BOOTP Relay Servers : 2001:0db8:85a3:0000:0000:8a2e:0370:7339
Interface ID : 100 (Default)
Remote ID : 00:04:96:52:A7:1B (Default)
Prefix Snooping : Disabled

History
This command was first available in ExtremeXOS 15.5.

2176 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable bootprelay
enable bootprelay {{vlan} [vlan_name] | {{vr} vr_name} | all [{vr}
vr_name]}

Description
Enables the BOOTP Relay function on one or all VLANs for the specified VR or VRF.

Syntax Description
vlan_name Specifies a single VLAN on which to enable the BOOTP
Relay feature.
vr_name Specifies a single VR or VRF on which to enable the
BOOTP Relay feature. If not specified, VR or VRF of current
command context is used.
all Specifies that BOOTP Relay is to be enabled for all VLANs
on the specified VR or VRF.

Default
The BOOTP Relay function is disabled on all VLANs and VRs.

If not specified, VR of current command context is used.

Usage Guidelines
Because VLAN names are unique on the switch, you can specify only a VLAN name
(and omit the VR name) to enable BOOTP Relay on a particular VLAN. When you
enable BOOTP Relay on a VR or VRF, BOOTP Relay is enabled on all VLANs for that
VR. If you enter the command without specifying a VLAN or a VR, the functionality is
enabled for all VLANs in the current VR context.

Note
If DHCP/BOOTP Relay is enabled on a per VLAN basis, make sure it is enabled
on both the client-side and server-side VLANs.

Switch Engine™ Command Reference Guide for version 32.7.1 2177

Example Commands

Example
The following example enables the forwarding of BOOTP requests for all VLANs in the
current VR context:
enable bootprelay

You can use either of the following commands to enable the forwarding of BOOTP
requests for VLAN client1:
enable bootprelay "client1"
enable bootprelay vlan "client1"

You can use any one of the following commands to enable the forwarding of BOOTP
requests for all VLANs on VR zone3:
enable bootprelay zone3
enable bootprelay vr zone3
enable bootprelay all zone3
enable bootprelay all vr zone3

History
This command was first available in ExtremeXOS 10.1.

The capability to enable BOOTP Relay on a VLAN was added in ExtremeXOS 12.4.2.

The capability to enable BOOTP Relay on VPN-VRF is added in ExtremeXOS 22.5.

Platform Availability
This command is available on all Universal switches supported in this document.

enable cdp ports

enable cdp ports [port_list | all]

Description
Enables Cisco Discovery Protocol (CDP) on a port.

Syntax Description
port_list Specifies the list of ports to enable CDP on.
all Specifies that you enable CDP on all ports.

Default
Enabled.

2178 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines

Example
The following command enables CDP on all ports on the switch:

enable cdp ports all

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

enable cfm segment frame-delay measurement

enable cfm segment frame-delay measurement segment_name { mep mep_id }
[continuous | count value]

Description
Triggers DMM frame transmission.

Syntax Description
segment_name An alpha numeric string identifying the segment name.
mep Specifies the maintenance association End Point that
helps trigger a particular MEP level session on that
segment.
mep_id Specifies the MEP-ID. The range is 1-8191. The default is all
MEPs on the segment.
continuous Specifies that frames are to be sent continuously until
stopped.
count Specifies that a number of frames are to be sent.
value Specifies the number of frames to send. The range is 1 to
4294967295.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 2179

Usage Guidelines Commands

Usage Guidelines
Use this command to trigger DMM frames at the specified transmit interval configured
using the command configure cfm segment transmit-interval.

Continuous transmission continues until it is stopped with the command disable cfm
segment frame-delay measurement or delete cfm segment.

Note
If you try to trigger the DMM frames for a segment that is not completely
configured, the frames are not transmitted for that segment, and an error
message is displayed on the console.

Example
The following example triggers continuous frame transmission on the CFM segment
segment-first:
enable cfm frame-delay measurement segment-first continuous

History
This command was first available in ExtremeXOS 12.3.

The mep keyword was added in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

enable cfm segment frame-loss measurement mep

If the user specifies the mode as continuous, the LMM transmission will continue till
it is stopped by the user.
enable cfm segment frame-loss measurement segment_name mep mep_id
[continuous | count frames]

Description
This command is used to trigger LMM frames at the configured transmit-interval.

Syntax Description
segment_name An alpha numeric string identifying the segment name.
continuous Specifies that frames are to be sent continuously until
stopped.

2180 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

count Specifies that a number of frames are to be sent.

frames Specifies the number of frames to send. The range is 1 to
4294967295.

Default
N/A.

Usage Guidelines
This command is used to trigger LMM frames at the configured transmit-interval. If
the user specifies the mode as continuous, the LMM transmission will continue till it is
stopped by the user.

Note
If the user tries to trigger the LMM frames for a segment which is not
completely configured, the frames will not be transmitted for that segment,
and an error message will be thrown.

Example
enable cfm segment cs2 frame-loss measurement mep 3 count 10
enable cfm segment cs2 frame-loss measurement mep 3 continuous

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable clear-flow
enable clear-flow

Description
Enable the CLEAR-Flow agent.

Syntax Description
This command has no arguments or variables.

Default
CLEAR-Flow is disabled by default.

Switch Engine™ Command Reference Guide for version 32.7.1 2181

Usage Guidelines Commands

Usage Guidelines
When the CLEAR-Flow agent is enabled, sampling begins and actions are taken based
on the CLEAR-Flow rules that are configured on the switch.

Example
The following example enables CLEAR-Flow on the switch:
# enable clear-flow

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable cli history expansion

enable cli history expansion {session | permanent}

Description
Performs command line history expansion similar to the Linux shell.

Syntax Description
cli Command line interface settings.
history Command history settings.
expansion Substitute occurrences of '!n:w' with the corresponding line
'n' and word 'w+1' from command history (default disabled).
session Configures history expansion for this CLI session only
(default ).
permanent Configures history expansion for this CLI session, and all
future sessions.

Default
CLI history expansion is disabled by default. If not specified when enabling, CLI history
expansion is enabled for the current session only.

Usage Guidelines
The history expansion character ‘!’ can be used to specify command from the history
that is substituted into the command line. All occurrences of the form “!n:w” in the

2182 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

command are replaced with the w’th word from the n'th line in the command history.
Specification of the word is optional.

If you enable CLI history expansion, and then try to reference a history that does not
exist, the following error appears:

# show !58:1 Error: History event not found. If you were not attempting a history
expansion using the format '!n:w', and believe the command to be valid, please retry the
command after 'disable cli history expansion'.

To view the status of CLI history expansion on the switch, use the show management
command.

Example
The following command enables CLI history expansion for this session and all future
sessions:
enable cli history expansion permanent

History
This command was first available in ExtremeXOS 32.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable cli prompting

enable cli prompting

Description
Enables CLI prompting for the session.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
Use this command to enable CLI prompting from a disabled state.

Switch Engine™ Command Reference Guide for version 32.7.1 2183

Example Commands

To view the status of CLI prompting on the switch, use the show management
command.

Example
The following command enables prompting:

enable cli prompting

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

enable cli refresh

enable cli refresh {session | permanent}

Description
This command allows you to configure the default auto refresh behavior. The auto
refresh behavior is used for some show commands.

Syntax Description
session Use refresh setting for this CLI session only.
permanent Use refresh setting for this CLI session, and all future
sessions (default).

Default
Permanent.

Usage Guidelines
The auto refresh behavior is used for some ‘show’ commands. You must use the
disable cli refresh command to disable the show command auto refresh or add
the no-refresh option to the individual command. For example:
• show ports config – will display and refresh the first <n> ports of a switch until the
[ESC] key is pressed.
• disable cli refresh
• show ports config – will act as if show ports config no-refresh was entered
and page through all ports

2184 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Since the default for the session may be set to disable cli refresh the commands
that take a no-refresh option now allow for the alternate refresh case if the user
wants to selectively enable a refreshed display.

The permanent option is only valid for admin level users.

Example
The following sample output displays the CLI refresh information.
# show management
CLI idle timeout : Enabled (20 minutes)
CLI max number of login attempts : 3
CLI max number of sessions : 8
CLI paging : Enabled (this session only)
CLI space-completion : Disabled (this session only)
CLI configuration logging : Disabled
CLI scripting : Disabled (this session only)
CLI scripting error mode : Ignore-Error (this session only)
CLI persistent mode : Persistent (this session only)
CLI prompting : Enabled (this session only)
CLI refresh : Enabled (this session only)
Telnet access : Enabled (tcp port 23 vr all)
: Access Profile : not set
SSH Access : ssh module not loaded.
Web access : Enabled (tcp port 80)
: Access Profile : not set

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable cli scripting

enable cli scripting {permanent}

Description
Enables the use of CLI scripting commands. When used without the permanent
option, it enables the CLI scripting commands for the current session and is a per
session setting. The permanent option enables the CLI scripting commands for new
sessions only and is saved across switch reboots.

Syntax Description
permanent Enables the CLI scripting commands for new sessions only;
this setting is saved across switch reboots.

Switch Engine™ Command Reference Guide for version 32.7.1 2185

Default Commands

Default
The CLI scripting commands are disabled by default.

Usage Guidelines
You must enable the CLI scripting commands on the switch to use the scripting
keywords in the script, and before you can configure or execute a script.

Note
CLI scripting commands cannot be enabled when CLI space auto completion
is enabled with the enable cli space-completion command.

Example
The following command enables the CLI scripting commands for the current session:

enable cli scripting

History
This command was first available in ExtremeXOS 11.6.

The permanent option was added in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

enable cli scripting output

enable cli scripting output

Description
Enables the display of CLI commands and responses during script operation.

Default
During interactive script sessions: CLI scripting output enabled.

During load script command operation: CLI scripting output disabled.

Usage Guidelines
When the CLI scripting output is enabled, all script commands and responses are
displayed.

2186 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

When the load script filename {arg1} {arg2} ... {arg9} command is entered,
the software disables CLI scripting output until the script is complete, and then CLI
scripting output is enabled. Use the enable cli scripting output and disable cli scripting
output commands to control what a script displays when you are troubleshooting.

Example
The following command enables CLI scripting output for the current session or until
the disable cli scripting output command is entered:

enable cli scripting output

History
This command was first available in ExtremeXOS 12.1.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable cli space-completion

enable cli space-completion

Description
Enables the ExtremeXOS feature that completes a command automatically with the
spacebar. The [Tab] key can also be used for auto-completion.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
CLI space auto completion cannot be enabled while CLI scripting is enabled with the
enable cli scripting command.

Switch Engine™ Command Reference Guide for version 32.7.1 2187

Example Commands

Example
The following command enables using the spacebar to automatically complete a
command:

enable cli space-completion

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable cli write-permission

enable cli write-permission

Description
Enables access to the full CLI on 4120 Series and 4220 Series switches.

Syntax Description
N/A.

Default
N/A.

Usage Guidelines
This command can be used to gain access to the full CLI on 4120 Series and 4220 Series
switches. This command should only be used with GTAC guidance. After issuing the
command, the full CLI can only be accessed after entering the one-time only password
provided by GTAC.

Use this command to enable access to the full CLI on 4120 Series and 4220 Series
switches.

Example
The following command enables access to the full CLI:

4120-24MW-4Y-SwitchEngine.1 = enable cli write-permission

EXOS version: 32.7.1.1
Serial Num : FF012335G-00011
System MAC : 40:E3:17:C7:90:00
Challenge : U*2TquEemKPN6LXpRaAi6CxJLWcPwCY1RWIbNoIou1bXseucF7mLim%FW4Ua2gIIR

2188 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

djr+Z2cU7WZLfZgSXqu%vnTFs9zEVJD4NVi9aYmyTMJt5tM/NeJjeS%qBIEpJmcf0
V7IUIW4oJoqxR9NFJLbB42mMVrBrVnDoA1Pvq5Kzg4mnbeksN2rMGw9bpj6toy%ej
G*LmZ5cvGthmf1DGGWF1*mqBgpo4En/t14ydU8ID1qIoMEF76H8wK5%Bpgf54KbIe
MA*EFqaK7SVbyocnJZKFadnQ%fJX7DsIYg/abJzaav6WY8nzCB4Y2CDvHEjGfNXjb
qIrtnyJMN0ucW5UKg==

Note: Password will be invalidated if not entered correctly in 1 hour or entered

incorrectly 3 times.

Enter debug mode password, or press ENTER to cancel:

4120-24MW-4Y-SwitchEngine.2 #

History
This command was first available in Switch Engine 32.7.1.

Platform Availability
This command is available the 4120 Series and 4220 Series platforms are running
Switch Engine.

enable cli config-logging

enable cli config-logging

Description
Enables the logging of CLI configuration commands to the Syslog for auditing
purposes.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
ExtremeXOS allows you to record all configuration changes and their sources that are
made using the CLI by way of Telnet or the local console. The changes are logged to
the system log. Each log entry includes the user account name that performed the
changes and the source IP address of the client (if Telnet was used). Configuration
logging applies only to commands that result in a configuration change.

To view the status of configuration logging on the switch, use the show management
command. This command displays information about the switch including the enable/
disable state for configuration logging.

Switch Engine™ Command Reference Guide for version 32.7.1 2189

Example Commands

Example
The following command enables the logging of CLI configuration commands to the
Syslog:
enable cli config-logging

History
This command was first available in ExtremeXOS 11.0.

The cli-config-logging keyword was split into cli config-logging in ExtremeXOS

30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable cli-config-logging expansion

enable cli-config-logging expansion

Description
When CLI logging is enabled, enables showing fully expanded commands, rather than
abbreviations, in the log.

Syntax Description
expansion Enables command expansion in logs.

Default
Expansion is disabled by default.

Usage Guidelines
When CLI logging is enabled (see enable cli config-logging on page 2189), this
command enables showing fully expanded commands, rather than abbreviations, in
the log.

For example, with command expansion enabled, a command entered in abbreviated

format, such as
config por 33 auto of spee 10000 duplex ful

appears in the log as:

configure ports 33 auto off speed 10000 duplex full

2190 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Whereas, if command expansion is turned off, the command appears in the log in the
exact format as it was typed into the command line.

To see the status of command expansion, use show management on page 2984.

Example
The following example turns on command expansion:
enable cli-config-logging expansion

History
This command was first available in ExtremeXOS 22.5.

Platform Availability
This command is available on all Universal switches supported in this document.

enable cli paging

enable cli paging {session | permanent}

Description
Enables the pause mechanism and does not allow the display to print continuously to
the screen.

Syntax Description
session Enables viewing output of commands one screenful at a
time for the current user session only (default).
permanent Enables viewing output of commands one screenful at a
time permanently (setting persists after rebooting).

Default
Enabled per session.

Usage Guidelines
The command line interface (CLI) is designed for use in a VT100 environment.

Most show command output pauses when the display reaches the end of a page.

To view the status of CLI paging on the switch, use the show management command.
The show management command displays information about the switch including the
enable/disable state for CLI paging.

Switch Engine™ Command Reference Guide for version 32.7.1 2191

Example Commands

If CLI paging is enabled and you use the show tech-support command to diagnose
system technical problems, the CLI paging feature is disabled.

Example
The following command enables cli paging permanently (setting persists across
reboots) and does not allow the display to print continuously to the screen:
enable cli paging permanent

History
This command was first available in ExtremeXOS 10.1.

The session and permanent options were added in ExtremeXOS 22.5.

The clipaging option was split into two keywords in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable cpu-monitoring
enable cpu-monitoring {interval seconds} {threshold percent}

Description
Enables CPU monitoring on the switch.

Syntax Description
seconds Specifies the monitoring interval, in seconds. The default is
5 seconds, and the range is 5 to 60 seconds.
threshold Specifies the CPU threshold value. CPU usage is measured
in percentages. The default is 90%, and the range is 0% to
100%.

Default
CPU monitoring is enabled and occurs every 5 seconds. The default CPU threshold
value is 90%.

Usage Guidelines
CPU monitoring allows you to monitor the CPU utilization and history for all of the
processes running on the switch. By viewing this history on a regular basis, you can see
trends emerging and identify processes with peak utilization. Monitoring the workload

2192 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

of the CPU allows you to troubleshoot and identify suspect processes before they
become a problem.

To specify the frequency of CPU monitoring, use the interval keyword. We recommend
the default setting for most network environments.

CPU usage is measured in percentages. By default, the CPU threshold value is 90%.
When CPU utilization of a process exceeds 90% of the regular operating basis, the
switch logs an error message specifying the process name and the current CPU
utilization for the process. To modify the CPU threshold level, use the threshold
keyword. The range is 0% to 100%.

Example
The following command enables CPU monitoring every 30 seconds:

enable cpu-monitoring interval 30

History
This command was first available in ExtremeXOS 11.2.

The default values shown began in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable dhcp ports vlan

enable dhcp ports port_list vlan vlan_name

Description
Enables DHCP on a specified port in a VLAN.

Syntax Description
port_list Specifies the ports for which DHCP should be enabled.
vlan_name Specifies the VLAN on whose ports DHCP should be
enabled.

Default
Disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2193

Usage Guidelines Commands

Usage Guidelines
None.

Example
The following command enables DHCP for port 5:9 in VLAN corp:

enable dhcp ports 5:9 vlan corp

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

enable dhcp vlan

enable dhcp [ipv4 | ipv6] [vlan_name | all]

Description
Enables the generation and processing of DHCP packets on a VLAN to obtain an IP
address for the VLAN from a DHCP server.

Syntax Description
vlan_name Specifies a VLAN name.
all Specifies all VLANs.

Default
If the IPv4/IPv6 keyword is not specified, IPv4 is taken as default for the mentioned
VLAN | all.

Usage Guidelines
None.

2194 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command enables the generation and processing of DHCP packets on a
VLAN named accounting:
enable dhcp vlan accounting

enable dhcp ipv6 vlan accounting

History
This command was first available in ExtremeXOS 10.1.

This command was modified in ExtremeXOS 15.6 to include the ipv4 and ipv6
keywords.

Platform Availability
This command is available on all Universal switches supported in this document.

enable diffserv examination ports

enable diffserv examination ports [port_list | all]

Description
Enables the DiffServ field of an IP packet to be examined in order to select a QoS
profile.

Syntax Description
port_list Specifies a list of ports or slots and ports to which the
parameters apply.
all Specifies that DiffServ examination is enabled for all ports.

Default
Disabled.

Usage Guidelines
The Diffserv examination feature is disabled by default.

Example
The following command enables DiffServ examination on selected ports:

enable diffserv examination ports 1:1,5:5,6:2

Switch Engine™ Command Reference Guide for version 32.7.1 2195

History Commands

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable diffserv replacement ports

enable diffserv replacement ports [port_list | all] {{qosprofile}
qosprofile}

Description
Enables the DiffServ code point to be overwritten in IP packets transmitted by the
switch.

Syntax Description
port_list Specifies a list of ingress ports or slots and ports on which
to enable Diffserv replacement.
all Specifies that DiffServ replacement should be enabled for
all ports.
qosprofile Enables DiffServ replacement on a QoS profile.

Note: DiffServ replacement will be enabled for all QoS

profiles if this option is not specified.

qosprofile Specifies the QoS profile number.

Default
N/A.

Usage Guidelines
The Diffserv replacement feature functions for IPv4 and IPv6 traffic and is disabled by
default.

Note
The port in this command is the ingress port.
This command affects only that traffic in traffic groupings based on explicit
packet class of service information and physical/logical configuration.

2196 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example enables DiffServ replacement on specified ports:
enable diffserv replacement ports 5:3,5:5,6:2

History
This command was first available in ExtremeXOS 11.0.

The qosprofile keyword and qosprofile variable were added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable dns cache

enable dns cache {{vlan} vlan_name | {vr} vr_name}

Description
Enables the Domain Name System (DNS) cache on a virtual router (VR) or VLAN.

Syntax Description
dns Domain name system.
cache Specifies enabling the DNS cache.
vlan Specifies enabling DNS cache on a VLAN.
vlan_name Specifies the VLAN name.
vr Specifies enabling DNS cache on a VR.
vr_name Specifies the VR name. If not specified, VR of current
command context is used.

Default
If no VR name is specified, the VR of the current command context is used.

Usage Guidelines
To view the DNS cache configuration, use the command show dns cache
configuration {{vlan} vlan_name | {vr} vr_name}

Example
The following example enables DNS cache on VLAN "VLAN1":
# enable dns cache vlan VLAN1

Switch Engine™ Command Reference Guide for version 32.7.1 2197

History Commands

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable dns cache dnssec

enable dns cache {dnssec}

Description
Validates DNS replies and cache data for DNSSEC (Domain Name System Security
Extensions).

Syntax Description
dnssec Validate DNS replies and cache data for DNSSEC. Default is
disabled.

Default
By default, DNSSEC is disabled.

Usage Guidelines
You cannot enable DNSSEC if DNS cache is enabled.

Example
The following example enables DNSSEC:
# enable dns cache dnssec

History
This command was first available in ExtremeXOS 31.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable dns cache analytics

enable dns cache analytics {{vr} vr_name}

2198 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Enables Domain Name System (DNS) analytics.

Syntax Description
dns Domain Name System.
cache Specifies DNS cache.
analytics Specifies enabling DNS cache analytics. Analytics provides
more insight into DNS queries when DNS cache is enabled.
Default is disabled.
vr Specifies enabling DNS analytics on a VR.
vr_name Specifies the VR name. If not specified, the VR of the
current command context is used.

Default
DNS analytics is disabled by default.

Usage Guidelines
To disable DNS analytics, use the command disable dns cache analytics {{vr}
vr_name}.

Example
The following example enables DNS analytics on VR "vr1":
# enable dns cache analytics vr vr1

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable dos-protect simulated

enable dos-protect simulated

Description
Enables simulated denial of service protection.

Switch Engine™ Command Reference Guide for version 32.7.1 2199

Syntax Description Commands

Syntax Description
This command has no arguments or variables.

Default
The default is disabled.

Usage Guidelines
If simulated denial of service is enabled, no ACLs are created. This mode is useful
to gather information about normal traffic levels on the switch. This will assist in
configuring denial of service protection so that legitimate traffic is not blocked.

Example
The following command enables simulated denial of service protection:

enable dos-protect simulated

History
This command was first available in ExtremeXOS 11.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable dos-protect
enable dos-protect

Description
Enables denial of service protection.

Syntax Description
This command has no arguments or variables.

Default
The default is disabled.

Usage Guidelines
None.

2200 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command enables denial of service protection.

enable dos-protect

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable dot1p examination inner-tag port

enable dot1p examination inner-tag port [all | port_list]

Description
Used with VMANs, and instructs the switch to examine the 802.1p value of the inner tag,
or header of the original packet, to determine the correct egress queue on the egress
port.

Syntax Description
all Specifies all ports.
port_list Specifies a list of ports or slots and ports.

Default
Disabled.

Usage Guidelines
Use this command to instruct the system to refer to the 802.1p value contained in the
inner, or original, tag when assigning the packet to an egress queue at the egress port
of the VMAN.

Note
For information about configuring and displaying the current 802.1p and
DiffServ configuration for the inner, or original header, 802.1p value, see the
Quality of Service section in the Switch Engine 32.7.1 User Guide.

Switch Engine™ Command Reference Guide for version 32.7.1 2201

Example Commands

Example
The following example puts the packets in the egress queue of the VMAN egress port
according to the 802.1p value on the inner tag:
enable dot1p examination inner-tag port 3:2

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable dot1p examination ports

enable dot1p examination ports [port_list | all]

Description
Enables egress QoS profile selection based on the 802.1p bits in the incoming frame.

Syntax Description
port_list Specifies a list of ports on which to enable the dot1p
examination feature.
all Specifies that dot1p examination should be enabled for all
ports.

Default
Enabled.

Usage Guidelines
To increase available ACLs, you can disable the 802.1p examination feature if you are not
running QoS or are running QoS using DiffServ. See the Switch Engine 32.7.1 User Guide
for information on ACL limitations on these platforms.

Use this command to re-enable the 802.1p examination feature.

As part of the COS global status enable action, COS will automatically enable dot1p
examination on all ports. An internal status will track this event. The disable dot1p
examination command will print an additional warning message in the event that COS
was configured via SNMP. If the COS global status is disabled via SNMP, the internal
status will be cleared and the additional warning message will not be displayed.

2202 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command enables dot1p examination on ports 1 to 5:
enable dot1p examination ports 1-5

History
This command was available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

enable dot1p replacement ports

enable dot1p replacement ports [port_list | all] {{qosprofile}
qosprofile}

Description
Allows the 802.1p priority field to be overwritten on egress according to the QoS profile
to 802.1p priority mapping for a given set of ports.

Syntax Description
port_list Specifies a list of ports or slots and ports.
all Specifies that dot1p replacement should be enabled for all
ports.
qosprofile Enables dot1p on a QoS profile.
qosprofile Specifies the QoS profile number.

Default
N/A.

Usage Guidelines
The dot1p replacement feature is disabled by default.

By default, 802.1p priority information is not replaced or manipulated, and the

information observed on ingress is preserved when transmitting the packet.

Note
The port in this command is the ingress port.

Switch Engine™ Command Reference Guide for version 32.7.1 2203

Example Commands

If 802.1p replacement is enabled, the 802.1p priority information that is transmitted is

determined by the hardware queue that is used when transmitting the packet.

Note
This command affects only that traffic in traffic groupings based on explicit
packet class of service information and physical/logical configuration.

Beginning with ExtremeXOS version 11.4 on the 1 Gigabit Ethernet ports, 802.1p
replacement always happens when you configure the DiffServ traffic grouping.

Note
Enabling dot1p replacement on all ports may take some time to complete.

Example
The following example enables dot1p replacement on all ports:
enable dot1p replacement ports all

History
This command was available in ExtremeXOS 11.0.

The qosprofile keyword and qosprofile variable were added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable eaps
enable eaps {name}

Description
Enables the EAPS function for a named domain or for an entire switch.

Syntax Description
name Specifies the name of an EAPS domain.

Default
Disabled.

Default command enables EAPS for the entire switch.

2204 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Note
If you use the same name across categories (for example, STPD and EAPS
names), you must specify the identifying keyword as well as the actual name.

To configure and enable an EAPS, complete the following steps:

1. Create EAPS domain and assign the name.

2. Configure the control VLAN.
3. Configure the protected VLAN(s).
4. Add the control VLAN to EAPS domain.
5. Add the protected VLAN(s) to EAPS domain.
6. Configure EAPS mode, master or transit.
7. Configure EAPS port, secondary and primary.
8. If desired, configure timeout and action for failtimer expiration*.
9. If desired, configure the hello time for the health-check packets*.
10. Enable EAPS for the entire switch.
11. If desired, enable Fast Convergence*.
12. Enable EAPS for the specified domain.

Although you can enable EAPS prior to configuring these steps, the EAPS domain(s)
does not run until you configure these parameters.

* These steps can be configured at any time, even after the EAPS domains are running.

You must enable EAPS globally and specifically for each named EAPS domain.

Example
The following command enables the EAPS function for entire switch:

enable eaps

The following command enables the EAPS function for the domain eaps-1:

enable eaps eaps-1

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 2205

enable edp ports Commands

enable edp ports

enable edp ports [ports | all]

Description
Enables the EDP on one or more ports.

Syntax Description
ports Specifies one or more ports or slots and ports, including
management port.
all Specifies all ports on the switch, including management
port.

Default
Enabled.

Usage Guidelines
On a SummitStack, ports can be a list of slots and ports. On a stand-alone
switch, ports can be one or more port numbers. For a detailed explanation of port
specification, see Port Numbering in Command Reference Overview

EDP is useful when Extreme Networks switches are attached to a port.

The EDP is used to locate neighbor Extreme Networks switches and exchange
information about switch configuration. When running on a normal switch port, EDP is
used to by the switches to exchange topology information with each other. Information
communicated using EDP includes the following:
• Switch MAC address (switch ID).
• Switch software version information.
• Switch IP address.
• Switch VLAN information.
• Switch port number.
• Switch port configuration data: duplex, and speed.

Example
The following command enables EDP on port 3 on a switch:

enable edp ports 3

2206 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 10.1.

The port configuration data was added in ExtremeXOS 11.0.

Ability to enable EDP on management port was added in ExtremeXOS 30.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable elrp-client
enable elrp-client {software | hardware-assist}

Description
Enables the Extreme Loop Recovery Protocol (ELRP) client (standalone ELRP) globally.

Syntax Description
software Select software ELRP (Default).
hardware-assist Select hardware-assisted ELRP.

Default
By default, ELRP is disabled.

By default, ELRP, when enabled, is software ELRP.

Usage Guidelines
Configure loopback port before enabling hardware-assisted ELRP.

The ELRP client must be enabled globally in order for it to work on any VLANs.

The ELRP client can be disabled globally so that none of the ELRP VLAN configurations
take effect. Use the disable elrp-client command to globally disable the ELRP
client.

The ExtremeXOS does not support ELRP and Network Login on the same port.

Example
The following command globally enables the ELRP client:
# enable elrp-client

Switch Engine™ Command Reference Guide for version 32.7.1 2207

History Commands

The following example enables hardware-assisted ELRP client:

# enable elrp-client hardware-assist

History
This command was first available in ExtremeXOS 11.1.

Hardware-assisted ELRP option added in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable elsm ports

enable elsm ports port_list

Description
Enables the ELSM protocol for the specified ports.

Syntax Description
port_list Specifies the port or ports for which ELSM should be
enabled.

Default
The default is disabled.

Usage Guidelines
The ELSM protocol allows you to detect CPU and remote link failures in the network.
ELSM operates on a point-to-point basis; you only configure ELSM on the ports that
connect to other devices within the network, but you must configure ELSM on both
sides of the peer connections.

The Layer 2 connection between the ports determines the peer. You can have a direct
connection between the peers or hubs that separate peer ports. In the first instance,
the peers are also considered neighbors. In the second instance, the peer is not
considered a neighbor.

An Extreme Networks device with ELSM enabled detects CPU and remote link failures
by exchanging hello messages between two ELSM peers. If ELSM detects a failure, the
ELSM-enabled port responds by blocking traffic on that port. For example, if a peer
stops receiving messages from its peer, ELSM brings down that connection by blocking
all incoming and outgoing data traffic on the port and notifying applications that the
link is down.

2208 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Configuring the Hello Timer Interval

When you enable ELSM on a port, ELSM immediately blocks the port and it enters the
Down state. When the port detects an ELSM-enabled peer, the peer ports exchange
ELSM hello messages. At this point, the ports enter the transitional Down-Wait state.
If the port receives Hello+ messages from its peer and does not detect a problem, the
peers enter the Up state. If a peer detects a problem or there is no peer port configured,
the port enters the Down state.

For more information about the types of ELSM hello messages, see the configure
elsm ports hellotime command.

Note
ELSM and mirroring are mutually exclusive. You can enable either ELSM, or
mirroring, but not both.

If you try to enable ELSM on a port that is already configured as a mirrored port, the
switch displays a message similar to the following:Cannot enable ELSM on port 1.
Port is configured as mirror monitor port

Configuring the Hello Timer Interval

ELSM ports use hello messages to communicate information about the health of the
network to its peer port. You can also configure the interval by which the ELSM-enabled
ports sends hello messages. For more information about configuring the hello interval,
see the command configure elsm ports hellotime.

Disabling ELSM
ELSM works between two connected ports, and each ELSM instance is based on a
single port. When you disable ELSM on the specified ports, the ports no longer send
ELSM hello messages to their peers and no longer maintain ELSM states. To disable
ELSM, use the following command:
disable elsm ports port_list

Example
The following command enables ELSM for ports 1-2 on the switch:

enable elsm ports 1-2

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 2209

enable elsm ports auto-restart Commands

enable elsm ports auto-restart

enable elsm ports port_list auto-restart

Description
Enables ELSM automatic restart for the specified ports.

Syntax Description
port_list Specifies the port or ports for which ELSM auto-restart is
being enabled.

Default
The default is enabled.

Usage Guidelines
You must explicitly configure this behavior on each ELSM-enabled port; this is not a
global command.

By default, ELSM automatic restart is enabled. If an ELSM-enabled port goes down,

ELSM bypasses the Down-Stuck state and automatically transitions the down port to
the Down state, regardless of the number of times the port goes up and down.

If you disable ELSM automatic restart, the ELSM-enabled port can transition between
the following states multiple times: Up, Down, and Down-Wait. When the number of
state transitions is greater than or equal to the sticky threshold, the port enters the
Down-Stuck state.

The ELSM sticky threshold specifies the number of times a port can transition between
the Up and Down states. The sticky threshold is not user-configurable and has a default
value of 1. That means a port can transition only one time from the Up state to the
Down state. If the port attempts a subsequent transition from the Up state to the Down
state, the port enters the Down-Stuck state.

If the port enters the Down-Stuck state, you can clear the stuck state and enter the
Down state by using one of the following commands:

clear elsm ports port_list auto-restart

OR

enable elsm ports port_list auto-restart

If you use the enable elsm ports port_list auto-restart command, automatic
restart is always enabled; you do not have to use the clear elsm ports port_list
auto-restart command to clear the stuck state.

2210 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

To disable automatic restart, use the following command:

disable elsm ports port_list auto-restart

If you configure automatic restart on one port, Extreme Networks recommends that
you use the same configuration on its peer port.

Example
The following command enables ELSM automatic restart for slot 2, ports 1-2 on the
switch:

enable elsm ports 2:1-2:2 auto-restart

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

enable erps
enable erps

Description
Enable (ERPS/ITU-T G.8032 standard).

Syntax Description
N/A.

Default
N/A.

Usage Guidelines
Use this command to enable ERPS.

Example

enable erps

Switch Engine™ Command Reference Guide for version 32.7.1 2211

History Commands

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

enable erps block-vc-recovery

enable erps ring-name block-vc-recovery

Description
Enable ability on ERPS rings to block virtual channel recovery to avoid temporary loops .

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.
block-vc-recovery Block on Virtual channel recovery.

Default
N/A.

Usage Guidelines
Use this command to enable ability on ERPS rings to block on virtual channel
recovery to avoid temporary loops. This is done on interconnected nodes for sub-ring
configurations.

Example
The following example enables a virtual channel recovery block on “ring1”:

enable erps ring1 block-vc-recovery

History
This command was first available in ExtremeXOS 15.13.

Platform Availability
This command is available on all platforms that are running ExtremeXOS.

2212 Switch Engine™ Command Reference Guide for version 32.7.1

Commands enable erps ring-name

enable erps ring-name

enable erps ring-name

Description
Enable an existing ERPS ring/sub-ring.

Syntax Description
ring-name Alphanumeric string that identifies the ERPS ring.

Default
N/A.

Usage Guidelines
Use this command to enable an existing ERPS ring/sub-ring.

Example
The following example enables an existing ERPS ring identified as “ring1”:

enable erps ring1

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

enable erps topology-change

enable erps ring-name topology-change

Description
Enable the ability of ERPS to set the topology-change bit to send out Flush events.

Switch Engine™ Command Reference Guide for version 32.7.1 2213

Syntax Description Commands

Syntax Description
ring-name Alphanumeric string that identifies the ERPS sub-ring.
topology-change Topology change propagation control.

Default
N/A.

Usage Guidelines
Use this command to enable the ability of ERPS to set the topology-change bit to send
out Flush events.

Example
The following example enables the ability to set the topology-change bit for an existing
ERPS sub-ring identified as “ring1”:

enable erps ring1 topology-change

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on all platforms supported in 12.6 and forward that are
running ExtremeXOS.

enable esrp
enable esrp esrpDomain

Description
Enables ESRP for a named domain.

Syntax Description
esrpDomain Specifies the name of an ESRP domain.

Default
Disabled.

2214 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Before you enable an ESRP domain, it must have a domain ID. The ESRP domain ID is
determined from one of the following user-configured parameters:
• ESRP domain number created with the configure esrp domain-id command
• 802.1Q tag (VLANid) of the tagged master VLAN

If you do not have a domain ID, you cannot enable ESRP on that domain. A message
similar to the following appears:
ERROR: Cannot enable ESRP Domain "esrp1" ; No domain id configured!

If you add an untagged master VLAN to the ESRP domain, make sure to create an
ESRP domain ID with the configure esrp domain-id command before you attempt
to enable the domain.

Example
The following command enables ESRP for the domain esrp1:

enable esrp esrp1

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all platforms that use the Edge, Advanced Edge, or
Core license. For information on the licenses available for each platform, see the
Switch Engine 32.7.1 Feature License Requirements document.

enable ethernet oam ports link-fault-management

enable ethernet oam ports [port_list | all] link-fault-management

Description
Enables Ethernet OAM on ports.

Syntax Description
port_list Specifies the particular ports.
all Specifies all fiber ports.

Default
Ethernet OAM is disabled on all ports.

Switch Engine™ Command Reference Guide for version 32.7.1 2215

Usage Guidelines Commands

Usage Guidelines
Use this command to enable Ethernet OAM on one or more specified ports or on all
fiber ports. Unidirectional link fault management is supported only on fiber ports.

Before enabling Ethernet OAM, autonegotiation must be turned off. The link should be
a full duplex link.

If some ports cannot be enabled because, for instance, autonegotiation is not turned
off, the command is executed for those ports that can be enabled and reasons for the
failed ports are displayed.

To display the Ethernet OAM configuration, use the show ethernet oam command.

Example
The following command enables Ethernet OAM on all fiber ports:
# enable ethernet oam ports all link-fault-management

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable fdb static-mac-move

enable fdb static-mac-move

Description
Enables EMS and SNMP reporting of discovered MAC addresses that are duplicates of
statically configured MAC addresses.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command enables reporting only. All packets that arrive from a duplicate MAC
address on another port (other than the statically configured port) are dropped.

2216 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

The switch reports the source MAC address, port, and VLAN for each duplicate MAC
address.

Example
The following command enables this feature:
enable fdb static-mac-move

History
This command was first available in ExtremeXOS 12.7.

Platform Availability
This command is available on all Universal switches supported in this document.

enable flooding ports

enable flooding [all_cast | broadcast | multicast | unicast] ports
[port_list | all]

Description
Enables egress flooding on one or more ports. You can further identify the type of
packets to flood on the specified ports.

Syntax Description
all_cast Specifies enabling egress flooding for all packets on specified ports.
broadcast Specifies enabling egress flooding only for broadcast packets.
multicast Specifies enabling egress flooding only for multicast packets.
unicast Specifies enabling egress flooding only for unknown unicast packets.
port_list Specifies one or more ports or slots and ports.
all Specifies all ports on the switch.

Default
Enabled for all packet types.

Usage Guidelines
Use this command to re-enable egress flooding that you previously disabled using the
disable flooding ports command.

Switch Engine™ Command Reference Guide for version 32.7.1 2217

Example Commands

The following guidelines apply to enabling and disabling egress flooding:

• Disabling multicasting egress flooding does not affect those packets within an IGMP
membership group at all; those packets are still forwarded out. If IGMP snooping is
disabled, multicast packets are not flooded.
• Egress flooding can be disabled on ports that are in a load-sharing group. If that is
the situation, the ports in the group take on the egress flooding state of the master
port; each member port of the load-sharing group has the same state as the master
port.
• FDB learning is independent of egress flooding. FDB learning and egress flooding
can be enabled or disabled independently.
• Disabling unicast or all egress flooding to a port also stops packets with unknown
MAC addresses to be flooded to that port.
• Disabling broadcast or all egress flooding to a port also stops broadcast packets to
be flooded to that port.

You can disable egress flooding for unicast, multicast, or broadcast MAC addresses, as
well as for all packets on the ports. The default behavior is enabled egress flooding for
all packet types.

Example
The following command enables unicast flooding on ports 13-17 on a switch:
enable flooding unicast port 13-17

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable flow-control ports

enable flow-control [tx-pause {priority priority} | rx-pause {qosprofile
qosprofile}] ports [all | port_list]

Description
Enables flow control or priority flow control (PFC) on the specified ports.

Syntax Description
tx-pause Specifies transmit pause frames.
priority Specifies all priorities or single priorities--dot1p priority for
tagged packets and internal priority for untagged packets.
Used with priority flow control only.

2218 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

rx-pause Specifies received pause frames.

qosprofile Specifies a QoS profile (“qp1” “qp2” “qp3” “qp4” “qp5” “qp6”
“qp7” “qp8”) to pause for priority flow control packet
reception. Used with priority flow control only.
all Specifies all ports or slots.
port_list Specifies one or more ports or slots and ports.

Default
Disabled.

Usage Guidelines
With autonegotiation enabled, the switches advertise the ability to support pause
frames. This includes receiving, reacting to (stopping transmission), and transmitting
pause frames. However, the switch does not actually transmit pause frames unless it is
configured to do so.

IEEE 802.3x-Flow Control

IEEE 802.3x flow control provides the ability to configure different modes in the default
behaviors.

Use this command to configure the switch to transmit link-layer pause frames when
congestion is detected. This stops all traffic on the configured port when there is buffer
congestion for any traffic type. Use it also to configure the switch to return to the
default behavior of processing received pause frames.

To enable TX flow-control, RX flow-control must first be enabled. If you attempt to

enable TX flow-control with RX flow-control disabled, an error message is displayed.

IEEE 802.1Qbb-Priority Flow Control

IEEE 802.1Qbb priority flow control provides the ability to configure the switch to
transmit link-layer pause frames to stop only a portion of the traffic when congestion is
detected.

When IEEE 802.1Qbb priority flow control is enabled on a port, IEEE 802.3x pause
functionality is no longer available on that port.

Priority is established for reception of PFC packets with a QoS profile value on the
ExtremeXOS switch and for transmission with a priority value added to the PFC packet.
• QoS profile—Ingress traffic is associated with a QoS profile for assignment to one
of eight hardware queues in the system that define how the traffic flows with
respect to bandwidth, priority, and other parameters. By default, there are two QoS
profiles (QP1 and QP8) defined in these supported platforms and PFC works with
this default. To segregate the ingress traffic with more granularity, you will want to
define other QoS profiles.

Switch Engine™ Command Reference Guide for version 32.7.1 2219

IEEE 802.3x Commands

• Priority—The traffic that is paused is based on the priority bits in the VLAN header for
tagged packets. You can specify this transmit priority independently from the QoS
profile to associate it with the reception of a PFC packets thus giving flexibility in the
configuration of the network.

It is suggested that the priority in the VLAN header match the QoS profile priority
when traffic ingresses at the edge of the network so that the traffic can be more easily
controlled as it traverses through the network.

IEEE 802.3x
The following command enables the TX flow-control feature on ports 5 through 7 on a
switch:

enable flow-control tx-pause ports 5-7

IEEE 802.1Qbb
The following command enables the priority flow control feature on a switch:

enable flow-control tx-pause priority 3 ports 2

History
This command was first available in ExtremeXOS 12.1.3.

IEEE 802.1Qbb priority flow control (PFC) was added in ExtremeXOS 12.5.

Platform Availability

IEEE 802.3x
The basic TX-pause and RX-pause functions of this command are available on all
switches.

IEEE 802.1Qbb
The priority function (PFC) is available only on 10G ports.

enable flowmon
enable flowmon

Description
Enables Flow Monitor to collect and export flows for configured keys in enabled groups.

2220 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines

Example
The following command enables Flow Monitor:
# enable flowmon

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on ExtremeSwitching 5420, 5520, and 5720 series switches.

enable flowmon group

enable flowmon group group_name

Description
Enables a Flow Monitor group.

Syntax Description
group Specifies the Flow Monitor group.
group_name Specifies the assigned name of the Flow Monitor group.
Range is 32 characters.

Default
N/A.

Usage Guidelines
While a group is being enabled, it can't be modified except to add or delete keys.

Before a group can be enabled, it must have at least one key and one collector added
to it. A template key portion is present once a key has been added.

Switch Engine™ Command Reference Guide for version 32.7.1 2221

Example Commands

Example
The following command enables a Flow Monitor group with the name 'max-flow-age':
# enable flowmon group max-flow-age

History
This command was first available in ExtremeXOS 32.2.

Platform Availability
This command is available on ExtremeSwitching 5420, 5520, and 5720 series switches.

enable icmp ipv6

enable icmp ipv6 [ignore-multicasts | ignore-anycasts]

Description
Enables the ICMP IPv6 reply to multicast or anycast echo request.

Syntax Description
ignore-multicasts Specifies to ignore ICMP echo requests destined to an IP
multicast address. Default is ignore (disable).
ignore-anycasts Specifies to ignore ICMP echo requests destined to an IP
anycast address. Default is ignore (disable).

Default
Ignore (disable).

Usage Guidelines
Use this command to enable an ignore reply to multicast or anycast echo request.

Example
The following example specifies to ignore ICMP multicast echo requests:
enable icmp ipv6 ignore-multicasts

History
This command was first available in ExtremeXOS 31.3.

2222 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

enable icmp redirects ipv6 fast-path

enable icmp redirects ipv6 fast-path

Description
When enabled, IPv6 packets forwarded by hardware (fast path) may trigger ICMP
redirects.

Syntax Description
fast-path IPv6 packets forwarded by hardware may trigger ICMP
redirects

Default
Disabled.

Usage Guidelines
Use this command to trigger ICMP redirects when IPv6 packets are forwarded by
hardware (fast-path).

Example
The enabled or disabled setting is displayed when using the command:
# show ipconfig ipv6
Route Sharing : Disabled
ICMP Redirect for Fast Path : Enabled
Max Shared Gateways : Current: 4 Configured: 4

Interface IPv6 Prefix Flags

v1 2001::1/24 -EUf---R-
v1 fe80::204:96ff:fe1e:ec00%v1/64 -EUfP--R-
Flags : D - Duplicate address detected on VLAN, T - Tentative address
E - Interface enabled, U - Interface up, f - IPv6 forwarding enabled,
i - Accept received router advertisements enabled,
R - Send redirects enabled, r - Accept redirects enabled
P - Prefix address

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 2223

enable icmp redirects Commands

enable icmp redirects

enable icmp redirects {ipv4} {vlan all | {vlan} {name}}

Description
Enables the generation of ICMP redirect messages on one or all VLANs.

Syntax Description
name Specifies a VLAN name.

Default
Enabled.

Usage Guidelines
This option only applies to the switch when the switch is in routing mode.

ICMP redirects are used in the situation where there are multiple routers in the same
subnet. If a host sends a packet to one gateway, the gateway router looks at its route
table to find the best route to the destination. If it sees that the best route is through
a router in the same subnet as the originating host, the switch sends an ICMP redirect
(type 5) message to the host that originated the packet, telling it to use the other router
with the better route. The switch also forwards the packet to the destination.

ICMP redirects are only generated for IPv4 unicast packets that are "slowpath"
forwarded by the CPU. That is, IPv4 packets that contain IP Options, or packets whose
Destination IP is not in the Layer 3 forwarding hardware table.

Example
The following example enables the generation of ICMP redirect messages on all VLANs:
enable icmp redirects

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable icmp useredirects

enable icmp useredirects

2224 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Enables the modification of route table information when an ICMP redirect message is
received.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
If the switch has a route to a destination network, the switch uses that router as
the gateway to forward the packets to. If that router knows about a better route to
the destination, and the next hop is in the same subnet as the originating router,
the second router sends an ICMP redirect message to the originating router. If ICMP
useredirects is enabled, the switch adds a route to the destination network using the
third router as the next hop and starts sending the packets to the third router.

Example
The following example enables the modification of route table information:
enable icmp useredirects

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable identity-management
enable identity-management

Description
Enables the identity management feature, which tracks users and devices that connect
to the switch.

Syntax Description
This command has no arguments or variables.

Switch Engine™ Command Reference Guide for version 32.7.1 2225

Default Commands

Default
Disabled.

Usage Guidelines
Only admin-level users can execute this command.

After identity management is enabled, the software creates two dynamic ACL
rules named idm_black_list and idm_white_list. These rules are removed if identity
management is disabled.

Note
FDB entries are flushed on identity management enabled ports when this
command is executed.

Example
The following command enables the identity management feature:

enable identity-management

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

enable cli idle-timeout

enable cli idle-timeout

Description
Enables a timer that disconnects Telnet, SSH2, and console sessions after a period of
inactivity (20 minutes is default).

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Timeout 20 minutes.

2226 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
You can use this command to ensure that a Telnet, Secure Shell (SSH2), or console
session is disconnected if it has been idle for the required length of time.

This ensures that there are no hanging connections.

To change the period of inactivity that triggers the timeout for a Telnet, SSH2, or
console session, use the configure timezone command.

To view the status of idle timeouts on the switch, use the show management command.
The show management command displays information about the switch including the
enable/disable state for idle timeouts. You can configure the length of the timeout
interval.

Example
The following command enables a timer that disconnects any Telnet, SSH2, and
console sessions after 20 minutes of inactivity:
enable cli idle-timeout

History
This command was first available in ExtremeXOS 10.1.

The cli keyword was added and the idletimeout keyword was changed to idle-
timeout in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable igmp
enable igmp {vlan vlan name } {IGMPv1 | IGMPv2 | IGMPv3}

Description
Enables IGMP on a router interface. If no VLAN is specified, IGMP is enabled on all
router interfaces.

Syntax Description
vlan name Specifies a VLAN name.
IGMPv1 Specifies the compatibility mode as IGMPv1.
IGMPv2 Specifies the compatibility mode as IGMPv2.
IGMPv3 Specifies the compatibility mode as IGMPv3.

Switch Engine™ Command Reference Guide for version 32.7.1 2227

Default Commands

Default
Enabled, set to IGMPv2 compatibility mode.

Usage Guidelines
IGMP is a protocol used by an IP host to register its IP multicast group membership
with a router. Periodically, the router queries the multicast group to see if the group
is still in use. If the group is still active, IP hosts respond to the query, and group
registration is maintained.

IGMPv2 is enabled by default on the switch. However, the switch can be configured to
disable the generation and processing of IGMP packets. IGMP should be enabled when
the switch is configured to perform IP multicast routing.

Example
The following example enables IGMPv2 on the VLAN accounting:
enable igmp vlan accounting

The following example enables IGMPv3 on the VLAN finance:

enable igmp vlan finance igmpv3

History
This command was first available in ExtremeXOS 10.1.

The IGMPv1, IGMPv2, and IGMPv3 options were added in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

enable igmp snooping

enable igmp snooping {forward-mcrouter-only | {vlan} name | with-proxy
vr vrname}

Description
Enables IGMP snooping on one or all VLANs.

2228 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
forward-mcrouter-only Specifies that the switch forward all multicast
traffic to the multicast router only.
name Specifies a VLAN or VMAN on which to enable
IGMP snooping.
with-proxy vr vrname Controls how join and leave messages are
forwarded from the specified virtual router. If this
option is specified, one join message per query is
forwarded, and a leave message is forwarded only
if it is from the last receiver on the VLAN.

Default
Enabled.

Usage Guidelines
This command applies to both IGMPv2 and IGMPv3.

IGMP snooping is enabled by default on the switch. If you are using multicast routing,
IGMP snooping can be enabled or disabled. If IGMP snooping is disabled, all IGMP and
IP multicast traffic floods within a given VLAN or VMAN.
The forward-mcrouter-only, vlan, and with-proxy options control three separate
and independent features. You can manage one feature at a time with this command,
and you can enter the command multiple times as needed to control each feature. For
example, you can enter the command twice to enable both the forward-mcrouter-
only and with-proxy options.

If a VLAN or VMAN name is specified with this command, IGMP snooping is enabled
only on that VLAN or VMAN. If no options are specified, IGMP snooping is enabled on all
VLANs.

Note
IGMP snooping is not supported on SVLANs on any platform.

The with-proxy option enables the IGMP snooping proxy feature, which reduces the
number of join and leave messages forwarded on the virtual router as described in the
table above. This feature is enabled by default.

An optional optimization for IGMP snooping is the strict recognition of routers only if
the remote devices are running a multicast protocol. Two IGMP snooping modes are
supported:
• The forward-mcrouter-only mode forwards all multicast traffic to the multicast
router (that is, the router running PIM, DVMRP or CBT).

Switch Engine™ Command Reference Guide for version 32.7.1 2229

Example Commands

• When not in the forward-mcrouter-only mode, the switch forwards all multicast
traffic to any IP router (multicast or not), and any active member port to the local
network that has one or more subscribers.

Note
The forward-mcrouter-only mode for IGMP snooping is enabled/disabled
on a switch-wide basis, not on a per-VLAN basis. In other words, all the
interfaces enabled for IGMP snooping are either in the forward-mcrouter-
only mode or in the non-forward-mcrouter-only mode, and not a mixture of
the two modes.

To change the snooping mode you must disable IP multicast forwarding. To disable IP
multicast forwarding, use the command:
disable ipmcforwarding {vlan name}

To change the IGMP snooping mode from the non-forward-mcrouter-only mode to the
forward-mcrouter-only mode, use the commands:

disable ipmcforwarding

enable igmp snooping forward-mcrouter-only

enable ipmcforwarding {vlan name}

To change the IGMP snooping mode from the forward-mcrouter-only mode to the
non-forward-mcrouter-only mode, use the commands:

disable ipmcforwarding

disable igmp snooping forward-mcrouter-only

enable ipmcforwarding {vlan name}

Example
The following command enables IGMP snooping on the switch:
enable igmp snooping

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IGMP snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

2230 Switch Engine™ Command Reference Guide for version 32.7.1

Commands enable igmp snooping vlan fast-leave

enable igmp snooping vlan fast-leave

enable igmp snooping {vlan} name fast-leave

Description
Enables the IGMP snooping fast leave feature on the specified VLAN.

Syntax Description
name Specifies a VLAN.

Default
Disabled.

Usage Guidelines
The fast leave feature operates only with IGMPv2.

To view the fast leave feature configuration, use the show configuration msmgr
command. This show command displays the fast leave configuration only when the
feature is enabled.

Example
The following example enables the IGMP snooping fast leave feature on the default
VLAN:
enable igmp snooping "Default" fast-leave

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IGMP snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.topic/ph "/>

enable igmp snooping with-proxy

enable igmp snooping with-proxy {{vr} vr_name}

Switch Engine™ Command Reference Guide for version 32.7.1 2231

Description Commands

Description
Enables the IGMP snooping proxy. The default setting is enabled.

Syntax Description
vr_name Specifies a VR.

Default
Enabled.

Usage Guidelines
Enabling the proxy allows the switch to suppress the duplicate join requests on a group
to forward to the connected Layer 3 switch. The proxy also suppresses unnecessary
IGMP leave messages so that they are forwarded only when the last member leaves the
group.

This command can be used for troubleshooting purpose. It should be enabled for
normal network operation. The command does not alter the snooping setting.

This feature can be enabled when IGMPv3 is enabled; however, it is not effective for
IGMPv3.

Example
The following command enables the IGMP snooping proxy:
enable igmp snooping with-proxy

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IGMP snooping feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

enable igmp ssm-map

enable igmp ssm-map {vr vr-name}

Description
Enables IGMP SSM mapping on a VR.

2232 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vr-name Specifies a virtual router name. If the VR name is omitted,
the switch uses the VR specified by the current CLI VR
context.

Default
Disabled on all interfaces.

Usage Guidelines
Configure the range of multicast addresses for PIM SSM before you enable IGMP SSM
mapping. IGMP SSM mapping operates only with IPv4.

Example
The following example enables IGMP-SSM mapping on the VR in the current CLI VR
context:
enable igmp ssm-map

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

enable inline-power
enable inline-power [{fast {ports [port_list | all]}} | perpetual]

Description
Enables PoE, and perpetual PoE to all ports; or fast PoE to all ports, or selected ports, for
some platforms.

Switch Engine™ Command Reference Guide for version 32.7.1 2233

Syntax Description Commands

Syntax Description
fast Deliver PoE power to devices at the time of switch power
on without waiting for boot up based on last saved PoE
state. The default is disabled.
ports For fast PoE, specifies selecting ports. 4120, 4220,
ExtremeSwitching 5320, 5420, 5520 and 5720 series
switches only.
port_list For fast PoE, specifies the port list separated by a comma
or -. 4120, 4220, ExtremeSwitching 5320, 5420, 5520 and
5720 series switches only.
all For fast PoE, specifies selecting all ports. 4120, 4220,
ExtremeSwitching 5320, 5420, 5520 and 5720 series
switches only.
perpetual Preserves PoE power delivery to devices during reboot.
Perpetual PoE is a switch-wide setting. The default is
disabled.

Default
By default:
• PoE is enabled.
• Fast PoE is disabled.
• Perpetual PoE is disabled.

Usage Guidelines
You can control whether inline power is provided to the system by using the disable
inline-power command and the enable inline-power command. By default, inline
power provided to all ports is enabled. Additionally, you can opt to deliver PoE power
to devices at the time of switch power on without waiting for boot up (fast PoE) based
on last saved PoE state. Per-port fast PoE is available on certain platforms. You can
also elect to preserve PoE power delivery to devices during reboot (perpetual PoE). The
default for both PoE options is disabled.

Enabling inline power starts the PoE detection process used to discover, classify, and
power remote PDs.

Disabling inline power using the disable inline-power command does not affect
the data traffic traversing the port. And, disabling the port using the disable port
command does not affect the inline power supplied to the port.

Note
Inline power cannot be delivered to connected PDs unless the switch is
powered on.

2234 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command enables inline power currently provided to all ports:
# enable inline-power

The following example turns on perpetual PoE for the switch:

# enable inline-power perpetual

The following example turns on fast PoE for ports 1,2, and 5:
# enable inline-power fast ports 1,2,5

History
This command was first available in ExtremeXOS 11.1.

The fast and perpetual PoE options were added in ExtremeXOS 30.3.

Per-port fast PoE was added for ExtremeXOS 31.1.

Platform Availability
This command is available on the PoE devices listed in Extreme Networks PoE Devices.

The fast and perpetual options are only available on the 4120, 4220,
ExtremeSwitching 5320, 5420, 5520 and 5720 (per port) series switches.

enable inline-power ports

enable inline-power ports [all | port_list]

Description
Enables PoE power currently provided to all ports or to specified ports.

Syntax Description
all Enables inline power to all ports on the switch.
port_list Enables inline power to the specified ports.

Default
Enable.

Usage Guidelines
Disabling inline power to a port immediately removes power to any connected PD. By
default, inline power provided to all ports is enabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2235

Example Commands

Disabling inline power using the disable inline-power command does not affect
the data traffic traversing the port. And, disabling the port using the disable port
command does not affect the inline power supplied to the port.

Example
The following command enables inline power to ports 4 and 5 on a switch:

enable inline-power ports 4-5

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on the PoE devices listed in Extreme Networks PoE Devices.

enable inline-power slot

enable inline-power [fast | perpetual] slot slot

Description
Enables PoE power, and fast and perpetual PoE power to the specified node (slot) on
SummitStacks.

Syntax Description
slot Enables inline power to specified slot.
fast Deliver PoE power to devices at the time of switch power
on without waiting for boot up based on last saved PoE
state. The default is disabled.
perpetual Preserves PoE power delivery to devices during reboot.
Perpetual PoE is a switch-wide setting. The default is
disabled.

Default
By default:
• PoE is enabled.
• Fast PoE is disabled.
• Perpetual PoE is disabled.

2236 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Disabling inline power to a slot immediately removes power to any connected PDs. By
default, inline power provided to all slots is enabled. Additionally, you can opt to deliver
PoE power to devices at the time of switch power on without waiting for boot up (fast
PoE) based on last saved PoE state. You can also elect to preserve PoE power delivery to
devices during reboot (perpetual PoE). The default for both PoE options is disabled.

To deliver inline power to slots, you must reserve power for that slot using the
configure inline-power budget command. By default, each PoE module has 50 W
of power reserved for inline power.

Disabling inline power using the disable inline-power command does not affect
the data traffic traversing the slot. And, disabling the slot using the disable slot
command does not affect the inline power supplied to the slot.

If you do not specify a slot number, the command operates on all active nodes in the
stack. This command operates only on nodes in the active topology.

Example
The following command makes inline power available to slot 3:
# enable inline-power slot 3

The following example turns on perpetual PoE to slot 3:

# enable inline-power perpetual slot 3

History
This command was first available in ExtremeXOS 11.1.

The fast and perpetual PoE options were added in ExtremeXOS 30.3.

Platform Availability
This command is available on SummitStack when the stack contains switches listed in
Extreme Networks PoE Devices.

enable ip anycast
enable ip anycast {vlan} vlan_name

Description
Enables IP anycast on a VLAN.

Switch Engine™ Command Reference Guide for version 32.7.1 2237

Syntax Description Commands

Syntax Description
ip Layer 3 Internet Protocol.
anycast Enables IP anycast-enabled VLANs to use the anycast MAC
on that VLAN.
vlan Selects the VLAN.
vlan_name Specifies the VLAN name.

Default
N/A.

Usage Guidelines
To configure the anycast gateway MAC address that is used by VLANs that enable IP
anycast, use the command configure ip anycast mac [none | mac].

Example
The following example enables IP anycast on the VLAN "vlan1":
# enable ip anycast vlan vlan1

History
This command was first available in ExtremeXOS 30.6.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ip nat
enable ip nat

Description
Globally enables Network Address Translation (NAT).

Syntax Description
ip Specifies Internet Protocol (IP).
nat Specifies enabling NAT.

Default
N/A.

2238 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
NAT maps IP addresses from one address domain (typically private IP address space)
to an another address domain (typically a public Internet IP address space) to provide
transparent routing to end hosts. This translation is accomplished transparently by
having a NAT device translate the IP address and/or Layer 4 port of the packets.

To view IP NAT information, run the command show ip nat.

Example
The following example enables IP NAT:
# enable ip nat

History
This command was first available in ExtremeXOS 31.2.

Platform Availability
This command is available on the switches that support the IP NAT feature.
For information about which switches support this and other features, see the
Switch Engine 32.7.1 Feature License Requirements document.

enable ip nat rule

enable ip nat rule rule_name

Description
Enables Network Address Translation (NAT) rules.

Syntax Description
ip Specifies Internet Protocol (IP).
nat Specifies NAT.
rule Specifies enabling a NAT rule.
rule_name Specifies the NAT rule to enable.

Default
N/A.

Usage Guidelines
A rule is programmed in hardware only after global NAT and the specific rule are
enabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2239

Example Commands

Enabling a rule is allowed only after all of the necessary configurations for the rule are
complete. After a rule is enabled, configuration changes (IP address, egress VLAN, etc.)
are not allowed for the rule. You must disable a rule to make configuration changes to
it.

Example
The following example the enables the IP NAT rule "rule1":
# enable ip nat rule rule1

History
This command was first available in ExtremeXOS 31.2.

Platform Availability
This command is available on the switches that support the IP NAT feature.
For information about which switches support this and other features, see the
Switch Engine 32.7.1 Feature License Requirements document.

enable iparp checking

enable iparp {vr vr_name} checking

Description
Enables checking if the ARP request source IP address is within the range of the local
interface or VLAN domain.

Syntax Description
vr_name Specifies a VR or VRF.

Default
Enabled.

Usage Guidelines
If you do not specify a VR or VRF, the command applies to the current VR context.

Example
The following example enables IP ARP checking:
enable iparp checking

2240 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 10.1.

The vr option was added in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

enable iparp gratuitous protect

enable iparp gratuitous protect [ {vlan} vlan_name | vlan vlan_list]

Description
Enables gratuitous ARP protection on the specified VLAN.

Syntax Description
vlan_name Specifies the VLAN.
vlan_list Specifies a VLAN list of IDs.

Default
By default, gratuitous ARP is disabled.

Usage Guidelines
Beginning with ExtremeXOS 11.6, this command replaces this command for configuring
gratuitous ARP.

Hosts can launch man-in-the-middle attacks by sending out gratuitous ARP requests
for the router's IP address. This results in hosts sending their router traffic to the
attacker, and the attacker forwarding that data to the router. This allows passwords,
keys, and other information to be intercepted.

To protect against this type of attack, the router will send out its own gratuitous ARP
request to override the attacker whenever a gratuitous ARP broadcast with the router's
IP address as the source is received on the network.

Example
The following example enables gratuitous ARP protection for VLAN corp:
enable iparp gratuitous protect vlan corp

Switch Engine™ Command Reference Guide for version 32.7.1 2241

History Commands

History
This command was first available in ExtremeXOS 11.2.

The vlan_list option was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable iparp refresh

enable iparp {vr vr_name} refresh

Description
Enables IP ARP to refresh its IP ARP entries before timing out.

Syntax Description
vr_name Specifies a VR or VRF.

Default
Enabled.

Usage Guidelines
If ARP refresh is enabled, the switch resends ARP requests for the host at 3/4 of the
configured ARP timer value.

For example: If the ARP timeout is set to 20 minutes, the switch attempts to resend an
ARP request for the host when the host entry is at 15 minutes. If the host replies, the
ARP entry is reset back to 0, and the timer starts again.

If you do not specify a VR or VRF, the command applies to the current VR context.

Example
The following example enables IP ARP refresh:
enable iparp refresh

History
This command was first available in ExtremeXOS 10.1.

The vr option was added in ExtremeXOS 11.0.

2242 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

enable ipforwarding ipv6

enable ipforwarding ipv6 [ {vlan} vlan_name | vlan vlan_list] | tunnel
tunnel_name | vr vr_name}

Description
Enables IPv6 routing VLANs. If no argument is provided, enables IPv6 routing for all
VLANs and tunnels that have been configured with an IPv6 address on the current VR
or VRF.

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.
tunnel_name Specifies an IPv6 tunnel.
vr_name Specifies a VR or VRF.

Default
Disabled.

Usage Guidelines
When new IPv6 interfaces are added, IPv6 forwarding is disabled by default.

Example
The following example enables forwarding of IPv6 traffic for all VLANs in the current VR
context with IPv6 addresses:
enable ipforwarding ipv6

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

enable ipforwarding
enable ipforwarding {ipv4 | broadcast} {vlan vlan_name}

Switch Engine™ Command Reference Guide for version 32.7.1 2243

Description Commands

Description
Enables IPv4 routing or IPv4 broadcast forwarding for one or all VLANs. If no argument
is provided, enables IPv4 routing for all VLANs that have been configured with an IP
address on the current VR or VRF.

Syntax Description
ipv4 Specifies IPv4 forwarding.
broadcast Specifies broadcast IP forwarding.
vlan_name Specifies a VLAN name.

Default
Disabled.

Usage Guidelines
IP forwarding must first be enabled before IP broadcast forwarding can be enabled.
When new IP interfaces are added, IP forwarding (and IP broadcast forwarding) is
disabled by default.

The broadcast, ignore-broadcast, and fast-directbroadcast options each prompt with a

warning message when executed while the IP forwarding on the corresponding VLAN
is disabled. The hardware and software are NOT programmed until IP forwarding is
enabled on the VLAN.

The fast-direct-broadcast and ignore-broadcast options cannot be enabled

simultaneously. These are mutually exclusive.

The broadcast option can be enabled in conjunction with fast-direct-broadcast and

ignore-broadcast.

Example
The following command enables forwarding of IP traffic for all VLANs in the current VR
context with IP addresses:

enable ipforwarding

The following command enables forwarding of IP broadcast traffic for a VLAN named
accounting:

enable ipforwarding broadcast vlan accounting

History
This command was first available in ExtremeXOS 10.1.

2244 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

The ipv4 keyword was added in ExtremeXOS 11.2.

The ignore-broadcast and the fast-direct-broadcast keywords were added in

ExtremeXOS 12.0.

Platform Availability
This command is available on all platforms that use the Edge, Advanced Edge, or
Core license. For information on the licenses available for each platform, see the
Switch Engine 32.7.1 Feature License Requirements document.

enable ipmcforwarding ipv6

enable ipmcforwarding ipv6 {vlan name }

Description
Enables IPv6 multicast forwarding on a router interface.

Syntax Description
name Specifies a VLAN name.

Default
Disabled.

Usage Guidelines
If no options are specified, all configured IPv6 interfaces are affected. When new IPv6
interfaces are created, IPv6 multicast forwarding is disabled by default.

IPv6 forwarding must be enabled before enabling IPv6 multicast forwarding.

Example
The following example enables IPv6 multicast forwarding on VLAN accounting:
enable ipmcforwarding ipv6 vlan accounting

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and

Switch Engine™ Command Reference Guide for version 32.7.1 2245

enable ipmcforwarding Commands

upgrade your license and which licenses support the IPv6 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

enable ipmcforwarding
enable ipmcforwarding {vlan name}

Description
Enables IP multicast forwarding on an IP interface.

Syntax Description
name Specifies a VLAN name.

Default
Disabled.

Usage Guidelines
If no options are specified, all configured IP interfaces are affected. When new IP
interfaces are added, IPMC forwarding is disabled by default.

IP forwarding must be enabled before enabling IPMC forwarding.

Example
The following example enables IPMC forwarding on the VLAN accounting:
enable ipmcforwarding vlan accounting

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

enable ipmcforwarding tunnel

enable ipmcforwarding {tunnel tunnel_name}

2246 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Enables IP multicast tunnel forwarding on an IP interface.

Syntax Description
tunnel_name Specifies a tunnel name.

Default
Disabled.

Usage Guidelines
If no options are specified, all configured IP interfaces are affected. When new IP
interfaces are added, IPMC forwarding is disabled by default.

IP forwarding must be enabled before enabling IPMC forwarding.

Example
The following example enables IPMC forwarding on the tunnel accounting:
enable ipmcforwarding tunnel accounting

History
This command was first available in ExtremeXOS 32.3.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

enable ip option loose-source-route

enable ip option loose-source-route

Description
Enables processing of the loose source route IP option in the IPv4 packet header.

Syntax Description
This command has no arguments or variables.

Switch Engine™ Command Reference Guide for version 32.7.1 2247

Default Commands

Default
Enabled.

Usage Guidelines
This enables the switch to forward IP packets that have the loose source route IP option
(0x83) enabled.

Source routing is used when a sending host specifies the router interfaces that the
packet must traverse on it's way to it's destination.

With loose source routing enabled, the packet is forwarded if the routing table has a
reverse path to the source IP address of the packet.

Example
The following command enables processing of the loose source route IP option:
# enable ip-option loose-source-route

History
This command was first available in ExtremeXOS 10.1.

This command was removed in ExtremeXOS 30.1, and then re-introduced in

ExtremeXOS 31.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ip option strict-source-route

enable ip option strict-source-route

Description
Enables processing of the strict source route IP option in the IPv4 packet header.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

2248 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This enables the switch to forward IP packets that have the strict source route IP option
(0x89) enabled.

Source routing is used when a sending host specifies the router interfaces that the
packet must traverse on its way to its destination.

When strict source routing is used, it means that the packet must use the exact path of
routers that lie in the designated router path.

With strict source routing enabled, the switch forwards IP packets with the strict source
route option enabled, only if the switch's IP is in the designated list and as long as the
next hop in the list is directly attached to one of the router's interfaces.

Example
The following example enables processing of the strict source route IP option:
# enable ip-option strict-source-route

History
This command was first available in ExtremeXOS 10.1.

This command was removed in ExtremeXOS 30.1, and then re-introduced in

ExtremeXOS 31.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable iproute bfd

enable iproute bfd {gateway} ip_addr {vr vrname}

Description
Enables the BFD client to provide services for IPv4 static routes.

Syntax Description
ip_addr Specifies the IPv4 address of a neighbor to which BFD
services are to be provided.
vrname Specifies the VR or VRF name for which BFD services are
being enabled.

Default
Disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2249

Usage Guidelines Commands

Usage Guidelines
To enable BFD services to an IPv4 neighbor, you must do the following:
• Execute this command on the switches at both ends of the link.
• Enable BFD for specific IPv4 static routes with the configure iproute add
[destination network] [gateway] bfd command.

Once a BFD session is established between two neighbors, BFD notifies the Route
Manager process of the BFD session status and any changes. If other BFD clients (such
as the MPLS BFD client) are configured between the same neighbors, the clients share
a single session between the neighbors.

Example
The following example enables BFD client protection for communications with
neighbor 10.10.10.1:
# enable iproute bfd 10.10.10.1

History
This command was first available in ExtremeXOS 12.5.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable iproute bfd strict

enable iproute {protection} bfd strict

Description
Turns on "strict" Bidirectional Forwarding Detection (BFD) session control, which brings
down the static route during switch reboot if the static route nexthop BFD session is in
the INIT state.

Syntax Description
protection Enables or disables route protection.
bfd BFD protect static routes to next hop gateway.
strict Enables considering that protected static routes are not up
if the BFD session is in INIT state. Default is disabled.

Default
By default, strict BFD session control is disabled.

2250 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
If the BFD session is down, but BFD protected static route is still in the routing table
after reboot, the BFD session is never established, because during reboot, the BFD
session is in the INIT state, and the static route is brought up without considering BFD
session state. This can cause traffic loss since the link to the gateway actually is down.
This command turns down the static route during reboot if BFD session is in the INIT
state. This behavior is different from other BFD clients (such as OSPF) in the same INIT
situation. A reboot is required to make the command take effect.

Example
The following example enables BFD strict session control:
# enable iproute bfd strict
WARNING: Please reboot the switch for the strict BFD to take effect.

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable iproute compression

enable iproute compression {vr vrname}

Description
Enables IPv4 route compression.

Syntax Description
vrname VR or VRF name for which the IP route compression is
being enabled.

Default
Enabled.

Usage Guidelines
Enables IPv4 route compression for the specified VR or VRF. If the VR name is
not specified, route compression is enabled for the VR context from which the CLI
command is issued.

Switch Engine™ Command Reference Guide for version 32.7.1 2251

Example Commands

The command applies a compression algorithm on each of the IP prefixes in the

routing table. Essentially, routes with longer network masks might not be necessary
if they are a subset of other routes with shorter network masks using the same
gateway(s). When IP route compression is enabled, these unnecessary routes are not
provided to the Forwarding Information Base (FIB).

Example
The following example enables IP route compression:
enable iproute compression

History
This command was first available in ExtremeXOS 12.0.

Default changed to enabled in ExtremeXOS 15.6.

Platform Availability
This command is available on all Universal switches supported in this document.

enable iproute ipv6 compression

enable iproute ipv6 compression {vr vrname}

Description
Enables IPv6 route compression.

Syntax Description
vrname Specifies a VR or VRF.

Default
If no VR name is specified, the current CLI context is used.

Usage Guidelines
This command enables IPv6 route compression for the VR. This command applies a
compression algorithm to each IPv6 prefix in the IPv6 prefix database.

Example
The following example enables IPv6 route compression in the current VR context.
enable iproute ipv6 compression

2252 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.0.

Default changed to enabled in ExtremeXOS 15.6.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

enable iproute mpls-next-hop

enable iproute mpls-next-hop

Description
Enables IP forwarding over MPLS LSPs for the default VR.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command enables IP forwarding over MPLS LSPs for the default VR. When
enabled, LSP next hops can be used to tunnel IP traffic across the MPLS network. By
default, IP forwarding over MPLS LSPs is disabled.

Example
The following command enables IP forwarding over MPLS LSPs:
enable iproute mpls-next-hop

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 2253

enable iproute protection ping Commands

enable iproute protection ping

enable iproute {ipv4 | ipv6} protection ping

Description
Globally enables ping protection for static routes added with ping protection for IPv4
and IPv6.

Syntax Description
ipv4 Specifies IPv4 (default).
ipv6 Specifies IPv6.
protection Enables route protection.
ping Globally enables ping protection for static routes added
with ping protection (default is enabled).

Default
Enabled is the default. If not specified, IPv4 is the default.

Example
The following example enables ping protection for static routes added with ping
protection for IPv4:
# enable iproute ipv4 protection ping

History
This command was first available in ExtremeXOS 22.1.

Platform Availability
This command is available on all platforms with any license level as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable iproute sharing

enable iproute {ipv4 |ipv6} sharing {{vr} vrname} | {{vr} all}}

Description
Enables load sharing if multiple routes to the same destination are available. When
multiple routes to the same destination are available, load sharing can be enabled to
distribute the traffic to multiple destination gateways. Only paths with the same lowest
cost are shared.

2254 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vrname VR or VRF name for which IP route sharing is being
enabled.

Default
Disabled.

Usage Guidelines
IP route sharing allows multiple equal-cost routes to be used concurrently. IP route
sharing can be used with static routes or with OSPF, BGP, or IS-IS routes. In OSPF, BGP,
and IS-IS, this capability is referred to as ECMP routing.

Configure static routes and OSPF, BGP, or IS-IS as you would normally. The ExtremeXOS
software supports route sharing across up to 64 way ECMP for OSPFv2, BGP, and static
routes, or up to 64-way ECMP for OSPFv3 and 8 way for ISIS. However, on SummitStack,
and ExtremeSwitching series switches, by default, up to four routes are supported. To
support 2, 4, 8, 16, 32, or 64 routes on these switches, use the following command:
configure iproute sharing max-gateways max_gateways

If a VR is not specified, this command enables IP route sharing in the current VR

context.

Example
The following example enables load sharing for multiple routes:
enable iproute sharing

History
This command was first available in ExtremeXOS 11.1.

The vr option was added in ExtremeXOS 12.5.

The ipv6 option was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ip-security anomaly-protection icmp

enable ip-security anomaly-protection icmp {slot [ slot | all ]}

Switch Engine™ Command Reference Guide for version 32.7.1 2255

Description Commands

Description
Enables ICMP size and fragment checking.

Syntax Description
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

Default
The default is disabled.

Usage Guidelines
This command enables ICMP size and fragment checking. This checking takes effect
for both IPv4 and IPv6 TCP packets. When enabled, the switch drops ICMP packets if
one of following condition is true:
• Fragmented ICMP packets.
• IPv4 ICMP pings packets with payload size greater than the maximum IPv4 ICMP-
allowed size. (The maximum allowed size is configurable.)
• IPv6 ICMP ping packets with payload size > the maximum IPv6 ICMP-allowed size.
(The maximum allowed size is configurable.)

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ip-security anomaly-protection ip

enable ip-security anomaly-protection ip { slot [ slot | all ] }

Description
Enables source and destination IP address checking.

Syntax Description
slot Specifies the slot.
all Specifies all IP addresses, or all IP addresses in a particular
state.

2256 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
The default is disabled.

Usage Guidelines
This command enables source and destination IP addresses checking. This checking
takes effect for both IPv4 and IPv6 packets. When enabled, the switch drops IPv4/IPv6
packets if its source IP address are the same as the destination IP address. In most
cases, the condition of source IP address being the same as the destination IP address
indicates a Layer 3 protocol error. (These kind of errors are found in LAND attacks.)

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ip-security anomaly-protection l4port

enable ip-security anomaly-protection l4port [tcp | udp | both] {slot
[ slot | all ]}

Description
Enables TCP and UDP ports checking.

Syntax Description
tcp Specifies that the TCP port be enabled for checking.
udp Specifies that the UDP port be enabled for checking.
both Specifies both the TCP and UDP ports be enabled for
checking.
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

Default
The default is disabled.

Usage Guidelines
This command enabled TCP and UDP ports checking. This checking takes effect for
both IPv4 and IPv6 TCP and UDP packets. When enabled, the switch drops TCP and

Switch Engine™ Command Reference Guide for version 32.7.1 2257

History Commands

UDP packets if its source port is the same as its destination port. In most cases, when
the condition of source port is the same as that of the destination port, it indicates a
Layer4 protocol error. (This type of error can be found in a BALT attack.)

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ip-security anomaly-protection notify

enable ip-security anomaly-protection notify [log | snmp | cache] {slot
[ slot | all ]}

Description
Enables protocol anomaly notification.

Syntax Description
log Specifies the switch to send the notification to a log file.
snmp Specifies the switch to send an SNMP trap when an event
occurs.
cache Specifies the switch to send the notification to cache.
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

Default
The default is disabled.

Usage Guidelines
This command enables anomaly notification. When enabled, any packet failed to pass
enabled protocol checking is sent to XOS Host CPU and notifies the user. There are
three different types of notifications:
• log: The anomaly events are logged into EMS log.
• snmp: The anomaly events generate SNMP traps.
• cache: The most recent and unique anomaly events are stored in memory for review
and investigation.

When disabled, the switch drops all violating packets silently.

2258 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ip-security anomaly-protection tcp flags

enable ip-security anomaly-protection tcp flags {slot [ slot | all ]}

Description
Enables TCP flag checking.

Syntax Description
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

Default
The default is disabled.

Usage Guidelines
This command Enables TCP flag checking. This checking takes effect for both IPv4
and IPv6 TCP packets. When enabled, the switch drops TCP packets if one of following
condition is true:
• TCP SYN flag==1 and the source port<1024
• TCP control flag==0 and the sequence number==0
• TCP FIN, URG, and PSH bits are set, and the sequence number==0
• TCP SYN and FIN both are set.

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 2259

enable ip-security anomaly-protection tcp fragment Commands

enable ip-security anomaly-protection tcp fragment

enable ip-security anomaly-protection tcp fragment {slot [ slot | all ]}

Description
Enables TCP fragment checking.

Syntax Description
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

Default
The default is disabled.

Usage Guidelines
This command enables TCP fragment checking. This checking takes effect for IPv4/
IPv6. When it is enabled, the switch drops TCP packets if one of following condition is
true:
• For the first IPv4 TCP fragment (its IP offset field==0), if its TCP header is less than the
minimum IPv4 TCP header allowed size.
• For the first IPv6 TCP fragment (its IP offset field==0), if its TCP header is less than the
minimum IPv6 TCP header allowed size.
• If its IP offset field==1 (for IPv4 only).

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ip-security anomaly-protection

enable ip-security anomaly-protection {slot [ slot | all ]}

Description
Enables all anomaly checking options.

2260 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular
state.

Default
The default is disabled.

Usage Guidelines
This commands enables all anomaly checking options, including IP address, UDP/TCP
port, TCP flag and fragment, and ICMP anomaly checking.

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ip-security arp gratuitous-protection

enable ip-security arp gratuitous-protection [dynamic | {vlan} all |
vlan_name]

Description
Enables gratuitous ARP protection on one or all VLANs on the switch.

Syntax Description
all Specifies all VLANs configured on the switch.
vlan_name Specifies the VLAN.
dynamic Configuration options for dynamically created VLANs.

Default
By default, gratuitous ARP protection is disabled.

Dynamic VLAN option added in ExtremeXOS 30.2.

Switch Engine™ Command Reference Guide for version 32.7.1 2261

Usage Guidelines Commands

Usage Guidelines
Beginning with ExtremeXOS 11.6, this command replaces the enable iparp
gratuitous protect command.

Hosts can launch man-in-the-middle attacks by sending out gratuitous ARP requests
for the router's IP address. This results in hosts sending their router traffic to the
attacker, and the attacker forwarding that data to the router. This allows passwords,
keys, and other information to be intercepted.

To protect against this type of attack, the router will send out its own gratuitous ARP
request to override the attacker whenever a gratuitous ARP broadcast with the router's
IP address as the source is received on the network.

Beginning with ExtremeXOS 11.6, if you enable both DHCP secured ARP and gratuitous
ARP protection, the switch protects its own IP address and those of the hosts that
appear as secure entries in the ARP table.

To protect the IP addresses of the hosts that appear as secure entries in the ARP
table, use the following commands to enable DHCP snooping, DHCP secured ARP, and
gratuitous ARP on the switch:
• enable ip-security dhcp-snooping {vlan} vlan_name ports [all |
ports] violation-action [drop-packet {[block-mac | block-port]
[durationduration_in_seconds | permanently] | none]}] {snmp-trap}
• enable ipsecurity arp learning learn-from-arp
• enable ip-security arp gratuitous-protection {vlan} [all | vlan_name]

Displaying Gratuitous ARP Information

To display information about gratuitous ARP, use the following command:
show ip-security arp gratuitous-protection

Example
The following command enables gratuitous ARP protection for VLAN corp:

enable ip-security arp gratuitous-protectection vlan corp

History
This command was first available in ExtremeXOS 11.6.

Dynamic VLAN option added in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

2262 Switch Engine™ Command Reference Guide for version 32.7.1

Commands enable ip-security arp learning learn-from-arp

enable ip-security arp learning learn-from-arp

enable ip-security arp learning learn-from-arp [dynamic | {vlan}
vlan_name] ports [all | ports]

Description
Enables ARP learning for the specified VLAN and member ports.

Syntax Description
vlan_name Specifies the name of the VLAN to which this rule applies.
dynamic Configuration options for dynamically created VLANs.
all Specifies all ingress ports.
ports Specifies one or more ingress ports.

Default
By default, ARP learning is enabled.

Usage Guidelines
ARP is part of the TCP/IP suite used to associate a device’s physical address (MAC
address) with its logical address (IP address). The switch broadcasts an ARP request
that contains the IP address, and the device with that IP address sends back its MAC
address so that traffic can be transmitted across the network. The switch maintains
an ARP table (also known as an ARP cache) that displays each MAC address and its
corresponding IP address.

By default, the switch builds its ARP table by tracking ARP requests and replies, which
is known as ARP learning.

Displaying ARP Information

To display how the switch builds an ARP table and learns MAC addresses for devices on
a specific VLAN and associated member ports, use the following command:
show ip-security arp learning {vlan} vlan_name

To view the ARP table, including permanent and DHCP secured ARP entries, use the
following command:
show iparp {ip_addre |mac | vlanvlan_name | permanent} {vrvr_name}

Switch Engine™ Command Reference Guide for version 32.7.1 2263

Example Commands

Example
The following command enables ARP learning on port 1:1 of the VLAN learn:

enable ip-security arp learning learn-from-arp vlan learn ports 1:1

History
This command was first available in ExtremeXOS 11.6.

Dynamic VLAN option added in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ip-security arp learning learn-from-dhcp

enable ip-security arp learning learn-from-dhcp [dynamic vlan | {vlan}
vlan_name] ports [all | ports]

Description
Enables DHCP secured ARP learning for the specified VLAN and member ports.

Syntax Description
dynamic Configuration options for dynamically created VLANs.
vlan_name Specifies the name of the VLAN to which this rule applies.
all Specifies all ingress ports.
ports Specifies one or more ingress ports.

Default
By default, DHCP secured ARP learning is disabled.

Usage Guidelines
Use this command to configure the switch to add the MAC address and its
corresponding IP address to the ARP table as a secure ARP entry. The switch does
not update secure ARP entries, regardless of the ARP requests and replies seen by the
switch. DHCP secured ARP is linked to the “DHCP snooping” feature. The same DHCP
bindings database created when you enabled DHCP snooping is also used by DHCP
secured ARP to create secure ARP entries. The switch only removes secure ARP entries

2264 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Displaying ARP Information

when the corresponding DHCP entry is removed from the trusted DHCP bindings
database.

Note
If you enable DHCP secured ARP on the switch, ARP learning continues, which
allows insecure entries to be added to the ARP table.

The default ARP timeout (configure iparp timeout) and ARP refresh (enable iparp
refresh) settings do not apply to DHCP secured ARP entries. The switch removes DHCP
secured ARP entries upon any DHCP release packet received from the DHCP client.

Displaying ARP Information

To display how the switch builds an ARP table and learns MAC addresses for devices on
a specific VLAN and associated member ports, use the following command:
show ip-security arp learning {vlan} vlan_name

To view the ARP table, including permanent and DHCP secured ARP entries, use the
following command:
show iparp {ip_address |mac | vlanvlan_name | permanent} {vrvr_name}

Example
The following command enables DHCP secured ARP learning on port 1:1 of the VLAN
learn and uses the default polling and retry intervals:
enable ip-security arp learning learn-from-dhcp vlan learn ports 1:1

History
This command was first available in ExtremeXOS 11.6.

Dynamic VLAN support was added in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ip-security arp validation violation-action

enable ip-security arp validation {destination-mac} {source-mac} {ip}
[dynamic vlan_id |{vlan} vlan_name] [all | ports] violation-
action [drop-packet {[block-port] [duration duration_in_seconds |
permanently]}] {snmp-trap}

Description
Enables ARP validation for the specified VLAN and member ports.

Switch Engine™ Command Reference Guide for version 32.7.1 2265

Syntax Description Commands

Syntax Description
destination-mac Specifies that the switch checks the ARP payload for the
MAC destination address in the Ethernet header and the
receiver’s host address in the ARP response.
source-mac Specifies that the switch checks ARP requests and
responses for the MAC source address in the Ethernet
header and the sender’s host address in the ARP payload.
ip Specifies the switch checks the IP address in the ARP
payload and compares it to the DHCP bindings database.
If the IP address does exist in the DHCP bindings table,
the switch verifies that the MAC address is the same as the
sender hardware address in the ARP request. If not, the
packet is dropped.
dynamic Configuration options for dynamically created VLANs.
vlan_id VLAN ID tag between 1 and 4,094.
vlan_name Specifies the name of the VLAN to which this rule applies.
all Specifies all ports to participate in ARP validation.
ports Specifies one or more ports to participate in ARP validation.
drop-packet Specifies that the switch drops the invalid ARP packet.
block-port Indicates that the switch blocks invalid ARP requests on
the specified port.
duration_in_seconds Specifies the switch to temporarily disable the specified
port upon receiving an invalid ARP request.
The range is seconds.
permanently Specifies the switch to permanently disable the port upon
receiving an invalid ARP request.
snmp-trap Specifies the switch to send an SNMP trap when an event
occurs.

Default
By default, ARP validation is disabled.

Usage Guidelines
The violation action setting determines what action(s) the switch takes when an invalid
ARP is received.

Depending on your configuration, the switch uses the following methods to check the
validity of incoming ARP packets:
• Drop packet—The switch confirms that the MAC address and its corresponding
IP address are in the DHCP binding database built by DHCP snooping. This is
the default behavior when you enable ARP validation. If the MAC address and its
corresponding IP address are in the DHCP bindings database, the entry is valid. If

2266 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Displaying ARP Validation Information

the MAC address and its corresponding IP address are not in the DHCP bindings
database, the entry is invalid, and the switch drops the ARP packet.
• IP address—The switch checks the IP address in the ARP payload. If the switch
receives an IP address in the ARP payload that is in the DHCP binding database, the
entry is valid. If the switch receives an IP address that is not in the DHCP binding
database, for example 255.255.255.255 or an IP multicast address, the entry is invalid
or unexpected.
• Source MAC address—The switch checks ARP requests and responses for the source
MAC address in the Ethernet header and the sender’s host address in the ARP
payload. If the source MAC address and senders’s host address are the same, the
entry is valid. If the source MAC source and the sender’s host address are different,
the entry is invalid.
• Destination MAC address—The switch checks the ARP payload for the destination
MAC address in the Ethernet header and the receiver’s host address. If the
destination MAC address and the target’s host address are the same, the entry is
valid. If the destination MAC address and the target’s host address are different, the
entry is invalid.

Any violation that occurs causes the switch to generate an EMS log message. You can
configure to suppress the log messages by configuring EMS log filters.

Displaying ARP Validation Information

To display information about ARP validation, use the following command:
show ip-security arp validation {vlan} vlan_name

Example
The following example enables ARP validation on port 1:1 of the VLAN valid:
enable ip-security arp validation vlan valid ports 1:1 drop-packet

History
This command was first available in ExtremeXOS 11.6.

Dynamic VLAN and VLAN ID options added in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ip-security dhcp-bindings restoration

enable ip-security dhcp-bindings restoration

Switch Engine™ Command Reference Guide for version 32.7.1 2267

Description Commands

Description
Enables download and upload of DHCP bindings.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
The command allows you to enable the download and upload of the DHCP bindings,
essentially enabling the DHCP binding functionality. The default is disabled.

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ip-security dhcp-snooping

enable ip-security dhcp-snooping [dynamic | {vlan} vlan_name] ports
[all | ports] violation-action [drop-packet {[block-mac | block-port]
[duration duration_in_seconds | permanently] | none]}] {snmp-trap}

Description
Enables DHCP snooping for the specified VLAN and ports.

Syntax Description
vlan_name Specifies the name of the DHCP-snooping VLAN. Create
and configure the VLAN before enabling DHCP snooping.
dynamic Configuration options for dynamically created VLANs.
all Specifies all ports to receive DHCP packets.
ports Specifies one or more ports to receive DHCP packets.
drop-packet Indicates that the switch drop the rogue DHCP packet
received on the specified port.
block-mac Indicates that the switch blocks rogue DHCP packets from
the specified MAC address on the specified port. The MAC
address is added to the DHCP bindings database.

2268 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

block-port Indicates that the switch blocks rogue DHCP packets on

the specified port. The port is added to the DHCP bindings
database.
duration_in_seconds Specifies that the switch temporarily disable the specified
port upon receiving a rogue DHCP packet.
The range is seconds.
permanently Specifies that the switch to permanently disable the
specified port upon receiving a rogue DHCP packet.
none Specifies that the switch takes no action when receiving a
rogue DHCP packet; the switch does not drop the packet.
snmp-trap Specifies the switch to send an SNMP trap when an event
occurs.

Default
By default, DHCP snooping is disabled.

Usage Guidelines
Use this command to enable DHCP snooping on the switch.

Note
Snooping IP fragmented DHCP packets is not supported.

The violation action setting determines what action(s) the switch takes when a rouge
DHCP server packet is seen on an untrusted port or the IP address of the originating
server is not among those of the configured trusted DHCP servers. The DHCP server
packets are DHCP OFFER, ACK and NAK. The following list describes the violation
actions:
• block-mac—The switch automatically generates an ACL to block the MAC address
on that port. The switch does not blackhole that MAC address in the FDB. The switch
can either temporarily or permanently block the MAC address.
• block-port—The switch blocks all incoming rogue DHCP packets on that port. The
switch disables the port either temporarily or permanently to block the traffic on
that port.
• none—The switch takes no action to drop the rogue DHCP packet or block the port,
and so on. In this case, DHCP snooping continues to build and manage the DHCP
bindings database and DHCP forwarding will continue in hardware as before.

Any violation that occurs causes the switch to generate an EMS log message. You can
configure to suppress the log messages by configuring EMS log filters.

When ports all is specified, any ports added to the VLAN in this command will be
enabled with DHCP-snooping.

Displaying DHCP Snooping Information

To display the DHCP snooping configuration settings, use the following command:

Switch Engine™ Command Reference Guide for version 32.7.1 2269

Example Commands

show ip-security dhcp-snooping {vlan} vlan_name

To display the DHCP bindings database, use the following command:

show ip-security dhcp-snooping entries {vlan} vlan_name

To display any violations that occur, use the following command:

show ip-security dhcp-snooping violations {vlan} vlan_name

Example
The following example enables DHCP snooping on the switch and has the switch block
DHCP packets from port 1:1:
enable ip-security dhcp-snooping vlan snoop ports 1:1 violation-action drop-packet block-
port

History
This command was first available in ExtremeXOS 11.6.

Dynamic VLAN option added in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ip-security source-ip-lockdown ports

enable ip-security source-ip-lockdown ports [all | ports]

Description
Enables the source IP lockdown feature on one or more ports.

Syntax Description
all Specifies all ports for which source IP lockdown should be
enabled.
ports Specifies one or more ports for which source IP lockdown
should be enabled.

Default
By default, source IP lockdown is disabled on the switch.

2270 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Note
Source-IP lockdown cannot be enabled on load sharing ports.

Source IP lockdown prevents IP address spoofing by automatically placing source IP

address filters on specified ports. If configured, source IP lockdown allows only traffic
from a valid DHCP-assigned address obtained by a DHCP snooping-enabled port or an
authenticated static IP address to enter the network.

To configure source IP lockdown, you must enable DHCP snooping on the ports
connected to the DHCP server and DHCP client before you enable source IP lockdown.
You must enable source IP lockdown on the ports connected to the DHCP client,
not on the ports connected to the DHCP server. The same DHCP bindings database
created when you enable DHCP snooping is also used by the source IP lockdown
feature to create ACLs that permit traffic from DHCP clients. All other traffic is dropped.
In addition, the DHCP snooping violation action setting determines what action(s) the
switch takes when a rouge DHCP server packet is seen on an untrusted port.

To enable DHCP snooping, use the following command:

enable ip-security dhcp-snooping {vlan} vlan_name ports [all | ports]
violation-action [drop-packet {[block-mac | block-port] [duration
duration_in_seconds | permanently] | none]}] {snmp-trap}

Displaying Source IP Lockdown Information

To display the source IP lockdown configuration on the switch, use the following
command:
show ip-security source-ip-lockdown

Example
The following command enables source IP lockdown on ports 1:1 and 1:4:

enable ip-security source-ip-lockdown ports 1:1, 1:4

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

enable iqagent
enable iqagent

Switch Engine™ Command Reference Guide for version 32.7.1 2271

Description Commands

Description
Enables the ExtremeCloud™ IQ Agent.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
To disable the IQ Agent, use the command disable iqagent.

To view the state if the IQ Agent, use the command show iqagent discovery without
the discovery option.

Example
The following example enables the IQ Agent:
# enables iqagent

History
This command was first available in ExtremeXOS 31.1.

Platform Availability
This command is available on the ExtremeSwitching 5520 platform.

enable irdp
enable irdp {vlan name}

Description
Enables the generation of ICMP router advertisement messages on one or all VLANs.

Syntax Description
name Specifies a VLAN name.

Default
Disabled.

2272 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
ICMP Router Discovery Protocol (IRDP) allows client machines to determine what
default gateway address to use. The switch sends out IP packets at the specified
intervals identifying itself as a default router. IRDP enabled client machines use this
information to determine which gateway address to use for routing data packets to
other networks.

If no optional argument is specified, all the IP interfaces are affected.

Example
The following example enables IRDP on VLAN "accounting":
enable irdp vlan accounting

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms that use the Edge, Advanced Edge, or
Core license. For information on the licenses available for each platform, see the
Switch Engine 32.7.1 Feature License Requirements document.link-22.1"/>

enable isis
enable isis {area area_name}

Description
This command enables the specified IS-IS router process on the current virtual router.

Syntax Description
area_name Specifies the name of the IS-IS router process to be
enabled.

Default
Disabled.

Usage Guidelines
If no area name is specified, all IS-IS router processes on the current virtual router are
enabled. Once a router process is enabled, IS-IS PDUs are sent and processed provided
that the following conditions are met:
• The router process has a system ID and area address configured.

Switch Engine™ Command Reference Guide for version 32.7.1 2273

Example Commands

• At least one associated VLAN interface has IPv4 or IPv6 forwarding enabled.

This command has no effect on router processes that are already enabled.

Example
The following command enables the IS-IS process named areax:

enable isis area areax

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable isis area adjacency-check

enable isis area area_name adjacency-check {ipv4 | ipv6}

Description
This command enables the checking of the following TLVs when forming adjacencies:
Protocols Supported and IP Interface Address.

Syntax Description
area_name Specifies the name of the IS-IS router process that should
perform the adjacency check.
ipv4 Specifies that the adjacency check is to be performed in
IPv4 interfaces.
ipv6 Specifies that the adjacency check is to be performed in
IPv6 interfaces.

Default
ipv4/ipv6: Enabled.

Usage Guidelines
When enabled for IPv4, IPv4 adjacencies may only be formed with neighbors whose
connected interface supports IPv4 and is on the same subnet as the receiving interface.
Similarly, when enabled for IPv6, IPv6 adjacencies may only be formed with neighbors
whose connected interface supports IPv6 and is on the same link local subnet as the

2274 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

receiving interface. For each enabled protocol, if both criteria are not met, received
Hello PDUs are discarded. By default, IPv4 routing is affected by this command. The
optional ipv6 keyword enables adjacency checking for IPv6 interfaces on the specified
router process. It may be necessary to disable adjacency checking in multi-topology
environments where a neighbor may only form an IPv4 or an IPv6 adjacency, but not
both.

Example
The following command directs the IS-IS process named areax to perform adjacency
checks on IPv6 interfaces:

enable isis area areax adjacency-check ipv6

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable isis area dynamic-hostname

enable isis area area_name dynamic-hostname [area-name | snmp-name]

Description
This command enables the dynamic hostname feature, which displays either the area
name or the SNMP name instead of a IS-IS router system ID in select show commands.

Syntax Description
area_name Specifies the name of the IS-IS process for which the
dynamic-hostname feature is to be enabled.
area-name Specifies that affected show commands display the area
name instead of the IS-IS system ID.
snmp-name Specifies that affected show commands display the SNMP
name instead of the IS-IS system ID.

Default
Disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2275

Usage Guidelines Commands

Usage Guidelines
This command enables support for the dynamic hostname exchange feature defined
by RFC 2763.

Example
The following command enables the display of IS-IS area names:

enable isis area areax dynamic-hostname area-name

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable isis area export

enable isis area area_name export {ipv4} route-type [policy | metric
mvalue {metric-type [internal | external]}] {level[1| 2 | both-1-
and-2]}

Description
This command enables IPv4 route redistribution into IS-IS for direct, static, BGP, RIP, or
OSPF routes.

Syntax Description
area_name Specifies the IS-IS router process that receives the exported
routes.
ipv4 Specifies that the redistributed routes are for use in IPv4
IS-IS routing.
route-type Selects the type of route for export. The valid route
types are: bgp, direct, e-bgp, i-bgp, ospf, ospf-extern1, ospf-
extern2, ospf-inter, ospf-intra, rip, and static.
policy Specifies a policy that controls how routes are redistributed
into IS-IS.
mvalue Specifies a metric to assign to the routes exported to IS-IS.
The range is 0 to 4261412864.

2276 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

metric-type [internal Specifies a metric type, which is internal or external, to

| external] assign to the routes exported to IS-IS.
level [1 | 2 | Limits the use of redistributed routes to level 1, level 2, or
both-1-and-2] both.

Default
All types are disabled.

Usage Guidelines
If wide metrics are enabled, redistributed routes are included in the Extended IP
Reachability TLV in LSPs. If wide metrics are not enabled, redistributed routes are
added to IP External Reachability TLV in LSPs. For policies, the nlri match attribute
is supported, and the cost, cost-type internal, permit, and deny set attributes are
supported.

Example
The following command exports RIP routes to IS-IS and assigns the internal metric type
and metric value 5 to the redistributed routes:

enable isis area areax export rip metric 5 metric-type internal

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable isis area export ipv6

enable isis area area_name export ipv6 route-type [policy | metric
mvalue] {level[1| 2 | both-1-and-2]}

Description
This command enables IPv6 route redistribution into IS-IS for direct, static, RIPng, or
OSPFv3 routes.

Switch Engine™ Command Reference Guide for version 32.7.1 2277

Syntax Description Commands

Syntax Description
area_name Specifies the IS-IS router process that receives the exported
routes.
route-type Selects the type of route for export. The valid route types
are: direct, ospfv3, ospfv3-extern1, ospfv3-extern2, ospfv3-
inter, ospfv3-intra, ripng, bgp, and static.
policy Specifies a policy that controls how routes are redistributed
into IS-IS.
mvalue Specifies a metric to assign to the routes exported to IS-IS.
The range is 0 to 4261412864.
level [1 | 2 | Limits the use of redistributed routes to level 1, level 2, or
both-1-and-2] both.

Default
All types are disabled.

Usage Guidelines
If a policy is specified, the policy is used to determine what specific routes are
redistributed into IS-IS. Otherwise, the specified metric and type are assigned to the
redistributed routes. Redistributed routes are added to the IPv6 External Reachability
TLV in LSPs. For policies, the nlri match attribute is supported, and the cost, cost-type
internal, permit, and deny set attributes are supported.

Example
The following command exports RIPng routes to IS-IS and assigns the internal metric
type and metric value 5 to the redistributed routes:

enable isis area areax export ipv6 ripng metric 5 metric-type internal

History
This command was first available in ExtremeXOS 12.1.

Support for BGP was added in ExtremeXOS 12.6.0-BGP.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable isis area originate-default

enable isis area area_name originate-default {ipv4 | ipv6}

2278 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
This command causes the specified IS-IS router process to generate the default route in
its LSPs.

Syntax Description
area_name Specifies the name of the IS-IS router process that should
generate the default route.
ipv4 Specifies that the router process should generate the
default IPv4 route.
ipv6 Specifies that the router process should generate the
default IPv6 route.

Default
IPv4: Disabled

IPv6: Disabled

Usage Guidelines
This applies to level 2 routing only. In contrast, level 1 routers compute the default route
as the nearest attached L1/L2 router. When enabled, the router process generates an
IPv4 default route unless the ipv6 option is specified. Only one level 2 router in the IS-IS
domain should be configured to originate a default route. This command has no effect
on router processes that are already enabled for default route origination or on router
processes that are level 1-only.

Example
The following command directs the IS-IS process named areax to generate the default
IPv4 route in it’s LSPs:

enable isis area areax originate-default

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 2279

enable isis area overload-bit Commands

enable isis area overload-bit

enable isis area area_name overload-bit {suppress [external | interlevel
| all]}

Description
This command enables the overload-bit feature, which signals other routers that they
are no longer permitted to use this router as a transit or forwarding node.

Syntax Description
area_name Specifies the area name of the IS-IS process for which this
feature is to be enabled.
suppress Specifies that one or all types of reachability information is
to be suppressed or excluded from LSPs.
external When included with the suppress option, this specifies that
external reachability information is to be excluded from
LSPs.
interlevel When included with the suppress option, this specifies that
interlevel reachability information is to be excluded from
LSPs.
all When included with the suppress option, this specifies
that external and interlevel reachability information is to be
excluded from LSPs.

Default
Disabled.

Usage Guidelines
When the overload bit feature is enabled, the router process still receives and processes
LSPs.

Example
The following command enables the overload bit feature for areax:

enable isis area areax overload-bit

History
This command was first available in ExtremeXOS 12.1.

2280 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable isis hello-padding

enable isis [vlan all | {vlan} vlan_name] hello-padding

Description
This command enables the padding of hello PDUs on one or all VLANs.

Syntax Description
vlan all Enables hello padding on all IS-IS VLANs.
vlan_name Specifies a single VLAN on which hello padding is enabled.

Default
Enabled.

Usage Guidelines
When hello padding is enabled, IS-IS pads hello packets to the interface MTU. This is
used among neighbors to verify that adjacencies have the same MTU configured on
either end. The disadvantage of hello padding is the price of bandwidth consumed by
larger packets.

Example
The following command enables hello padding on the SJvlan VLAN:

enable isis SJvlan hello-padding

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable isis restart-helper

enable isis restart-helper

Switch Engine™ Command Reference Guide for version 32.7.1 2281

Description Commands

Description
This command enables the IS-IS router to act as a restart helper according to draft-ietf-
isis-restart-02—Restart signaling for IS-IS.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
None.

Example
The following command enables the IS-IS restart helper:

enable isis restart-helper

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms with a Premier license as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable jumbo-frame ports

enable jumbo-frame ports [all | port_list]

Description
Enables support on the physical ports that will carry jumbo frames.

Syntax Description
all Specifies ports.
port_list Specifies one or more slots and ports.

2282 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Disabled.

Usage Guidelines
Increases performance to back-end servers or allows for VMAN 802.1Q encapsulations.

You can configure the maximum size of a jumbo frame if you want to use a different
size than the default value of 9216. Use the configure jumbo-frame-size command to
configure the size.

This setting is preserved across reboots.

Example
The following command enables jumbo frame support on a switch:
enable jumbo-frame ports all

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable l2vpn
enable l2vpn [vpls [vpls_name | all] | vpws [vpws_name | all]]

Description
Enables the specified VPLS or VPWS.

Syntax Description
vpls_nam Identifies the VPLS within the switch (character string).
e
vpws_nam Identifies the VPWS within the switch (character string).
e
all Specifies all VPLS or VPWS instances.

Default
All newly created VPLS or VPWS instances are enabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2283

Usage Guidelines Commands

Usage Guidelines
When enabled, VPLS or VPWS attempts to establish sessions between all configured
peers. Services must be configured and enabled for sessions to be established
successfully.

The l2vpn keyword is introduced in ExtremeXOS Release 12.4 and is required when
enabling a VPWS. For backward compatibility, the l2vpn keyword is optional when
enabling a VPLS. However, this keyword will be required in a future release, so we
recommend that you use this keyword for new configurations and scripts.

Example
The following command enables the VPLS instance myvpls:

enable vpls myvpls

The following command enables the VPWS instance myvpws:

enable l2vpn vpws myvpws

History
This command was first available in ExtremeXOS 11.6.

The l2vpn and vpws keywords were first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable l2vpn health-check vccv

enable l2vpn [vpls vpls_name | vpws vpws_name] health-check vccv

Description
Enables the VCCV health check feature on the specified VPLS or VPWS.

Syntax Description
vpls_name Identifies the VPLS for which health check is to be enabled.
vpws_name Identifies the VPWS for which health check is to be enabled.

Default
Health check is disabled.

2284 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Health check must be enabled on both ends of a PW to verify connectivity between
two VPLS or VPWS peers. Both VCCV peers negotiate capabilities at PW setup. A single
VCCV session monitors a single PW. Therefore, a VPLS with multiple PWs will have
multiple VCCV sessions to multiple peers.

VCCV in ExtremeXOS uses LSP ping to verify connectivity.

The l2vpn keyword was introduced in ExtremeXOS Release 12.4 and is required when
enabling health check for a VPWS instance. For backward compatibility, the l2vpn
keyword is optional when enabling health check for a VPLS instance. However, this
keyword will be required in a future release, so we recommend that you use this
keyword for new configurations and scripts.

Example
The following command enables the health check feature on the VPLS instance
myvpls:

enable l2vpn vpls myvpls health-check vccv

History
This command was first available in ExtremeXOS 12.1.

The l2vpn and vpws keywords were first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable l2vpn service

enable l2vpn [vpls [vpls_name | all] | vpws [vpws_name | all]] service

Description
Enables the configured services for the specified VPLS or VPWS.

Syntax Description
vpls_nam Identifies the VPLS within the switch (character string).
e
vpws_nam Identifies the VPWS within the switch (character string).
e
all Specifies all VPLS or VPWS instances.

Switch Engine™ Command Reference Guide for version 32.7.1 2285

Default Commands

Default
Enabled.

Usage Guidelines
When services are disabled, the VPLS or VPWS is withdrawn from all peer sessions. The
keyword all enables services for all VPLS or VPWS instances.

The l2vpn keyword was introduced in ExtremeXOS Release 12.4 and is required when
enabling services for a VPWS instance. For backward compatibility, the l2vpn keyword
is optional when enabling services for a VPLS instance. However, this keyword will be
required in a future release, so we recommend that you use this keyword for new
configurations and scripts.

Example
The following command enables the configured VPLS services for the specified VPLS
instance:

enable l2vpn vpls myvpls service

History
This command was first available in ExtremeXOS 11.6.

The l2vpn and vpws keywords were first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable l2vpn sharing

enable l2vpn sharing

Description
Enables LSP sharing for Layer 2 VPN pseudowires .

Syntax Description
This command has no keywords or arguments.

Default
Disabled.

2286 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This command enables LSP sharing for L2VPN PWs. When LSP sharing is enabled, up
to 16 named LSPs are used for a PW. When LSP sharing is disabled, only 1 named LSP is
used for a PW.

If LSP Sharing is disabled, and more than 1 Transport LSP is programmed into HW,
all but 1 Transport LSP is removed from HW, and the configuration is preserved. If
LSP Sharing is enabled, and more than 1 Transport LSP was previously configured, the
remaining LSPs is programmed into HW as they become available for use.

Example
The following command enables LSP sharing for L2VPN PWs:
enable l2vpn sharing

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable l2vpn vpls peer fdb send-mac-withdrawal

enable l2vpn vpls peer [ipaddress | all] fdb send-mac-withdrawal

Description
Enables the Layer 2 VPN MAC address withdrawal capability.

Syntax Description
l2vpn Designates L2 VPN configuration.
vpls Designates VPLS of MPLS configuration.
peer Designates VPLS peer.
ipaddress Selects the VPLS peer of the provided IP address.
all Selects all VPLS peers.
fdb Designates FDB.
send-mac-withdrawal Enables sending the MAC address withdrawal message.

Default
Enabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2287

Usage Guidelines Commands

Usage Guidelines
Use this command to enable FDB MAC withdrawal after it has been disabled.

Example
The following command enables MAC address withdrawal message for all VPLS peers:
# enable l2vpn vpls peer all fdb send-mac-withdrawal

History
This command was first available in ExtremeXOS 12.1.

The l2vpn keyword was added in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable learning iparp sender-mac

enable learning iparp {request | reply | both-request-and-reply} {vr
vr_name} sender-mac

Description
Enables MAC address learning from the payload of IP ARP packets.

Syntax Description
request Enables learning only for IP ARP request packets.
reply Enables learning only for IP ARP reply packets.
both-request-and- Enables learning for both request and reply packets.
reply
vr_name Specifies a virtual router.

Default
Disabled.

Usage Guidelines
To view the configuration for this feature, use the following command: show iparp

2288 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command enables MAC address learning from the payload of reply IP
ARP packets:
enable learning iparp reply sender-mac

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

enable learning port

enable learning {drop-packets} ports [all | port_list]

Description
Enables MAC address learning on one or more ports.

Syntax Description
drop-packets Forwards EDP packets, and drops all unicast, multicast,
and broadcast packets from a source address not in the
FDB. No further processing occurs for dropped packets.
all Specifies all ports.
port_list Specifies one or more ports or slots and ports.

Default
Enabled.

Usage Guidelines
Use this command to enable MAC address learning on one or more ports.

Example
The following example enables MAC address learning on ports 7 and 8 on a switch:
enable learning ports 7-8

History
This command was first available in ExtremeXOS 10.1.

Switch Engine™ Command Reference Guide for version 32.7.1 2289

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

enable led locator

enable led locator {timeout [seconds | none]} {pattern [alternating |
flash-all | high-to-low | scanner]} {slot [ slot | all ]}

Description
Configures the front panel LEDs to flash so a switch can be easily located in a crowded
lab/data center.

Syntax Description
timeout Limit the LED display time to seconds before returning to
normal operation.
seconds The length of time to display the flashing LEDs. The default
is 300 seconds. The maximum value is 1 week (604800
seconds).
none Display LED pattern until disabled.
pattern Configures the LED display pattern.
alternating Groups of LEDs are lit in alternating patterns (Default).
flash-all All LEDs flash on and off.
high-to-low LED's are lit in descending port order.
scanner A group of 4 LED's is lit back and forth.
slot slot Slot number.
all All slots.

Default
The default timeout length is 300 seconds.

The default pattern is alternating.

Usage Guidelines
Use this command to enable the front panel LEDs to flash so that a switch can be easily
located in a crowded lab, or data center.

Bridge Port Extenders (BPEs)

The LED locator service works for both directly attached and cascaded bridge port
extenders (BPEs). Only the default LED pattern of alternating is supported by the BPEs.
This causes alternating flashing of groups of 8 port LEDs.

2290 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following example enables the front panel LEDs to flash in an alternating pattern
for one hour on all slots:
enable led locator timeout 3600 pattern alternating all

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable license
enable license {software} [key ]

Description
Enables software license or feature pack that allows you to use advanced features.

Syntax Description
software Applies base license.
key Specifies your hexadecimal license key in format xxxx-xxxx-
xxxx-xxxx-xxxx (10 hex digits) or xxxx-xxxx-xxxx-xxxx-xxxx-
xxxx-xxxx (14 hex digits).

Default
N/A.

Usage Guidelines
The software license levels that apply to ExtremeXOS software are described in the
Switch Engine 32.7.1 Feature License Requirements document.

To obtain a software license, specify the key in the format xxxx-xxxx-xxxx-xxxx-xxxx.

You obtain the software license key (or feature pack key) either by ordering it from the
factory or by obtaining a license voucher from your Extreme Networks supplier. You can
obtain a regular software license or a trial software license, which allows you use of the
license for either 30, 60 or 90 days; you cannot downgrade software licenses.

The voucher contains all the necessary information on the software license, whether
regular or trial, and number of days for trial software license.

Switch Engine™ Command Reference Guide for version 32.7.1 2291

Usage Guidelines Commands

After you enable the software license or feature pack by entering the software key, the
system returns a message that you either successfully or unsuccessfully set the license.

Once you enable the software license (or if you do not use the correct key, attempt
to downgrade the license, or already installed the software license) you see one of the
following messages:
Enabled license successfully. Error: Unable to set license using supplied key. Error:
Unable to set license - downgrade of licenses is not supported. Error: Unable to set
license - license is already enabled. Error: Unable to set license - trial license already
enabled.

If you enable a trial license, the system generates a daily message showing the number
of days until expiry.

If you attempt to execute a command and you do not either have the required software
license or have reached the limits defined by the current software license level, the
system returns one of the following messages:
Error: This command cannot be executed at the current license level. Error: You have
reached the maximum limit for this feature at this license level.

If you attempt to execute a command and you do not have the required feature pack,
the system also returns a message.

To protect against attacks to install maliciously created license keys, the system has an
exponential delay of each failed attempt to install a license.

To view the type of software license you are currently running on the switch, use the
show licenses command. The license key number is not displayed, but the type of
software license is displayed in the show licenses output. This command can be run
on any node in a SummitStack, regardless of its node role (master, standby, or backup).

Messages for different scenarios:

• Key format is incorrect:
"Error: Incorrect key format."

• Attempted to apply Switch Port Speed License to another switch model:

Error: Unable to set license - platform incompatible with license.

• Attempted to apply Switch Port Speed License beyond number of ports available on
switch:
Error: Unable to set license - platform only supports ports in range 1 to <max for
platform>.

• EEPROM Read/Write failure for Switch Port Speed License:

Error: Unable to set license. Read from EEPROM failed.

• Attempted to apply Switch Port Speed License when it is already applied:

Error: Unable to set license - license is already enabled.

• Attempted to apply Switch Port Speed License license for fewer ports groups than
is currently enabled. You cannot downgrade the license this way. However, you can
remove the license using the clear license command, and then apply a license
enabling fewer port groups:
Error: Unable to set license - downgrade of port speed license not supported.
<num_ports> ports already licensed. Current license can be cleared via 'clear license-
info port-speed'.

• EEPROM Read/Write failure for Switch Port Speed License:

2292 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Error: Unable to set license - write to EEPROM failed.

Example
The following command enables a software license on the switch:
enable license 2d5e-0e84-e87d-c3fe-bfff
Warning: A reboot switch or disable and enable slot 3 is required before the new license
takes effect.

History
This command was first available in ExtremeXOS 11.1.

The software parameter was added in ExtremeXOS 11.6.

The capacity-key variable was added in ExtremeXOS 15.4.

The capacity-key variable was removed in ExtremeXOS 22.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable license file

enable license file filename

Description
Enables the text file that applies software licenses and feature packs licenses to more
than one switch at a time.

Syntax Description
filename Specifies the file name that you download onto the switch
using TFTP; the file extension is .xlic.

Default
N/A.

Usage Guidelines
You download the license file to the switch using TFTP or SCP. The file name extension
for this file is xlic; for example, you may see a file named systemlic.xlic.

Using this file, you enable the software and feature pack licenses for more than one
switch simultaneously. The file can contain licenses for some or all of the Extreme

Switch Engine™ Command Reference Guide for version 32.7.1 2293

Example Commands

Networks switches that the customer owns. During upload, only those license keys
destined for the specific switch are used to attempt enabling the licenses. The license
file is a text file that has the switch serial number, software license type, and license key;
it is removed from the switch after the licenses are enabled.

After you enable the license file, the system returns one or more of the following
messages:
Enabled license successfully. Error: Unable to set license
<license_name> using supplied key. Error: Unable to set license
<license_name> - downgrade of licenses is not supported. Error: Unable
to set license <license_name> - license is already enabled. Error:
Unable to set license <license_name> - trial license already enabled.

To protect against attacks to install maliciously created license keys, the system has an
exponential delay of each failed attempt to install a license.

Example
The following command enables a license file on the specified Extreme Networks
switches:

enable license file santaclara.xlic

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

enable lldp ports

enable lldp ports [all | port_list] {receive-only | transmit-only}

Description
Enables LLDP transmit mode, receive mode, or transmit and receive mode. If the
transmit-only or receive-only option is not specified, both transmit and receive modes
are enabled.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.
receive-only Specifies that the port only receives LLDP messages.
transmit-only Specifies that the port only transmits LLDP messages.

2294 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Enabled.

Usage Guidelines
If you do not specify an option, the port is enabled to both transmit and receive LLDP
messages.

Once the port is enabled for LLDP in one mode and you issue another enable lldp
ports command for another mode, that second mode replaces the original mode.
For example, you might originally enable several ports to only receive LLDP messages
and then want those ports to both receive and transmit LLDP messages. In that case,
you issue the enable lldp ports command with no variables (and the receive-and-
transmit mode replaces the receive-only mode).

To verify the port setting for LLDP, use the show lldp {port [all |port_list]}
{detailed} command.

Example
The following example enables LLDP transmit and receive mode on port 1:4.

enable lldp port 1:4

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable log debug-mode

enable log debug-mode

Description
Enables debug mode. The switch generates debug events.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2295

Usage Guidelines Commands

Usage Guidelines
This command enables debug mode. Debug mode must be enabled prior
to configuring advanced debugging capabilities. These include allowing debug
messages, which can severely degrade performance. For typical network device
monitoring, debug mode should remain disabled, the default setting. Debug mode
should only be enabled when advised by technical support, or when advanced
diagnosis is required. The debug mode setting is saved to FLASH.

The following configuration options require that debug mode be enabled:

• Including a severity of debug-summary, debug-verbose, or debug-data when
configuring filters.
• Target format options process-name, process-id, source-function, and source-line.

Example
The following command enables debug mode:

enable log debug-mode

When you enable debug mode, the following message appears:

WARNING: Debug mode should only be enabled when advised by technical
support, or when advanced diagnosis is required. Performance degradation
is possible. Debug mode now enabled.

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable log display

enable log display

Description
Enables a running real-time display of log messages on the console display. In a stack,
this command is applicable only to Master and Backup nodes. You cannot run this
command on standby nodes.

Syntax Description
This command has no arguments or variables.

2296 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Disabled.

Usage Guidelines
If you enable the log display on a terminal connected to the console port, your settings
will remain in effect even after your console session is ended (unless you explicitly
disable the log display).

You configure the messages displayed in the log using the configure log display, or
configure log target console-display commands.

You can also use this command to control logging to different targets. This command is
equivalent to enable log target console-display command.

To change the log filter association, severity threshold, or match expression for
messages sent to the console display, use the configure log target console-display
command

Example
The following command enables a real-time display of log messages:
enable log display

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable log target

enable log target [console | memory-buffer | nvram | primary-
node|backup-node| session | syslog [all | ipaddress udp-port
{udp_port} | ipPort | ipaddress tls_port {tls_port}] {vr vr_name}
{local0...local7}]]

Description
Starts sending log messages to the specified target.

Syntax Description
console Specifies the console display.
memory-buffer Specifies the switch memory buffer.

Switch Engine™ Command Reference Guide for version 32.7.1 2297

Default Commands

nvram Specifies the switch NVRAM.

primary-node Specifies the primary node of a stack.
backup-node Specifies the backup node of a stack.
session Specifies the current session (including console display).
syslog Specifies a syslog target.
all Specifies all of the remote syslog servers.
ipaddress Specifies the syslog IP address.
ipPort Specifies the UDP port number for the syslog target.
tls_port Specifies remote Syslog server Transport Layer Security
(TLS) for connection type.
tls_port TLS port number.
vr_name Specifies the virtual router that can reach the server IP
address.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

local0 ... local7 Specifies the local syslog facility.

Default
Enabled, for memory buffer and NVRAM; all other targets are disabled by default.

Usage Guidelines
This command starts sending messages to the specified target. By default, the
memory-buffer, NVRAM, primary node, and backup node targets are enabled. Other
targets must be enabled before messages are sent to those targets.

Configuration changes to the session target are in effect only for the duration of the
console display or Telnet session, and are not saved in FLASH. Others are saved in
FLASH.

You can also use the following command to enable displaying the log on the console:
enable log display

This command is equivalent to the enable log target console-display command.

Example
The following example enables log messages on the current session:
enable log target session

2298 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 10.1.

The ipPort parameter was first available in ExtremeXOS 11.0.

The udp-port parameter was added in ExtremeXOS 21.1.

Transport Layer Security (TLS) option added in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable log target upm

enable log target upm {upm_profile_name}

Description
Enables the specified UPM log target.

Syntax Description
upm_profile_name Specifies the name of the UPM log target to be enabled.

Default
N/A.

Usage Guidelines
UPM log targets are disabled when they are created.

Example
The following command enables the UPM log target testprofile1:

enable log target upm testprofile1

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and

Switch Engine™ Command Reference Guide for version 32.7.1 2299

enable log target xml-notification Commands

upgrade your license and which licenses support the Universal Port feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

enable log target xml-notification

enable log target xml-notification xml_target_name

Description
Enables a Web server target.

Syntax Description
xml_target_name Specifies the name of the xml-notification target.

Default
N/A.

Usage Guidelines
Use this command to enable a web server target for EMS.

Example
The following command enables the web server target target2:
enable log target xml-notification target2

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

enable loopback-mode vlan

enable loopback-mode vlan [vlan_name | vlan_list]

Description
Allows a VLAN to be placed in the UP state without an external active port. This allows
(disallows) the VLANs routing interface to become active.

2300 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan_name Specifies a VLAN name.
vlan_list Specifies a VLAN list of IDs.

Default
N/A.

Usage Guidelines
Use this command to specify a stable interface as a source interface for routing
protocols. This decreases the possibility of route flapping, which can disrupt
connectivity.

Example
The following example allows the VLAN "accounting" to be placed in the UP state
without an external active port:
enable loopback-mode vlan accounting

History
This command was first available in ExtremeXOS 10.1.

The vlan_list option was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable mac-lockdown-timeout ports

enable mac-lockdown-timeout ports [all | port_list]

Description
Enables the MAC address lock down timeout feature for the specified port or group of
ports or for all ports on the switch.

Syntax Description
all Specifies all ports.
port_list Specifies one or more ports or slots and ports.

Switch Engine™ Command Reference Guide for version 32.7.1 2301

Default Commands

Default
By default, the MAC address lock down timeout feature is disabled.

Usage Guidelines
You cannot enable the MAC lock down timer on a port that also has the lock learning
feature enabled.

Example
The following command enables the MAC address lock down timeout feature for ports
2:3, 2:4, and 2:6:

enable mac-lockdown-timeout ports 2:3, 2:4, 2:6

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

enable mac-locking ports

enable mac-locking ports [port_list | all]

Description
Enables MAC locking on the specified port.

Syntax Description
port_list Specifies one or more ports or slots and ports.
all Specifies all ports.

Default
MAC locking is disabled by default.

Usage Guidelines
To enable MAC locking on a specific port, you must enable MAC locking on the switch
and on the port. Use the enable mac-locking command to enable MAC locking on the
switch.

2302 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

You cannot enable MAC locking on a port if limit-learning or lock-learning is configured

on the port for any VLAN.

Example
The following example enables MAC locking on port 14.
enable mac-locking ports 14

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable mac-locking
enable mac-locking

Description
Enables MAC locking globally on the switch.

Syntax Description
This command has no arguments or variables.

Default
MAC locking is disabled by default.

Usage Guidelines
To enable MAC locking on a specific port, you must enable MAC locking on the switch
and on the port. Use the enable mac-locking ports command to enable MAC
locking on a port.

Example
The following example enables MAC locking on the switch.
enable mac-locking

History
This command was first available in ExtremeXOS 15.7.1.

Switch Engine™ Command Reference Guide for version 32.7.1 2303

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

enable mirror
enable mirror mirror_name

Description
Enables a mirror instance.

Syntax Description
mirror_name Specifies the mirror name.

Default
Disabled.

Usage Guidelines
Use this command to enable a mirror instance. An instance may be enabled without
source filters defined (per current function), but no traffic will be mirrored until source
filters are added.

Example
The following example enables a mirror instance named "mirror1" :

enable mirror mirror1

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable mirror control_index

enable mirror control_index {mirror mirror_name}

Description
Enables a Mirror MIB instance or the assigned instance to an existing mirror.

2304 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
control_index Selects the Mirror MIB instance to enable. Range is 1
through 4.
mirror Designates specifying a mirror name associated within the
specified control index.
mirror_name Specifies the mirror name associated within the specified
control index.

Default
Disabled.

Usage Guidelines
Specifying a mirror name only enables that mirror within the Mirror MIB group (control
index).

Example
The following example enables Mirror MIB specified by control index "1":
# enable mirror 1

The following example enables the mirror named "m1" within the Mirror MIB specified
by control index "1":
# enable 1 mirror m1

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable mirror to port

enable mirror to [port port | port-list port_list loopback-port port]
{remote-tag tag}

Description
Dedicates a port on the switch to be the mirror output port, or the monitor port.

Switch Engine™ Command Reference Guide for version 32.7.1 2305

Syntax Description Commands

Syntax Description
port Specifies the mirror output port.
port_list Specifies the list of ports where traffic is to be mirrored.
loopback-port Specifies an otherwise unused port required when
mirroring to a port_list. The loopback-port is not
available for switching user data traffic.
port Specifies a single loopback port that is used internally to
provide this feature.
remote-tag Specifies the value of the VLAN ID used by the mirrored
packets when egressing the monitor port.

Default
Disabled.

Usage Guidelines
Port mirroring configures the switch to copy all traffic associated with one or more
ports, VLANS or virtual ports. A virtual port is a combination of a VLAN and a port. The
monitor port(s) can be connected to a network analyzer or RMON probe for packet
analysis. The switch uses a traffic filter that copies a group of traffic to the monitor port.

Up to 16 mirroring filters and up to four monitor ports can be configured on the switch.
After a port has been specified as a monitor port, it cannot be used for any other
function. Frames that contain errors are not mirrored.

You cannot run ELSM and mirroring on the same port. If you attempt to enable
mirroring on a port that is already enabled for ELSM, the switch returns a message
similar to the following:
Error: Port mirroring cannot be enabled on an ELSM enabled port.

Standalone Switches and SummitStacks

The traffic filter can be defined based on one of the following criteria:
• Physical port—All data that traverses the port, regardless of VLAN configuration, is
copied to the monitor port(s). You can specify which traffic the port mirrors:
◦ Ingress—Mirrors traffic received at the port.
◦ Egress—Mirrors traffic sent from the port.
◦ Ingress and egress—Mirrors traffic either received at the port or sent from the
port.

(If you omit the optional parameters, all traffic is forwarded; the default for port-
based mirroring is ingress and egress).
• VLAN—All data to a particular VLAN, regardless of the physical port configuration, is
copied to the monitor port.

2306 Switch Engine™ Command Reference Guide for version 32.7.1

Commands SummitStack Only

• Virtual port—All data specific to a VLAN on a specific port is copied to the monitor
port.
• ExtremeSwitching series switches support a maximum of 128 mirroring filters with
the restriction that a maximum of 16 VLAN and/or virtual port (port + VLAN) filters
may be configured.
• ExtremeXOS supports up to 16 monitor ports for one-to-many mirroring.
• Only traffic ingressing a VLAN can be monitored; you cannot specify ingressing or
egressing traffic when mirroring VLAN traffic.
• Ingress traffic is mirrored as it is received (on the wire).
• Packets which match both an ingress filter and an egress filter will result in two
packets egressing the monitor port or ports.
• In normal mirroring, a monitor port cannot be added to a load share group. In
one-to-many mirroring, a monitor port list can be added to a load share group, but a
loopback port cannot be used in a load share group.
• You can run mirroring and sFlow on the same device when you are running
ExtremeSwitching series switches.
• With a monitor port or ports on ExtremeSwitching series switches, all traffic
ingressing the monitor port or ports is tagged only if the ingress packet is tagged.
If the packet arrived at the ingress port as untagged, the packet egress the monitor
port or ports as untagged.
• Two packets are mirrored when a packet encounters both an ingress and egress
mirroring filter.
• The configuration of remote-tag does not require the creation of a VLAN with
the same tag; on these platforms the existence of a VLAN with the same tag
as a configured remote-tag is prevented. This combination is allowed so that an
intermediate remote mirroring switch can configure remote mirroring using the
same remote mirroring tag as other source switches in the network. Make sure that
VLANs meant to carry normal user traffic are not configured with a tag used for
remote mirroring.

When a VLAN is created with remote-tag, that tag is locked and a normal VLAN
cannot have that tag. The tag is unique across the switch. Similarly if you try to
create a remote-tag VLAN where remote-tag already exists in a normal VLAN as a
VLAN tag, you cannot use that tag and the VLAN creation fails.

SummitStack Only
The traffic filter can be defined based on one of the following criteria:
• Physical port—All data that traverses the port, regardless of VLAN configuration, is
copied to the monitor port(s). You can specify which traffic the port mirrors:
◦ Ingress—Mirrors traffic received at the port.
◦ Egress—Mirrors traffic sent from the port.
◦ Ingress and egress—Mirrors traffic either received at the port or sent from the
port.

Switch Engine™ Command Reference Guide for version 32.7.1 2307

SummitStack Only Commands

(If you omit the optional parameters, all traffic is forwarded; the default for port-
based mirroring is ingress and egress).
• VLAN—All data to a particular VLAN, regardless of the physical port configuration, is
copied to the monitor port.
• Virtual port—All data specific to a VLAN on a specific port is copied to the monitor
port.
• SummitStack supports a maximum of 128 mirroring filters with the restriction that a
maximum of 16 VLAN and/or virtual port (port + VLAN) filters may be configured.
• ExtremeXOS supports up to 16 monitor ports for one-to-many mirroring.
• Only traffic ingressing a VLAN can be monitored; you cannot specify ingressing or
egressing traffic when mirroring VLAN traffic.
• Ingress traffic is mirrored as it is received (on the wire).
• Two packets are mirrored when a packet encounters both an ingress and egress
mirroring filter.
• When traffic is modified by hardware on egress, egress mirrored packets may not
be transmitted out of the monitor port as they egressed the port containing the
egress mirroring filter. For example, an egress mirrored packet that undergoes VLAN
translation is mirrored with the untranslated VLAN ID. In addition, IP multicast
packets which are egress mirrored contain the source MAC address and VLAN ID
of the unmodified packet.
• You cannot include the monitor port for a SummitStack in a load-sharing group.
• You can run mirroring and sFlow on the same device when you are running a
SummitStack.
• With a monitor port or ports, the mirrored packet is tagged only if the ingress packet
is tagged (regardless of what module the ingressing port is on). If the packet arrived
at the ingress port as untagged, the packet egress the monitor port(s) as untagged.
• You may see a packet mirrored twice. This occurs only if both the ingress mirrored
port and the monitor port or ports are on the same one-half of the module and the
egress mirrored port is either on the other one-half of that module or on another
module.
• When traffic is modified by hardware on egress, egress mirrored packets may not
be transmitted out of the monitor port as they egressed the port containing the
egress mirroring filter. For example, an egress mirrored packet that undergoes VLAN
translation is mirrored with the untranslated VLAN ID. In addition, IP multicast
packets which are egress mirrored contain the source MAC address and VLAN ID
of the unmodified packet.
• The configuration of remote-tag does not require the creation of a VLAN with
the same tag; on these platforms the existence of a VLAN with the same tag
as a configured remote-tag is prevented. This combination is allowed so that an
intermediate remote mirroring switch can configure remote mirroring using the
same remote mirroring tag as other source switches in the network. Make sure that
VLANs meant to carry normal user traffic are not configured with a tag used for
remote mirroring.
• When a VLAN is created with remote-tag, that tag is locked and a normal VLAN
cannot have that tag. The tag is unique across the switch. Similarly if you try to

2308 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

create a remote-tag VLAN where remote-tag already exists in a normal VLAN as a

VLAN tag, you cannot use that tag and the VLAN creation fails.

Example
The following example selects port 4 as the mirror, or monitor, port:
# enable mirror to port 4

History
This command was added in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable mirror to remote-ip

enable mirror {mirror_name} to remote-ip remote_ip_address {{vr}
vr_name} {priority priority_value} {from [source_ip_address | auto-
source-ip]} {ping-check [on | off]}]

Description
Enables traffic to be mirrored to the specified remote IPv4 destination address
encapsulated in a GRE tunneled packet.

Syntax Description
mirror_name Specifies the mirror instance name.
remote-ip Specifies to send mirrored packets to specified destination
remote IP address.
remote_ip_address Specifies the remote destination IP address for mirrored
packets.
vr Specifies a virtual router of the remote IP address.
vr_name Specifies the virtual router name. If not specified, VR of
current command context is used.
from Configures source IP address of encapsulated mirrored
packets.
source_ip_address Specifies the local source IPv4 address for encapsulated
mirrored packets.
auto-source-ip Automatically use source IP address of egress VLAN to be
used to reach remote IP address.
ping-check Configure ping health check for remote IP address.

Switch Engine™ Command Reference Guide for version 32.7.1 2309

Default Commands

on Only send mirrored packets to remote IP address if

periodic pings to remote IP address are successful
(default).
off Send mirrored packets to remote IP address without any
ping health check, assuming MAC address and port of next
hop IP address are static or learned.
priority Configures a unique priority value for each redundant
remote IP address of a mirror instance.
priority_value Sets the unique priority value for the remote IP address.
The priority value must be unique for each remote IP
address in the mirror instance.
The range is from 1 (least preferred) to 100 (most preferred).
The default is 50.

Default
If a VR is not specified, the VR of the current command context is used.

Ping health check of the remote IP address is enabled unless otherwise specified.

The default priority value is 50.

Usage Guidelines
This command enables hardware mirroring of Ethernet frames to a specified remote
IPv4 address, which can reside zero or more router hops away. This is useful for
ExtremeAnalytics Application Telemetry or other forms of remote network analysis or
monitoring.

Port mirroring configures the switch to copy all traffic associated with one or more
ports, VLANS or virtual ports. A virtual port is a combination of a VLAN and a port. The
monitor port(s) can be connected to a network analyzer or RMON probe for packet
analysis. The switch uses a traffic filter that copies a group of traffic to the monitor port.

Up to 16 mirroring filters and up to four monitor ports can be configured on the switch.
After a port has been specified as a monitor port, it cannot be used for any other
function. Frames that contain errors are not mirrored.

You cannot run ELSM and mirroring on the same port. If you attempt to enable
mirroring on a port that is already enabled for ELSM, the switch returns a message
similar to the following:
Error: Port mirroring cannot be enabled on an ELSM enabled port.

For high availability, you can add up to four redundant remote IP addresses.
When creating a mirror with this command, you can add one IP address. To
add additional remote IP addresses, use the configure mirror mirror_name {to
[port port | port-list port_list | loopback port port] | remote-ip
{add} remote_ip_address {{vr} vr_name } {from [source_ip_address | auto-
source-ip]} {ping-check [on | off]}] {remote-tag rtag | port none}
{priority priority_value}command.

2310 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Standalone Switches and SummitStacks

Standalone Switches and SummitStacks

The traffic filter can be defined based on one of the following criteria:
• Physical port—All data that traverses the port, regardless of VLAN configuration, is
copied to the monitor port(s). You can specify which traffic the port mirrors:
◦ Ingress—Mirrors traffic received at the port.
◦ Egress—Mirrors traffic sent from the port.
◦ Ingress and egress—Mirrors traffic either received at the port or sent from the
port.

(If you omit the optional parameters, all traffic is forwarded; the default for port-
based mirroring is ingress and egress).
• VLAN—All data to a particular VLAN, regardless of the physical port configuration, is
copied to the monitor port.
• Virtual port—All data specific to a VLAN on a specific port is copied to the monitor
port.
• ExtremeSwitching series switches support a maximum of 128 mirroring filters with
the restriction that a maximum of 16 VLAN and/or virtual port (port + VLAN) filters
may be configured.
• ExtremeXOS supports up to 16 monitor ports for one-to-many mirroring.
• Only traffic ingressing a VLAN can be monitored; you cannot specify ingressing or
egressing traffic when mirroring VLAN traffic.
• Ingress traffic is mirrored as it is received (on the wire).
• Packets which match both an ingress filter and an egress filter will result in two
packets egressing the monitor port or ports.
• In normal mirroring, a monitor port cannot be added to a load share group. In
one-to-many mirroring, a monitor port list can be added to a load share group, but a
loopback port cannot be used in a load share group.
• You can run mirroring and sFlow on the same device when you are running
ExtremeSwitching series switches.
• With a monitor port or ports on ExtremeSwitching series switches, all traffic
ingressing the monitor port or ports is tagged only if the ingress packet is tagged.
If the packet arrived at the ingress port as untagged, the packet egress the monitor
port or ports as untagged.
• Two packets are mirrored when a packet encounters both an ingress and egress
mirroring filter.

SummitStack Only
The traffic filter can be defined based on one of the following criteria:
• Physical port—All data that traverses the port, regardless of VLAN configuration, is
copied to the monitor port(s). You can specify which traffic the port mirrors:
◦ Ingress—Mirrors traffic received at the port.
◦ Egress—Mirrors traffic sent from the port.
◦ Ingress and egress—Mirrors traffic either received at the port or sent from the
port.

Switch Engine™ Command Reference Guide for version 32.7.1 2311

SummitStack Only Commands

(If you omit the optional parameters, all traffic is forwarded; the default for port-
based mirroring is ingress and egress).
• VLAN—All data to a particular VLAN, regardless of the physical port configuration, is
copied to the monitor port.
• Virtual port—All data specific to a VLAN on a specific port is copied to the monitor
port.
• SummitStack supports a maximum of 128 mirroring filters with the restriction that a
maximum of 16 VLAN and/or virtual port (port + VLAN) filters may be configured.
• ExtremeXOS supports up to 16 monitor ports for one-to-many mirroring.
• Only traffic ingressing a VLAN can be monitored; you cannot specify ingressing or
egressing traffic when mirroring VLAN traffic.
• Ingress traffic is mirrored as it is received (on the wire).
• Two packets are mirrored when a packet encounters both an ingress and egress
mirroring filter.
• When traffic is modified by hardware on egress, egress mirrored packets may not
be transmitted out of the monitor port as they egressed the port containing the
egress mirroring filter. For example, an egress mirrored packet that undergoes VLAN
translation is mirrored with the untranslated VLAN ID. In addition, IP multicast
packets which are egress mirrored contain the source MAC address and VLAN ID
of the unmodified packet.
• You cannot include the monitor port for a SummitStack in a load-sharing group.
• You can run mirroring and sFlow on the same device when you are running a
SummitStack.
• With a monitor port or ports, the mirrored packet is tagged only if the ingress packet
is tagged (regardless of what module the ingressing port is on). If the packet arrived
at the ingress port as untagged, the packet egress the monitor port(s) as untagged.
• You may see a packet mirrored twice. This occurs only if both the ingress mirrored
port and the monitor port or ports are on the same one-half of the module and the
egress mirrored port is either on the other one-half of that module or on another
module.
• When traffic is modified by hardware on egress, egress mirrored packets may not
be transmitted out of the monitor port as they egressed the port containing the
egress mirroring filter. For example, an egress mirrored packet that undergoes VLAN
translation is mirrored with the untranslated VLAN ID. In addition, IP multicast
packets which are egress mirrored contain the source MAC address and VLAN ID
of the unmodified packet.
• The configuration of remote-tag does not require the creation of a VLAN with
the same tag; on these platforms the existence of a VLAN with the same tag
as a configured remote-tag is prevented. This combination is allowed so that an
intermediate remote mirroring switch can configure remote mirroring using the
same remote mirroring tag as other source switches in the network. Make sure that
VLANs meant to carry normal user traffic are not configured with a tag used for
remote mirroring.
• When a VLAN is created with remote-tag, that tag is locked and a normal VLAN
cannot have that tag. The tag is unique across the switch. Similarly if you try to

2312 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

create a remote-tag VLAN where remote-tag already exists in a normal VLAN as a

VLAN tag, you cannot use that tag and the VLAN creation fails.

Example
The following example enables a mirroring instance named "analytics_chicago_1" to
mirror packets to the remote IP address 1.2.3.4 with ping health check (default
behavior) being performed on the remote IP address:
enable mirror analytics_chicago_1 to remote-ip 1.2.3.4

The following example enables a mirroring instance named "analytics_seattle_2" to

mirror packets to the remote IP address 5.6.7.8 from the source IP address 10.1.1.1
without ping health check being performed on the remote IP address:
enable mirror analytics_seattle_2 to remote-ip 5.6.7.8 from 10.1.1.1 ping-check off

History
This command was first available in ExtremeXOS 22.4.

Redundant remote IP addresses capability was added in ExtremeXOS 30.4.

Platform Availability
This command is available on all Universal switches supported in this document.

enable mlag port peer id

enable mlag port port peer peer_name id identifier

Description
Binds a local port or LAG to an .

Syntax Description
port Specifies a local member port of the MLAG group.
peer_name Specifies an alpha numeric string identifying the MLAG
peer.
identifier Specifies a unique MLAG identifier value. The range is 1 to
65000.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 2313

Usage Guidelines Commands

Usage Guidelines
Use this command to bind a local port or LAG to an MLAG that is uniquely identified by
the MLAG ID value. The MLAG ID can be any number from 1 to 65000.

The specified port number may be a single port or the master port of a load sharing
group but may not be a load sharing member port. If it is, a message similar to the
following is displayed:
ERROR: Port 2 is a member of a load share group. Use the load share
master port (10) instead.

A port can be part of only one MLAG, If you try to add it to another MLAG, a message
similar to the following is displayed:
ERROR: Port 2 is already part of an MLAG Id 101

Once the MLAG group binding is made, any change to load sharing on MLAG ports is
disallowed.

The MLAG peer must exist or the command will fail.

Example
The following command binds the local member port 2 to the peer switch
switch101with an identifier of 101:
# enable mlag port 2 peer switch101 id 101

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

enable mlag port reload-delay

enable mlag port reload-delay

Description
This command enables reload-delay on Multi-switch Link Aggregation Group (MLAG)
ports.

Syntax Description
This command has no arguments or variables.

2314 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
MLAG reload-delay is disabled by default.

Usage Guidelines
There are cases where MLAG ports comes up quicker than ISC ports after a switch
reboot causing traffic loss during this time gap. After using the configure mlag ports
reload-delay on page 902 command to configure a time delay for MLAG ports that
provides enough time for ISC ports/neighborship of other Layer 3 protocols to come up,
you have to issue this command to enable the timer.

Example
The following example enables the MLAG reload-delay timer:
# enable mlag port reload-delay

History
This command was first available in ExtremeXOS 22.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable mld
enable mld {vlan vlan_name {MLDv1 | MLDv2} }

Description
Enables MLD on a router interface. If no VLAN is specified, MLD is enabled on all router
interfaces.

Syntax Description
vlan_name Specifies a VLAN name.
MLDv1 Sets the compatibility mode to MLDv1.
MLDv2 Sets the compatibility mode to MLDv2.

Default
Disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2315

Usage Guidelines Commands

Usage Guidelines
MLD is a protocol used by an IPv6 host to register its IPv6 multicast group membership
with a router. Periodically, the router queries the multicast group to see if the group
is still in use. If the group is still active, IPv6 hosts respond to the query, and group
registration is maintained.

MLD is disabled by default on the switch. However, the switch can be configured to
enable the generation and processing of MLD packets. If compatibility mode is not
specified in the command, MLDv1 compatibility mode is set.

A VLAN must have an IPv6 address to support MLD.

Example
The following example enables MLDv1 on the VLAN accounting:
enable mld vlan accounting

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

enable mld snooping

enable mld snooping {{vlan} vlan_name}

Description
Enables MLD snooping on the switch.

Syntax Description
vlan_name Specifies a VLAN.

Default
Disabled.

Usage Guidelines
If a VLAN is specified, MLD snooping is enabled only on that VLAN, otherwise MLD
snooping is enabled on all VLANs.

2316 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

A VLAN must have an IPv6 address to support MLD.

Example
The following command enables MLD snooping on the switch:
enable mld snooping

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

enable mld snooping with-proxy

enable mld snooping with-proxy

Description
Enables the MLD snooping proxy.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
Enabling the proxy allows the switch to suppress the duplicate join requests on a group
to forward to the connected Layer 3 switch. The proxy also suppresses unnecessary
MLD leave messages so that they are forwarded only when the last member leaves the
group.

This command can be used for troubleshooting purpose. It should be enabled for
normal network operation. The command does not alter the snooping setting.

Example
The following command enables the MLD snooping proxy:
enable mld snooping with-proxy

Switch Engine™ Command Reference Guide for version 32.7.1 2317

History Commands

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

enable mld ssm-map

enable mld ssm-map {{vr} vr_name}

Description
Enables MLD SSM mapping on a virtual router (VR).

Syntax Description
vr vr_name Specifies a virtual router name.

Default
Disabled.

Usage Guidelines
Use this command to enable MLD SSM mapping on a VR.

Configure the SSM address range using the configure pim ipv6 ssm range
[default | {policy} policy_name] command before you enable SSM Mapping.

Example
The following example enables SSM mapping on VR1:
enable mld ssm-map vr vr1

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

2318 Switch Engine™ Command Reference Guide for version 32.7.1

Commands enable mpls

enable mpls
enable mpls

Description
Enables MPLS on the switch.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Enabling MPLS allows MPLS processing to begin for any enabled MPLS protocols
(RSVP-TE and/or LDP).

While MPLS is transitioning to the enabled state, only the MPLS show commands are
accepted.

Before you can enable MPLS on a SummitStack, the stack must meet the following
requirements:
• Each stack switch must meet the software and hardware requirements listed in the
Switch Engine 32.7.1 Feature License Requirements document.
• You must configure the enhanced stacking protocol on each ExtremeSwitching
series switch.

Note
When MPLS is enabled on a stack, you can only add MPLS-compatible
switches to the stack.

Example
The following command globally enables MPLS on the switch:
enable mpls

History
This command was first available in ExtremeXOS 11.6.

Switch Engine™ Command Reference Guide for version 32.7.1 2319

Platform Availability Commands

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable mpls bfd

enable mpls bfd [{vlan} vlan_name | vlan all]

Description
Enables the Bidirectional Forwarding Detection (BFD) client for MPLS on the specified
VLAN or all VLANs.

Syntax Description
vlan_name Specifies the VLAN on which to enable the MPLS BFD
client.
vlan all Enables the MPLS BFD client on all VLANs.

Default
Disabled.

Usage Guidelines
This command causes MPLS to request a BFD session to each next-hop peer reachable
through the named interface. BFD sessions are triggered by the establishment of an
LSP over the interface. If this command is issued after LSPs are established, then the list
of active LSPs is searched for next-hop peers associated with the named interface, and
a BFD session is requested for each neighbor which does not already have a session.
This command also instructs MPLS to begin to consider BFD neighbor session state
updates as part of the effective interface link state reported to the MPLS upper layer
protocols.

Note
BFD must be enabled on the interface before sessions can be established. To
enable BFD, use the command: [enable | disable] bfd vlan vlan_name .

Example
The following command enables the MPLS BFD client on VLAN vlan1:

enable mpls bfd vlan1

History
This command was first available in ExtremeXOS 12.4.

2320 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable mpls exp examination

enable mpls exp examination

Description
Enables assigning an MPLS packet to a QoS profile based on the MPLS packet’s EXP
value.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command enables assigning an MPLS packet to a QoS profile based on the MPLS
packet's EXP value. The EXP values to QoS profile mappings are configured using the
configure mpls exp examination command.

When disabled, all received MPLS packets are assigned to QoS profile qp1.

Example
The following command enables assignment of an MPLS packet to a QoS profile based
on the MPLS packet’s EXP value:

enable mpls exp examination

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 2321

enable mpls exp replacement Commands

enable mpls exp replacement

enable mpls exp replacement

Description
Enables setting an MPLS packet's EXP value based on the packet's QoS profile.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command enables setting an MPLS packet's EXP value based on the packet's QoS
profile. The QoS profiles to EXP value mappings are configured using the configure
mpls exp replacement command.

When disabled, all MPLS packets are transmitted with an EXP value of zero.

Example
The following command enables the setting of an MPLS packet's EXP value based on
the packet's QoS profile:
enable mpls exp replacement

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable mpls ldp bgp-routes

enable mpls ldp bgp-routes

Description
Enables LDP to use IP prefixes learned from BGP when establishing LDP LSPs.

2322 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
This command allows LDP to use routes learned via BGP when establishing LDP LSPs.
Because each established LSP consumes internal resources, it is recommended that
this setting be used only in BGP environments where the number of BGP routes is
controlled.

When disabled, LDP does not establish LSPs to routes learned via BGP, thus reducing
the internal resources used by LDP. Note that MPLS LSPs can still be used to transport
packets to routes learned via BGP through the use of the enable bgp mpls-next-hop
command.

Example
The following command enables the use of BGP routes by LDP:
enable mpls ldp bgp-routes

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable mpls ldp loop-detection

enable mpls ldp loop-detection

Description
Enables LDP loop detection on the switch.

Syntax Description
This command has no arguments or variables.

Switch Engine™ Command Reference Guide for version 32.7.1 2323

Default Commands

Default
Disabled.

Usage Guidelines
Loop detection provides a mechanism for finding looping LSPs and for preventing
Label Request messages from looping in the presence of non-merge capable LSRs. The
mechanism makes use of Path Vector and Hop Count TLVs carried by Label Request
and Label Mapping messages.

Example
The following command globally enables LDP loop detection on the switch:
enable mpls ldp loop-detection

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable mpls ldp

enable mpls ldp [{vlan} vlan_name | vlan all]

Description
Enables LDP for the specified MPLS configured VLANs.

Syntax Description
vlan Enables LDP for one or more specific VLANs.
vlan_name Enables LDP on the specified VLAN.
vlan all Enables LDP for all VLANs that have been added to MPLS.

Default
Disabled.

Usage Guidelines
When LDP is enabled, LDP attempts to establish peer sessions with neighboring
routers on the enabled VLAN. Once a peer session is established, LDP advertises labels

2324 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

for local IP interfaces and for routes learned from other neighboring routers. By default,
LDP is disabled for all VLANs that have been added to MPLS. Specifying the optional
all keyword enables LDP for all MPLS configured VLANs.

Example
The following command enables LDP for all VLANs that have been added to MPLS:

enable mpls ldp vlan all

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable mpls php

When enabled, PHP is requested on all LSPs advertised over that VLAN for which
the switch is the egress LSR.
enable mpls php [{vlan} vlan_name | vlan all]

Description
Enables penultimate hop popping (PHP) on the specified VLAN.

Syntax Description
vlan Enables PHP for one or more specific VLANs.
vlan_name Enables PHP on the specified VLAN.
vlan all Enables PHP for all VLANs that have been added to MPLS.

Default
Disabled.

Usage Guidelines
Penultimate hop popping is requested by assigning the Implicit Null Label in an
advertised mapping. Extreme's MPLS implementation always performs penultimate
hop popping when requested to do so by a peer LSR. When the all VLANs option is
selected, PHP is enabled on all configured VLANs that have been added to MPLS.

Switch Engine™ Command Reference Guide for version 32.7.1 2325

Example Commands

Example
The following command enables penultimate hop popping (PHP) on the specified
VLAN:

enable mpls php vlan vlan1

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable mpls protocol ldp

enable mpls protocol ldp

Description
Enables LDP for the switch.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
When LDP is enabled, LDP attempts to establish peer sessions with neighboring
routers on VLAN interfaces where LDP has been enabled . Once a peer session is
established, LDP can advertise labels for local IP interfaces and for routes learned from
other neighboring routers. While LDP is transitioning to the enabled state, only the
MPLS show commands are accepted.

Note that the LDP protocol must be enabled to establish VPLS pseudo-wires even if the
transport LSPs are being established using RSVP-TE.

Example
The following command globally enables LDP on the switch:

enable mpls protocol ldp

2326 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable mpls protocol rsvp-te

enable mpls protocol rsvp-te

Description
Enables RSVP-TE for the switch.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
When RSVP-TE is enabled, configured LSPs begin the process of TE LSP establishment
and VLAN interfaces that have RSVP-TE enabled begin processing RSVP path/reserve
messages. By default, RSVP-TE is disabled. While RSVP-TE is transitioning to the
enabled state, only the MPLS show commands are accepted.

Example
The following command globally enables RSVP-TE on the switch:
enable mpls protocol rsvp-te

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 2327

enable mpls rsvp-te bundle-message Commands

enable mpls rsvp-te bundle-message

enable mpls rsvp-te bundle-message [{vlan} vlan_name | vlan all]

Description
Enables the bundling of RSVP-TE messages for the specified VLAN interface.

Syntax Description
vlan Specifies that message-bundling is to be enabled on one
or more VLAN interfaces.
vlan_name Identifies a VLAN interface for which message bundling is
to be enabled.
vlan all Specifies that message bundling is to be enabled on all
VLANs that have been added to MPLS.

Default
Disabled.

Usage Guidelines
Enabling message bundling can improve control plane scalability by allowing the
switch to bundle multiple RSVP-TE messages into a single PDU. Not all devices support
bundled messages. If the switch determines that a peer LSR, connected to a specific
interface, does not support message bundling, the switch reverts to sending separate
PDUs for each message on that interface. By default, message bundling is disabled.
Specifying the all keyword enables message bundling on all MPLS-configured VLANs.

Example
The following command enables message bundling on the specified VLAN:

enable mpls rsvp-te bundle-message vlan vlan_1

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

2328 Switch Engine™ Command Reference Guide for version 32.7.1

Commands enable mpls rsvp-te fast-reroute

enable mpls rsvp-te fast-reroute

enable mpls rsvp-te fast-reroute

Description
Enables the MPLS RSVP-TE fast reroute (FRR) protection feature.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
You can configure FRR LSPs only when FRR is enabled on the LSR. Enabling FRR
protection on the LSR automatically enables the point-of-local-repair and merge-point
capabilities on the LSR. FRR should be enabled on all LSRs along each FRR LSP path.

Example
The following command enables FRR protection on the local switch:
enable mpls rsvp-te fast-reroute

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable mpls rsvp-te lsp

enable mpls rsvp-te lsp [lsp_name | all]

Description
Enables one or more RSVP-TE LSPs.

Switch Engine™ Command Reference Guide for version 32.7.1 2329

Syntax Description Commands

Syntax Description
lsp_name Specifies the ingress LSP within the switch to be enabled.
all Enables all RSVP-TE configured ingress LSPs.

Default
Enabled.

Usage Guidelines
When an RSVP-TE LSP is enabled, the switch attempts to set up the LSP by signaling
the destination by sending a path message using the assigned path and profile. By
default, all newly created LSPs are enabled and can become active when the LSP has
been configured. Note that an LSP must be configured with at least one path before it
can be signaled.

Example
The following command enables all RSVP-TE-configured LSPs:
enable mpls rsvp-te lsp all

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable mpls rsvp-te summary-refresh

enable mpls rsvp-te summary-refresh [{vlan} vlan_name | vlan all]

Description
Enables the sending of summary refresh messages, instead of path messages, to
refresh RSVP-TE path state for the specified VLAN interface.

2330 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vlan Specifies that summary refresh messages are to refresh
the RSVP-TE path state on one or more VLAN interfaces.
vlan_name Identifies a VLAN interface on which RSVP-TE summary
refresh messages are to refresh the RSVP-TE path state.
vlan all Specifies that summary refresh messages are to refresh
the RSVP-TE path state on all VLANs that have been added
to MPLS.

Default
Disabled.

Usage Guidelines
Enabling summary refresh can improve control plane scalability by refreshing multiple
LSPs in a single message. Not all devices support summary refresh. If the switch
determines that a peer LSR, connected to a specific interface, does not support
summary refresh, the switch reverts to using path messages on that interface. By
default, summary refresh is disabled. Specifying the all keyword enables summary
refresh on all MPLS-configured VLANs.

Example
The following command enables summary refresh on the specified VLAN:

enable mpls rsvp-te summary-refresh vlan vlan_1

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable mpls rsvp-te

enable mpls rsvp-te [{vlan} vlan_name | vlan all]

Description
Enables RSVP-TE for the specified MPLS-configured VLAN.

Switch Engine™ Command Reference Guide for version 32.7.1 2331

Syntax Description Commands

Syntax Description
vlan Specifies that RSVP-TE is to be enabled on one or more
VLANs.
vlan_name Identifies a specific VLAN on which RSVP-TE is to be
enabled.
vlan all Enables RSVP-TE on all VLANS that have been added to
MPLS.

Default
Disabled.

Usage Guidelines
When RSVP-TE is enabled, TE LSP establishment for configured LSPs begins and the
processing of RSVP path/reserve messages from peer LSRs is permitted. By default,
RSVP-TE is disabled for all MPLS-configured VLANs. Specifying the optional all keyword
enables RSVP-TE for all VLANs that have been added to MPLS.

Example
The following command enables RSVP-TE on the specified VLAN:

enable mpls rsvp-te vlan vlan_1

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable mpls static lsp

enable mpls static lsp {lsp_name | all }

Description
Administratively enables one or all static LSPs.

Syntax Description
lsp_name Identifies the LSP to be enabled.
all Specifies that all static LSPs on this LSR are to be enabled.

2332 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
On executing this command, the software tries to activate the static LSP by
programming the LSP in hardware. Static LSPs are not enabled by default. You need to
explicitly enable LSPs after the ingress and egress segments have been configured.

Example
The following command enables a static LSP:

enable mpls static lsp lsp598

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.ture-link-in-22.1"/>

enable mpls vlan

enable mpls [{vlan}vlan_name|vlan all]

Description
Enables the MPLS interface for the specified VLAN.

Syntax Description
vlan Enables an MPLS interface for one or more specific VLANs.
vlan_name Enables an MPLS interface on the specified VLAN.
vlan all Enables an MPLS interface for all VLANs that have been
added to MPLS.

Default
Disabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2333

Example Commands

Example
The following command enables an MPLS interface for the specified VLAN:

enable mpls vlan vlan-nyc

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable msdp data-encapsulation

enable msdp data-encapsulation {vr vrname}

Description
Enables the encapsulation of locally originated SA messages with multicast data (if
available).

Syntax Description
vrname Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current CLI
context.

Default
By default, multicast data packet encapsulation is enabled for locally originated SA
messages. Multicast data packets with a packet size of up to 8 KB are encapsulated in
SA messages.

Usage Guidelines
Enable data encapsulation to handle bursty sources.

Example
The following command enables multicast data packet encapsulation:
enable msdp data-encapsulation

History
This command was first available in ExtremeXOS 12.0.

2334 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.opic/ph "/>

enable msdp export local-sa

enable msdp export local-sa {export-filter filter-name} {vr vrname}

Description
Enables the advertisement of local sources to groups for which the router is an RP.

Syntax Description
filter-name Specifies the policy to associate with the export of local sources. No
policy is specified by default.
vrname Specifies the name of the virtual router to which this command
applies. If a name is not specified, it is extracted from the current CLI
context.

Default
By default, the export of local sources is enabled. All sources are advertised if the router
is an RP for the groups.

Usage Guidelines
You can create a policy to filter out some of the local sources so that they are not
advertised to MSDP peers and exposed to the external multicast domain. To configure
an export filter, you must first disable the export of local sources (with the disable
msdp export local-sa command), and then re-enable it with an export filter (with the
enable msdp export local-sa export-filter command).

You can use the following policy attributes in an export policy. All other attributes are
ignored.
• Match:
◦ multicast-group
◦ multicast-source
◦ pim-rp
• Set:
◦ permit
◦ deny

Switch Engine™ Command Reference Guide for version 32.7.1 2335

Example Commands

Please note that the syntax for “multicast-group”, “multicast-source,” and “pim-rp” are
the same as for the “nlri” policy attribute.
[multicast-group | multicast-source | pim-rp] [ipaddress | any]/mask-length> {exact}
[multicast-group | multicast-source | pim-rp] [ipaddress | any] mask mask {exact}

An example of an MSDP policy file follows:

entry allow_internal_rp {
if match any {
multicast-group 234.67.89.0/24;
multicast-source 23.123.45.0/24;
pim-rp 10.203.134.5/32;
} then {
permit;
}
}
entry deny_local_group239 {
if match any {
multicast-group 239.0.0.0/8;
multicast-source 23.123.45.0/24;
} then {
deny;
}
}
entry allow_external_rp_172 {
if {
multicast-group 234.172.0.0/16;
} then {
permit
}
}
# deny remaining entries

Example
The following command enables the advertisement of local sources:
nable msdp export local-sa

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable msdp peer

enable msdp [{peer} remoteaddr | peer all] {vr vr_name}

2336 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Configures the administrative state of an MSDP peer.

Syntax Description
all Enables all MSDP peers.
remoteaddr Specifies the IP address of the MSDP peer to configure.
vr_name Specifies the name of the virtual router to which this
command applies. If a name is not specified, it is extracted
from the current CLI context.

Default
By default, MSDP peers are disabled.

Usage Guidelines
You must use this command to administratively enable the MSDP peers before they
can establish peering sessions and start exchanging SA messages.

Example
The following example enables an MSDP peer:
enable msdp peer 192.168.45.43

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable msdp process-sa-request

enable msdp [{peer} remoteaddr | peer all] process-sa-request {sa-
request-filter filter-name } {vr vr_name}

Description
This command configures MSDP to receive and process SA request messages from a
specified peer or all peers. If an SA request filter is specified, only SA request messages
from those groups permitted are accepted. All others are ignored.

Switch Engine™ Command Reference Guide for version 32.7.1 2337

Syntax Description Commands

Syntax Description
peer all Specifies all MSDP peers.
filter-name Specifies the name of the policy filter associated with SA
request processing.
remoteaddr Specifies the IP address of the MSDP peer.
vr_name Specifies the name of the virtual router to which this
command applies. If a name is not specified, it is extracted
from the current CLI context.

Default
By default, all SA request messages are accepted from peers.

Usage Guidelines
Use this command to configure the router to accept all or just some SA request
messages from peers. If no policy is specified, all SA request messages are accepted.
If a policy is specified, only SA request messages from those groups permitted are
accepted, and all others are ignored.

You cannot change an SA request filter while SA request processing is enabled for an
MSDP peer. You must first disable SA request processing for a peer and then re-enable
it with an SA request filter.

You can use the following policy attributes in an SA request policy. All other attributes
are ignored.
• Match:
◦ multicast-group
◦ multicast-source
◦ pim-rp
• Set:
◦ permit
◦ deny

Example
The following example enables processing of SA request messages received from a
peer with the IP address 192.168.45.43:
enable msdp peer 192.168.45.43 process-sa-request sa-request-filter intra_domain

History
This command was first available in ExtremeXOS 12.0.

2338 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable msdp
enable msdp {vr vrname}

Description
Enables MSDP on a virtual router.

Syntax Description
vrname Specifies the name of the virtual router on which MSDP is being
enabled or disabled. If a name is not specified, it is extracted from
the current CLI context.

Default
MSDP is disabled by default.

Usage Guidelines
None.

Example
The following command enables MSDP on a virtual router:
enable msdp

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MSDP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable msrp ports

enable msrp ports [port_list | all]

Switch Engine™ Command Reference Guide for version 32.7.1 2339

Description Commands

Description
Enables MSRP in the ports listed in the command after the keyword ports.

Syntax Description
msrp Multiple Stream Registration Protocol.
port_list Port list separated by a comma or "-".
all All ports.

Default
Disabled.

Usage Guidelines
Use this command to enable MSRP in the ports listed or all ports.

Note
MSRP is not supported for Link Aggregated Ports.

Example
# enable msrp ports 1-3

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all platforms that support the AVB feature and that have
an AVB feature pack license installed. To see which platforms support AVB and for
information about obtaining a license, see the Switch Engine 32.7.1 Feature License
Requirements.

enable msrp
enable msrp

Description
Enables MSRP globally on the switch.

2340 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
msrp Multiple Stream Registration Protocol.

Default
Disabled.

Usage Guidelines
Use this command to enable MSRP globally on a switch.

Example
The following command enables MSRP:
enable msrp

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all platforms that support the AVB feature and that have
an AVB feature pack license installed. To see which platforms support AVB and for
information about obtaining a license, see the Switch Engine 32.7.1 Feature License
Requirements.

enable mvr
enable mvr

Description
Enables MVR on the system.

Syntax Descripton
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
None.

Switch Engine™ Command Reference Guide for version 32.7.1 2341

Example Commands

Example
The following command enables MVR on the system:
enable mvr

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the MVR feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable mvrp
enable mvrp

Description
Enables MVRP globally on a switch.

Syntax Description
mvrp Multiple VLAN Registration Protocol.

Default
Disabled.

Usage Guidelines
Use this command to enable MVRP globally on a switch. MVRP is run on the MVRP
enabled ports only if the global setting is enabled. By default, MVRP is disabled
globally and on individual ports. When MVRP is disabled globally, all MVRP packets
are forwarded transparently.

Example
The following command enables MVRP globally on the switch:
enable mvrp

History
This command was first available in ExtremeXOS 15.3.

2342 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

enable mvrp ports

enable mvrp ports [port_list | all]

Description
Enables MVRP on a given set of ports.

Syntax Description
mvrp Multiple VLAN Registration Protocol
port_list Port(s) on which MVRP is to be enabled.
all All ports.

Default
Disabled.

Usage Guidelines
Use this command to enable MVRP on given set of ports. MVRP is run on the MVRP
enabled ports only if the global setting is enabled. By default, MVRP is disabled globally
and on individual ports. When MVRP is disabled globally, all MVRP packets will be
forwarded transparently. An error message is displayed if the user tries to enable/
disable MVRP on a lag member port which is not the master port. No configuration
changes are made.

Example
The following command enables MVRP on ports 4 and 5:
enable mvrp ports 4-5

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable neighbor-discovery refresh

enable neighbor-discovery {vr vr_name} refresh

Switch Engine™ Command Reference Guide for version 32.7.1 2343

Description Commands

Description
Enables the IPv6 neighbor cache to refresh each entry before the timeout period
expires.

Syntax Description
vr_name Specifies a VR or VRF.

Default
Enabled.

Usage Guidelines
None.

Example
The following example enables the refresh of neighbor discovery cache entries:
enable neighbor-discovery refresh

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

enable netlogin
enable netlogin [{dot1x} {mac} {web-based}]

Description
Enables network login authentication modes.

Syntax Description
dot1x Specifies 802.1X authentication.
mac Specifies MAC-based authentication.
web-based Specifies web-based authentication.

2344 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
All types of authentication are disabled.

Usage Guidelines
Any combination of types of authentication can be enabled on the same switch. At
least one of the authentication types must be specified on the command line.

Entering enable netlogin mac adds configure netlogin add mac-list default
configuration by default.

To disable an authentication mode, use the following command:

disable netlogin [{dot1x} {mac} {web-based}]

Example
The following command enables web-based network login:
enable netlogin web-based

History
This command was first available in ExtremeXOS 11.1.

Default configure netlogin add mac-list default configuration was added in

ExtremeXOS 31.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable netlogin authentication failure vlan ports

enable netlogin authentication failure vlan ports [ports | all]

Description
Enables the configured authentication failure VLAN on the specified ports.

Syntax Description
all Specifies all ports included in the authentication failure
VLAN.
ports Specifies one or more ports or slots and ports on which the
authentication failure VLAN is enabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2345

Default Commands

Default
All ports.

Usage Guidelines
Use this command to enable the configured authentication failure VLAN on either the
specified ports, or all ports.

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable netlogin authentication service-unavailable vlan ports

enable netlogin authentication service-unavailable vlan ports [ports |
all]

Description
Enables the configured authentication service-unavailable VLAN on the specified ports.

Syntax Description
ports Specifies one or more ports or slots and ports on which the
service-unavailable VLAN is enabled.
all Specifies all ports included in the service-unavailable VLAN.

Default
All ports.

Usage Guidelines
Use this command to enable the configured authentication service-unavailable VLAN
on the specified ports, or on all ports.

History
This command was first available in ExtremeXOS 12.1.

2346 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

enable netlogin dot1x guest-vlan ports

enable netlogin dot1x guest-vlan ports [all | ports]

Description
Enables the guest VLAN on the specified 802.1X network login ports.

Syntax Description
all Specifies all ports included in the guest VLAN.
ports Specifies one or more ports or slots and ports on which the
guest VLAN is enabled.

Default
Disabled.

Usage Guidelines
A guest VLAN provides limited or restricted network access if a supplicant connected to
a port does not respond to the 802.1X authentication requests from the switch. A port
always moves untagged into the guest VLAN.

Modifying the Supplicant Timer

By default, the switch attempts to authenticate the supplicant every 30 seconds for
a maximum of three tries. If the supplicant does not respond to the authentication
requests, the client moves to the guest VLAN. The number of authentication attempts
is a user-configured parameter with allowed values in the range of 1 to 10.

To modify the supplicant response timer, use the following command and specify the
supp-resp-timeout parameter:
configure netlogin dot1x timers [{server-timeout server_timeout}
{quiet-periodquiet_period} {reauth-periodreauth_period {reauth-
maxmax_num_reauths}} {supp-resp-timeoutsupp_resp_timeout}]

Creating the Guest VLAN

Before you can enable the guest VLAN on the specified ports, you must create the
guest VLAN. To create the guest VLAN, use the following command:
configure netlogin dot1x guest-vlan vlan_name {portsport_list}

Switch Engine™ Command Reference Guide for version 32.7.1 2347

Example Commands

Example
The following command enables the guest VLAN on all ports:

enable netlogin dot1x guest-vlan ports all

The following command enables the guest VLAN on ports 2 and 3:

enable netlogin dot1x guest-vlan ports 2,3

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable netlogin logout-privilege

enable netlogin logout-privilege

Description
Enables network login logout pop-up window.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
This command controls the logout window pop-up on the web-based network client.
This command applies only to the web-based authentication mode of network login.

Example
The following command enables network login logout-privilege:

enable netlogin logout-privilege

History
This command was first available in ExtremeXOS 11.1.

2348 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

enable netlogin ports

enable netlogin ports ports [{dot1x} {mac} {web-based}]

Description
Enables NetLogin on a specified port for a particular authentication method.

Syntax Description
ports Specifies the ports for which NetLogin should be enabled.
dot1x Specifies 802.1X authentication.
mac Specifies MAC-based authentication.
web-based Specifies web-based authentication.

Default
All methods are disabled on all ports.

Usage Guidelines
For campus mode NetLogin with web-based clients, the following conditions must be
met:
• A DHCP server must be available, and a DHCP range must be configured for the port
or ports in the VLAN on which you want to enable NetLogin.
• The switch must be configured as a RADIUS client, and the RADIUS server must be
configured to enable the NetLogin capability.

For ISP mode login, no special conditions are required. A RADIUS server must be used
for authentication.

NetLogin is used on a per-port basis. A port that is tagged can belong to more than one
VLAN. In this case, NetLogin can be enabled on one port for each VLAN.

Windows authentication is not supported via NetLogin.

To support NetLogin on all user virtual routers (VRs) in policy mode, remove any
associated VRs from the port before enabling NetLogin (see configure vr delete ports
on page 1634). This is applicable for uplink ports and ISC ports. This must be done prior
to authentication so that once the client gets authenticated the ports can move across
different VLANs of various VRs.

Switch Engine™ Command Reference Guide for version 32.7.1 2349

Example Commands

Example
The following command configures NetLogin on port 2:9 using web-based
authentication:
enable netlogin ports 2:9 web-based

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable netlogin reauthentication-on-refresh

enable netlogin reauthentication-on-refresh

Description
Enables network login reauthentication on refresh.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
The web-based Netlogin client's session is periodically refreshed by sending a HTTP
request which acts as a keep-alive without actually re-authenticating the user's
credentials with the back-end RADIUS server or local database. If reauthenticate-on-
refresh is enabled, re-authentication occurs with the session refresh.

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

2350 Switch Engine™ Command Reference Guide for version 32.7.1

Commands enable netlogin redirect-page

enable netlogin redirect-page

enable netlogin redirect-page

Description
Enables the network login redirect page function.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
This command enables the network login redirect page so that the client is sent to the
redirect page rather than the original page.

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable netlogin session-refresh

enable netlogin session-refresh {refresh_minutes}

Description
Enables network login session refresh.

Syntax Description
refresh_minutes Specifies the session refresh time for network login in
minutes.

Default
Enabled, with a value of three minutes for session refresh.

Switch Engine™ Command Reference Guide for version 32.7.1 2351

Usage Guidelines Commands

Usage Guidelines
Network login sessions can refresh themselves after a configured timeout. After the
user has been logged in successfully, a logout window opens which can be used to
close the connection by clicking on the Logout link. Any abnormal closing of this
window is detected on the switch and the user is logged out after a time interval as
configured for session refresh. The session refresh is enabled and set to three minutes
by default. The value can range from 1 to 255 minutes. When you configure the network
login session refresh for the logout window, ensure that the FDB aging timer is greater
than the network login session refresh timer.

This command applies only to the web-based authentication mode of network login.

To reset the session refresh value to the default behavior, use this command without
the minutes parameter.

Example
The following command enables network login session refresh and sets the refresh
time to ten minutes:

enable netlogin session-refresh 10

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable network-clock gptp

enable network-clock gptp

Description
Enables gPTP on the switch.

Syntax Description
network-clock Network clock.
gptp IEEE 802.1AS Generalized Precision Time Protocol (gPTP).

Default
Disabled.

2352 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use this command to enable gPTP.

Example
# enable network-clock gptp

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all platforms that support the AVB feature and that have
an AVB feature pack license installed. To see which platforms support AVB and for
information about obtaining a license, see the Switch Engine 32.7.1 Feature License
Requirements.

enable network-clock gptp ports

enable network-clock gptp ports [port_list {only} | all]

Description
Enables gPTP on one or more ports.

Syntax Description
port_list Specifies one or more of the switch’s physical ports.
only Apply change only to specified port, even if port is master
of a load sharing group.
all Specifies all of the switch’s physical ports.

Default
Disabled.

Usage Guidelines
Use this command to configure on which ports gPTP runs. gPTP does not run on
any ports if it is not first enabled in the switch by the enable network-clock gptp
command.

Example
# enable network-clock gptp ports 4

Switch Engine™ Command Reference Guide for version 32.7.1 2353

History Commands

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on the ExtremeSwitching 5520 switch if the AVB feature
pack license is installed on the switch..

enable network-clock ptp end-to-end transparent

[enable] network-clock ptp end-to-end-transparent ports port_list

Description
Enable PTP end-to-end-transparent clock functionality (1-step PHY timestamp) on the
ports.

Syntax Description
port_list List of physical ports.

Default
N/A.

Usage Guidelines
See Description.

Example
The following example enables end-to-end transparent clock on the front panel ports
1-3:
enable network-clock ptp end-to-end-transparent ports 1-3

History
This command was first available in ExtremeXOS 15.1.

Platform Availability
This command is available on the ExtremeSwitching 5520 and 5720 platforms.

enable nodealias ports

enable nodealias ports [port_list | all]

2354 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
This command enables the Node Alias feature on specified ports. Node Alias discovers
information about the end systems on a per-port basis. Information from packets from
end systems, such as VLANID, source MAC address, source IP address, protocol, etc. are
captured in a database that can be queried.

Syntax Description
nodealias Node Alias feature that maps source IP address, MAC
address, host name, and protocol on a per port basis.
ports Designates that Node Alias should be enabled on specified
ports.
port_list Specifies on which ports to have Node Alias enabled.
Designated as a port list separated by comma (,) or dash
(-).
all Specifies that all ports have Node Alias enabled.

Default
Node Alias is disabled by default on all ports.

Usage Guidelines
If the port is part of a LAG, Node Alias should be enabled separately on each LAG port.

Example
The following example enables Node Alias on all ports:
enable nodealias ports all

History
This command was first available in ExtremeXOS 22.2.

Platform Availability
VLAN

enable nodealias protocol

enable nodealias protocol [protocol_name | all]

Description
This command designates the specific protocols detected for the Node Alias feature.
Node Alias discovers information about the end systems on a per-port basis.

Switch Engine™ Command Reference Guide for version 32.7.1 2355

Syntax Description Commands

Information from packets from end systems, such as VLANID, source MAC address,
source IP address, protocol, etc. are captured in a database that can be queried.

Syntax Description
nodealias Node Alias feature that maps source IP address, MAC
address, host name, and protocol on a per port basis.
protocol Designates selection of protocols to detect.
protocol_name Specifies enabling a protocol to detect (one at a time).
The following protocols are enabled by default: IPv4, IPv6,
OSPF, BGP, VRRP, DHCPS, DHCPC, BOOTPS, BOOTPC,
UDP, BPDU, LLMNR, SSDP, and mDNS.
any Specifies enabling all Node Alias-supported protocols.

Default
The following protocols are enabled by default: IPv4, IPv6, OSPF, BGP, VRRP, DHCPS,
DHCPC, BOOTPS, BOOTPC, UDP, BPDU, LLMNR, SSDP, and mDNS.

Note
• ARP is categorized under IP.
• UDP entry is created when destination IP address is broadcast.
• BPDU means STP and GVRP frames.

Usage Guidelines
By default, the following protocols are enabled (IPv4, IPv6, OSPF, BGP, VRRP, DHCPS,
DHCPC, BOOTPS, BOOTPC, UDP, BPDU, LLMNR, SSDP, mDNS). You can optionally
disable any of these protocols (and then enable them back if desired).

Example
The following example specifically enables BGP to be detected:
enable nodealias protocol bgp

History
This command was first available in ExtremeXOS 22.2.

Platform Availability
VLAN

2356 Switch Engine™ Command Reference Guide for version 32.7.1

Commands enable ntp

enable ntp
enable ntp

Description
Enables NTP globally on the switch.

Syntax Description
N/A.

Default
NTP is disabled by default.

Usage Guidelines
N/A.

Example
The following command enables NTP globally on the switch:

enable ntp

History
This command was first available in ExtremeXOS 12.7.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ntp authentication

enable ntp authentication

Description
Enables NTP authentication globally on the switch.

Syntax Description
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 2357

Default Commands

Default
NTP authentication is disabled by default.

Usage Guidelines
If authentication is disabled, NTP will not use any authentication mechanism to
a server or from clients. To use authentication for a specific server, enable NTP
authentication globally, and then configure an RSA Data Security, Inc. MD5 Message-
Digest Algorithm or SHA256 key index for the specific server.

Example
The following command enables NTP authentication globally on the switch:

enable ntp authentication

History
This command was first available in ExtremeXOS 12.7.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ntp broadcast-client

enable ntp broadcast-client {{vr} vr_name}

Description
Enables an NTP broadcast client on the switch.

Syntax Description
broadcast-client Specifies enabling NTP broadcast client.
vr Specifies enabling NTP broadcast client for a VR.
vr_name Specifies the VR name. If a VR name is not specified, the VR
of current command context is used.

Default
An NTP broadcast client is enabled by default.

If a VR name is not specified, the VR of current command context is used.

2358 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
If the broadcast client function is enabled, the system can receive broadcast-based NTP
messages and process them only if a VLAN is enabled for NTP and the VLAN is active.

Example
The following command enables an NTP broadcast client on the switch:

enable ntp broadcast-client

History
This command was first available in ExtremeXOS 12.7.

The vr was added in ExtremeXOS 22.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ntp broadcast-server

enable ntp {vlan} vlan-name broadcast-server {key keyid}

Description
Enables NTP to send broadcast messages with or without a key to a VLAN.

Syntax Description
vlan-name Specifies the name of a particular VLAN on which to enable
or disable NTP.
keyid Specifies the key ID as a value from 1 to 65534.

Default
An NTP broadcast server is enabled by default.

Usage Guidelines
For the broadcast server function to work correctly, configure a VLAN to forward
broadcast packets by using the enable ipforwarding broadcast vlan-name
command. All broadcast clients will receive clock information from the broadcasted
clock messages.

Switch Engine™ Command Reference Guide for version 32.7.1 2359

Example Commands

Example
The following command enables an NTP broadcast server on the switch:

enable ntp vlan toSW3 broadcast-server key 100

History
This command was first available in ExtremeXOS 12.7.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ntp vlan

enable ntp [{vlan} vlan-name | all] {{vr} vr_name}

Description
Enables NTP on a VLAN.

Syntax Description
enable Enables NTP on a VLAN.
vlan-name Specifies the name of a particular VLAN on which to enable
or disable NTP.
all Enables or disables NTP on all VLANs.
vr Specifies setting up NTP on a VR.
vr_name Specifies the VR name to enable NTP on. If a VR name is
not specified, the VR of current command context is used.

Default
NTP is disabled on all VLANs by default.

Usage Guidelines
N/A.

Example
The following command enables NTP on a VLAN named “Southwest”:

enable ntp vlan Southwest

2360 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.7.

The vr option was added in ExtremeXOS 22.2

Platform Availability
This command is available on all Universal switches supported in this document.

enable ntp vr
enable ntp vr vr_name

Description
This command enables and configures NTP for the specified VR.

Syntax Description
vr Specifies setting up NTP on a VR.
vr_name Specifies the VR name to enable NTP on. If a VR name is
not specified, the VR of current command context is used.

Default
If a VR name is not specified, the VR of current command context is used.

Example
The following example enables NTP on a VR named "vr1".
enable ntp vr vr1

History
This command was first available in ExtremeXOS 22.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ospf
enable ospf

Switch Engine™ Command Reference Guide for version 32.7.1 2361

Description Commands

Description
Enables the OSPF process for the router.

Syntax Description
This command has no keywords or arguments.

Default
N/A.

Usage Guidelines
Not applicable.

Example
The following command enables the OSPF process for the router:

enable ospf

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable ospf capability opaque-lsa

enable ospf capability opaque-lsa

Description
Enables opaque LSAs across the entire system.

Syntax Description
This command has no keywords or variables.

Default
Enabled.

2362 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Opaque LSAs are a generic OSPF mechanism used to carry auxiliary information in
the OSPF database. Opaque LSAs are most commonly used to support OSPF traffic
engineering.

Normally, support for opaque LSAs is auto-negotiated between OSPF neighbors. In the
event that you experience interoperability problems, you can disable opaque LSAs.

If your network uses opaque LSAs, all routers on your OSPF network should support
opaque LSAs. Routers that do not support opaque LSAs do not store or flood them. At
minimum a well-interconnected subsection of your OSPF network needs to support
opaque LSAs to maintain reliability of their transmission.

On an OSPF broadcast network, the designated router (DR) must support opaque LSAs
or none of the other routers on that broadcast network will reliably receive them. You
can use the OSPF priority feature to give preference to an opaque-capable router, so
that it becomes the elected DR.

For transmission to continue reliably across the network, the backup designated router
(BDR) must also support opaque LSAs.

Example
The following command enables opaque LSAs across the entire system:

enable ospf capability opaque-lsa

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable ospf export

enable ospf export [bgp | direct | direct-inter-vr | e-bgp | i-bgp | rip
| static | isis | isis-level-1 | isis-level-1-external | isis-level-2
| isis-level-2-external | host-mobility] [cost cost type [ase-type-1
| ase-type-2] {tag number} | policy-map]

Description
Enables redistribution of routes to OSPF.

Switch Engine™ Command Reference Guide for version 32.7.1 2363

Syntax Description Commands

Syntax Description
bgp Specifies BGP routes.
direct Specifies direct routes.
direct-inter-vr Specifies Inter-VR leaked direct routes.
e-bgp Specifies E-BGP routes.
i-bgp Specifies I-BGP routes.
rip Specifies RIP routes.
static Specifies static routes.
isis Specifies IS-IS routes.
isis-level-1 Specifies ISIS Level 1 routes.
isis-level-1-external Specifies ISIS Level 1 External routes.
isis-level-2 Specifies ISIS Level 2 routes.
isis-level-2-external Specifies ISIS Level 2 External routes.
host-mobility Specifies host-mobility routes.
cost Specifies a cost metric.
ase-type-1 Specifies AS-external type 1 routes.
ase-type-2 Specifies AS-external type 2 routes.
number Specifies a tag value.
policy-map Specifies a policy.

Default
The default tag number is 0. The default setting is disabled.

Usage Guidelines
After OSPF export is enabled, the OSPF router is considered to be an ASBR. Interface
routes that correspond to the interface that has OSPF enabled are ignored.

The cost metric is inserted for all BGP, IS-IS, RIP-learned, static, and direct routes
injected into OSPF. If the cost metric is set to 0, the cost is inserted from the route.
The tag value is used only by special routing applications. Use 0 if you do not have
specific requirements for using a tag. The tag value in this instance has no relationship
with 802.1Q VLAN tagging.

The same cost, type, and tag values can be inserted for all the export routes, or a
policy can be used for selective insertion. When a policy is associated with the export
command, the policy is applied on every exported route. The exported routes can also
be filtered using a policy.

2364 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command enables OSPF to export BGP-related routes using LSAs to
other OSPF routers:

enable ospf export bgp cost 1 ase-type-1 tag 0

The following example shows all route types that can be configured with this
command:
# enable ospf export
<route_type> OSPF export route type
"bgp" "direct" “direct-inter-vr”
"e-bgp" "host-mobility" "i-bgp"
"isis" "isis-level-1" "isis-level-1-external"
"isis-level-2" "isis-level-2-external" "rip"
"static"

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable ospf export vr

enable ospf export {vr} vr-name route-type [policy-map | cost cost type
ase-type-1 | ase-type-2] {tag number}] {exclude-private}

Description
Enables redistribution of routes between OSPF instances.

Syntax Description
vr Specifies Virtual Router.
vr-name Specifies the source Virtual Router for exported routes.
route-type Specifies the OSPF inter-VR export route type.
policy-map Specifies the route map.
cost Specifies cost.
cost Specifies the cost metric. Range is 0-65535.
type Specifies route type.
ase-type-1 Specifies AS-external type 1 routes.
ase-type-2 Specifies AS-external type 2 routes.
tag Specifies a tag.

Switch Engine™ Command Reference Guide for version 32.7.1 2365

Default Commands

number Specifies a tag value.

exclude-private Specifies to exclude routes corresponding to private IP
ranges. Default is include private.

Default
N/A

Usage Guidelines
This command is executed in the destination VR and specifies the source VR.

The exclude-private option excludes prefixes in the private IP address ranges. Only
OSPF route types can be exported between instances.

Example
The following command enables OSPF ??:

enable ospf export vr cost 1 ase-type-1 tag 0

History
This command was first available in ExtremeXOS 32.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ospf mpls-next-hop

enable ospf mpls-next-hop {vr vrf_name}

Description
Enables IP forwarding over calculated MPLS LSPs to subnets learned through OSPF.

Syntax Description
vrf-name Specifies OSPF on a particular VRF.

Default
Disabled.

2366 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This command enables IP forwarding over calculated MPLS LSPs to subnets learned
through OSPF. (Calculated refers to an LSP that only reaches part of the way to the
destination). By default, IP forwarding over MPLS LSPs to subnets learned via OSPF is
disabled.

In order to configure OSPF on a particular VRF, you must supply the optional vr vr-
name CLI parameter.

Example
The following command enables OSPF’s use of MPLS LSPs to reach OSPF routes:

enable ospf mpls-next-hop

History
This command was first available in ExtremeXOS 11.6.

The vr keyword and vrf_name variable were added in ExtremeXOS 15.3.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable ospf originate-default

enable ospf originate-default {always} cost cost type [ase-type-1 | ase-
type-2] {tag number}

Description
Enables a default external LSA to be generated by OSPF, if no other default route is
originated by OSPF by way of RIP and static route re-distribution.

Syntax Description
always Specifies for OSPF to always advertise the default route.
cost Specifies a cost metric.
ase-type-1 Specifies AS-external type 1 routes.
ase-type-2 Specifies AS-external type 2 routes.
number Specifies a tag value.

Switch Engine™ Command Reference Guide for version 32.7.1 2367

Default Commands

Default
N/A.

Usage Guidelines
If always is specified, OSPF always advertises the default route. If always is not specified,
OSPF adds the default LSA if a reachable default route is in the route table.

Example
The following command generates a default external type-1 LSA:

enable ospf originate-default cost 1 ase-type-1 tag 0

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable ospf restart-helper-lsa-check

enable ospf [vlan [all | vlan-name] | area area-identifier |virtual-link
router-identifier area-identifier] restart-helper-lsa-check

Description
Enables the restart helper router to terminate graceful OSPF restart when received
LSAs would affect the restarting router.

Syntax Description
all Specifies all VLANs
vlan-name Specifies a VLAN name.
router-identifier Specifies the router ID of the remote router of the virtual
link.
area-identifier Specifies an OSPF area.

Default
The default is enabled.

2368 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This command configures the restart helper router to terminate graceful OSPF restart
when received LSAs would affect the restarting router. This will occur when the restart-
helper receives an LSA that will be flooded to the restarting router or when there is
a changed LSA on the restarting router's retransmission list when graceful restart is
initiated.

Example
The following command configures a router to terminate graceful OSPF restart for all
routers in area 10.20.30.40 if it receives an LSA that would affect routing:

enable ospf area 10.20.30.40 restart-helper-lsa-check

History
This command was first available in ExtremeXOS 11.3.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable ospf use-ip-router-alert

enable ospf use-ip-router-alert

Description
Enables the generation of the OSPF router alert IP option.

Syntax Description
This command has no keywords or arguments.

Default
Disabled.

Usage Guidelines
Not applicable.

Switch Engine™ Command Reference Guide for version 32.7.1 2369

Example Commands

Example
The following command enables the OSPF router alert IP option:

enable ospf use-ip-router-alert

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable ospfv3
enable ospfv3

Description
Enables OSPFv3 for the router.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
When OSPFv3 is enabled, it will start exchanging Hellos on all of it's active interfaces.
It will also start exporting routes into OSPFv3 routing domain from other protocols, if
enabled.

When OSPFv3 is disabled, it will release all the run-time allocated resources like
adjacencies, link state advertisements, run-time memory, etc.

OSPFv3 can be enabled successfully if and only if:

• At least one of the VLANs in the current virtual router has one IPv4 address
configured

—OR—
• You explicitly configure the OSPFv3 router ID, a four-byte, dotted decimal number

2370 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command enables OSPFv3 for the router:

enable ospfv3

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable ospfv3 export

enable ospfv3 export [direct | ripng | static | isis | isis-level-1
| isis-level-1-external | isis-level-2 | isis-level-2-external| bgp
| e-bgp | i-bgp |host-mobility] [cost cost type [ase-type-1 | ase-
type-2] | policy_map]

Description
Enables redistribution of routes to OSPFv3.

Syntax Description
direct Specifies direct routes.
ripng Specifies RIPng routes.
static Specifies static routes.
isis Specifies IS-IS routes.
isis-level-1 Specifies IS-IS Level 1 routes.
isis-level-1-external Specifies IS-IS Level 1 External routes.
isis-level-2 Specifies IS-IS Level 2 routes.
isis-level-2-external Specifies IS-IS Level 2 External routes.
bgp Specifies BGP IPv6 routes.
i-bgp Specifies internal BGP IPv6 routes.
e-bgp Specifies external BGP IPv6 routes.
host-mobility Specifies host-mobility routes.
cost Specifies a cost metric.
ase-type-1 Specifies AS-external type 1 routes.
ase-type-2 Specifies AS-external type 2 routes.

Switch Engine™ Command Reference Guide for version 32.7.1 2371

Default Commands

number Specifies a tag value.

policy_map Specifies a policy.

Default
The default setting is disabled.

Usage Guidelines
The cost metric is inserted for all RIPng-learned, static, and direct routes injected into
OSPFv3. If the cost metric is set to 0, the cost is inserted from the route.

The same cost and type values can be inserted for all the export routes, or a policy can
be used for selective insertion. When a policy is associated with the export command,
the policy is applied on every exported route. The exported routes can also be filtered
using a policy.

Policy files for this command will only recognize the following policy attributes:
• Match attributes
◦ nlri IPv6-address/mask-len
• Action (set) attributes
◦ cost <cost>
◦ cost-type [ase-type-1 | ase-type-2]
◦ permit
◦ deny

Any other policy attribute will not be recognized and will be ignored.

The following is an example OSPFv3 export policy file:

entry first {
if match any{
nlri 2001:db8:200:300:/64;
nlri 2001:db8:2146:23d1::/64;
nlri 2001:db8:af31:3d0::/64;
nlri 2001:db8:f6:2341::/64;
} then {
deny;
}
}
entry second {
if match any{
nlri 2001:db8:304::/48;
nlri 2001:db8:ca11::/48;
nlri 2001:db8:da36::/48;
nlri 2001:db8:f6a6::/48;
} then {
cost 220;
cost-type ase-type-2;
permit;
}
}

2372 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command enables OSPFv3 to export RIPng-related routes and associates
a policy redist:

enable ospfv3 export ripng redist

History
This command was first available in ExtremeXOS 11.2.

The tag keyword was removed in ExtremeXOS 11.4.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable ospfv3 restart-helper-lsa-check

enable ospfv3 [[vlan | tunnel] all | {vlan} vlan-name | {tunnel} tunnel-
name | area area-identifier] restart-helper-lsa-check

Description
This command configures the restart helper router to terminate OSPF graceful restart
when received LSAs would affect the restarting router. This will occur when the restart
helper receives an LSA that will be flooded to the restarting router or when there is
a changed LSA on the restarting router's retransmission list when graceful restart is
initiated.

Syntax Description
vlan VLAN.
all All VLANs.
vlan-name VLAN name.
area OSPFv3 area.
area-identifier Area identifier.
restart-helper-lsa-check Terminate graeful restart helper mode when there is a
change to an LSA.

Default
Enabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2373

History Commands

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ospfv3 virtual-link restart-helper-lsa-check

enable ospfv3 virtual-link {routerid} router-identifier {area} area-
identifier restart-helper-lsa-check

Description
This command configures the restart helper router to terminate OSPFv3 graceful
restart when received LSAs would affect the restarting router. This occurs when the
restart helper receives an LSA that will be flooded to the restarting router or when there
is a changed LSA on the restarting router's retransmission list when graceful restart is
initiated.

Syntax Description
virtual-link OSPFv3 virtual link.
routerid OSPFv3 router ID.
router-identifier Router ID of neighbor OSPFv3 router.
area OSPFv3 area.
area-identifier Transit area ID of virtual link.
restart-helper-lsa- Terminates graceful restart helper mode when there is a
check change to an LSA (default is enabled).

Default
Enabled.

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable pim
enable pim {ipv4 | ipv6}

2374 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
None.

Example
The following command enables PIM on the system:
enable pim

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable pim iproute sharing

enable pim {ipv4 | ipv6} iproute sharing

Description
Enables the PIM ECMP feature.

Syntax Description
iproute IP Route.
sharing Equal Cost Multipath Routing.

Switch Engine™ Command Reference Guide for version 32.7.1 2375

Default Commands

Default
Disabled.

Usage Guidelines
Use this feature to allow downstream PIM router to choose multiple ECMP path to
source via hash from one of the following selections without affecting the existing
unicast routing algorithm:
• Source
• Group
• Source-Group
• Source-Group-Next-Hop

This feature does load splitting, not load balancing, and operates on a per (S, G) and
(*;G) basis, splitting the load onto the available equal cost paths by hashing according to
the selection criteria defined by the user.

Make sure that IP route sharing is also enabled using enable iproute {ipv4| ipv6}
sharing.

Example
The following command enables the PIM ECMP feature:
enable pim ipv4 iproute sharing

History
This command was first available in ExtremeXOS 15.3.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable pim snooping

enable pim snooping {{vlan} name}

Description
Enables PIM snooping globally or on one or all VLANs.

2376 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
name Specifies a VLAN.

Default
Disabled.

Usage Guidelines
PIM snooping does not require PIM to be enabled. However, IGMP snooping must be
disabled on VLANs that use PIM snooping. PIM snooping and MVR cannot be enabled
simultaneously on a switch. PIM snooping should not be enabled on a VLAN that
supports PIM-DM neighbors.

Example
The following example enables PIM snooping on the default VLAN:
enable pim snooping default

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable pim ssm tunnel

enable pim {ipv4} ssm tunnel [tunnel_name | tunnel all]

Description
Enables PIM SSM tunnels on an IP interface.

Syntax Description
ipv4 Specifies the IPv4 address family.
tunnel Specifies the tunnel name.
tunnel_name Specifies to configure PIM information for interfaces.
all Specifies to configure PIM information on all Layer 3
interfaces.

Switch Engine™ Command Reference Guide for version 32.7.1 2377

Default Commands

Default
Disabled on all interfaces.

Usage Guidelines
This command enables PIM-SSM on the specified Layer 3 VLAN.

PIM-SM must also be configured on the interface for PIM to begin operating (which
includes enabling IP multicast forwarding).

IGMPv3 include messages for multicast addresses in the SSM range are only processed
by PIM if PIM-SSM is enabled on the interface. Any non-IGMPv3 include messages
in the SSM range are not processed by PIM on any switch interface, whether SSM is
enabled or not.

Example
The following example enables PIM-SSM multicast routing on tunnel accounting:
enable pim ssm tunnel accounting

History
This command was first available in ExtremeXOS 32.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable pim ssm vlan

enable pim {ipv4 | ipv6} ssm vlan [vlan_name | all]

Description
Enables PIM SSM on an IP interface.

Syntax Description
ipv4 Specifies the IPv4 address family.
ipv6 Specifies the IPv6 address family.
vlan_name Specifies a VLAN name.
all Specifies all VLANs.

2378 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Disabled on all interfaces.

Usage Guidelines
This command enables PIM-SSM on the specified Layer 3 VLAN.

PIM-SM must also be configured on the interface for PIM to begin operating (which
includes enabling IP multicast forwarding).

IGMPv3 include messages for multicast addresses in the SSM range are only processed
by PIM if PIM-SSM is enabled on the interface. Any non-IGMPv3 include messages
in the SSM range are not processed by PIM on any switch interface, whether SSM is
enabled or not.

Example
The following example enables PIM-SSM multicast routing on VLAN accounting:
enable pim ssm vlan accounting

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the PIM feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable policy
enable policy

Description
This command enables the ONEPolicy functionality.

Syntax Description
This command has no arguments or variables.

Default
None.

Switch Engine™ Command Reference Guide for version 32.7.1 2379

Usage Guidelines Commands

Usage Guidelines
None.

Example
The following example shows how to enable ONEPolicy:
# enable policy

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable port
enable port [port_list | all]

Description
Enables a port.

Syntax Description
port_list Specifies one or more ports or slots and ports.
all Specifies all ports on the switch.

Default
All ports are enabled.

Usage Guidelines
Use this command to enable the port(s) if you disabled the port(s) for security,
administration, or troubleshooting purposes.

Example
The following command enables ports 3, 5, and 12 through 15 on the stand-alone
switch:

enable ports 3,5,12-15

2380 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The following command enables ports 3, 5, and 12 through 15 on the switch:

enable port 3,5,12-15

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ports mlag-id

enable ports [mlag-id mlag_id]

Description
Enables the current ports associated with the given ID.

Syntax Description
mlag-id Port associated with MLAG.
mlag_id MLAG identifier value of the MLAG port. Range is 1–65,000.

Default
N/A.

Usage Guidelines
If any ports are added or deleted from the LAG, the port state for those ports is not
changed.

In MLAG orchestration mode, this command is executed on the other MLAG peer
before it is executed on the MLAG peer on which the command is run. In orchestration
mode, if the MLAG port numbers are not same on both the peers, it is possible that a
different set of port numbers is enabled on the different MLAG peers. This command
helps ensure that the correct set of ports associated with the MLAG ID is enabled.

If the port associated with the given MLAG ID is a load shared port, all the member
ports associated with this load shared group are enabled.

If the port associated with the given MLAG ID is a virtual port, the command is ignored.

Example
The following example enables the ports associated with MLAG ID "123":

Switch Engine™ Command Reference Guide for version 32.7.1 2381

History Commands

# enable ports mlag-id 123

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable radius
enable radius {mgmt-access | netlogin}

Description
Enables the RADIUS client on the switch.

Syntax Description
mgmt-access Specifies the switch management RADIUS authentication
server.
netlogin Specifies the network login RADIUS authentication server.

Default
RADIUS authentication is disabled for both switch management and network login by
default.

Usage Guidelines
Before you enable RADIUS on the switch, you must configure the servers used
for authentication and configure the authentication string (shared secret) used to
communicate with the RADIUS authentication server.

To configure the RADIUS authentication servers, use the following command:

configure radius {mgmt-access | netlogin} [primary | secondary] server
[ipaddress | hostname] {udp_port} client-ip [ipaddress] {vrvr_name}

To configure the shared secret, use the following command:

configure radius {mgmt-access | netlogin} [primary | secondary] shared-
secret {encrypted} string

If you do not specify a keyword, RADIUS authentication is enabled on the switch for
both management and network login. When enabled, all web, Telnet, and SSH logins
are sent to the RADIUS servers for authentication. When used with a RADIUS server

2382 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

that supports ExtremeXOS CLI authorization, each CLI command is sent to the RADIUS
server for authorization before it is executed.

Use the mgmt-access keyword to enable RADIUS authentication for switch

management functions.

Use the netlogin keyword to enable RADIUS authentication for network login.

Example
The following command enables RADIUS authentication on the switch for both
management and network login:

enable radius

The following command enables RADIUS authentication on the switch for network
login:

enable radius netlogin

History
This command was first available in ExtremeXOS 10.1.

The mgmt-access and netlogin keywords were added in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable radius-accounting
enable radius-accounting {mgmt-access | netlogin}

Description
Enables RADIUS accounting.

Syntax Description
mgmt-access Specifies the switch management RADIUS accounting
server.
netlogin Specifies the network login RADIUS accounting server.

Default
RADIUS accounting is disabled for both switch management and network login by
default.

Switch Engine™ Command Reference Guide for version 32.7.1 2383

Usage Guidelines Commands

Usage Guidelines
The RADIUS client must also be enabled.

Before you enable RADIUS accounting on the switch, you must configure the servers
used for accounting and configure the authentication string (shared secret) used to
communicate with the RADIUS accounting server.

To configure the RADIUS accounting servers, use the following command:

configure radius-accounting {mgmt-access | netlogin} [primary |
secondary] server [ipaddress |hostname] {tcp_port} client-ip [ipaddress]
{vr vr_name}

To configure the shared secret, use the following command:

configure radius-accounting {mgmt-access | netlogin} [primary | secondary] shared-
secret {encrypted} string

If you do not specify a keyword, RADIUS accounting is enabled on the switch for both
management and network login.

Use the mgmt-access keyword to enable RADIUS accounting for switch management
functions.

Use the netlogin keyword to enable RADIUS accounting for network login.

Example
The following command enables RADIUS accounting on the switch for both
management and network login:

enable radius-accounting

The following command enables RADIUS accounting for network login:

enable radius-accounting netlogin

History
This command was first available in ExtremeXOS 10.1.

The mgmt-access and netlogin keywords were added in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable radius dynamic-authorization

enable radius dynamic-authorization

2384 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Enables dynamic authorization RADIUS accounting.

Syntax Description
This command has no arguments or variables.

Default
Dynamic authorization RADIUS accounting is disabled by default.

Usage Guidelines
Before you enable RADIUS on the switch, you must configure the servers used
for authentication and configure the authentication string (shared secret) used to
communicate with the RADIUS authentication server.

To configure the RADIUS authentication servers and shared secret, use the following
command:
configure radius dynamic-authorization index [nas-ip [ignore | require]
| server [host_ipaddr | host_ipV6addr | hostname] {tls {tls_port}}
client-ip [client_ipaddr | client_ipV6addr] {vr vr_name} {shared-secret
{encrypted} secret}

Example
The following command enables dynamic authorization RADIUS authentication on the
switch:

enable radius dynamic-authorization

History
This command was first available in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable rip
enable rip

Description
Enables RIP for the whole router.

Switch Engine™ Command Reference Guide for version 32.7.1 2385

Syntax Description Commands

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
RIP has a number of limitations that can cause problems in large networks, including:
• A limit of 15 hops between the source and destination networks.
• A large amount of bandwidth taken up by periodic broadcasts of the entire routing
table.
• Slow convergence.
• Routing decisions based on hop count; no concept of link costs or delay.
• Flat networks; no concept of areas or boundaries.

Example
The following command enables RIP for the whole router:
# enable rip

History
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

Platform Availability
This command is available on all platforms with an Edge, Advanced Edge, or Core
license.

enable rip aggregation

enable rip aggregation

Description
Enables the RIP aggregation of subnet information on a RIP version 2 (RIPv2) interface.

Syntax Description
This command has no arguments or variables.

2386 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Disabled.

Usage Guidelines
The enable (disable) rip aggregation command enables (disables) the RIP aggregation
of subnet information on an interface configured to send RIPv1 or RIPv2-compatible
traffic. The switch summarizes subnet routes to the nearest class network route. The
following rules apply when using RIP aggregation:
• Subnet routes are aggregated to the nearest class network route when crossing a
class boundary.
• Within a class boundary, no routes are aggregated.
• If aggregation is enabled, the behavior is the same as in RIPv1.
• If aggregation is disabled, subnet routes are never aggregated, even when crossing
a class boundary.

Example
The following command enables RIP aggregation on the interface:
# enable rip aggregation

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

enable rip export

enable rip export [bgp | direct | e-bgp | i-bgp | ospf | ospf-
extern1 | ospf-extern2 | ospf-inter | ospf-intra | static | isis
| isis-level-1| isis-level-1-external | isis-level-2 | isis-level-2-
external ] [cost number {tag number} | policy policy-name]

Description
Enables RIP to redistribute routes from other routing functions.

Syntax Description
bgp Specifies BGP routes.
direct Specifies interface routes (only interfaces that have IP
forwarding enabled are exported).

Switch Engine™ Command Reference Guide for version 32.7.1 2387

Default Commands

e-bgp Specifies E-BGP routes.

i-bgp Specifies I-BGP routes.
ospf Specifies all OSPF routes.
ospf-extern1 Specifies OSPF external route type 1.
ospf-extern2 Specifies OSPF external route type 2.
ospf-inter Specifies OSPF-inter area routes.
ospf-intra Specifies OSPF-intra area routes.
static Specifies static routes.
isis Specifies IS-IS routes.
isis-level-1 Specifies ISIS Level 1 routes.
isis-level-1-external Specifies ISIS Level 1 External routes.
isis-level-2 Specifies ISIS Level 2 routes.
isis-level-2-external Specifies ISIS Level 2 External routes.
cost number Specifies the cost metric, from 0-15. If set to 0, RIP uses the
route metric obtained from the route origin.
tag number Specifies a tag number.
policy-name Specifies a policy.

Default
Disabled.

Usage Guidelines
This command enables the exporting of BGP, static, direct, and OSPF-learned routes
into the RIP domain. You can choose which types of OSPF routes are injected, or you
can simply choose ospf, which will inject all learned OSPF routes regardless of type.

The cost metric is inserted for all RIP-learned, static, and direct routes injected into RIP.
If the cost metric is set to 0, the cost is inserted from the route. For example, with BGP,
the cost could be the MED or the length of the BGP path. The tag value is used only by
special routing applications. Use 0 if you do not have specific requirements for using a
tag.

Each protocol can have a policy associated with it to control or modify the exported
routes.

Example
The following command enables RIP to redistribute routes from all OSPF routes:
# enable rip export ospf cost 0

2388 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

enable rip originate-default cost

enable rip originate-default {always} cost number {tag number}

Description
Configures a default route to be advertised by RIP.

Syntax Description
always Specifies to always advertise the default route.
cost number Specifies a cost metric. The range is 1 - 15.
tag number Specifies a tag number.

Default
Disabled.

Usage Guidelines
If always is specified, RIP always advertises the default route to its neighbors. If always
is not specified, RIP advertises a default route only if a reachable default route is in the
system route table.

The default route advertisement is filtered using the out policy.

The cost metric is inserted for all RIP-learned, static, and direct routes injected into RIP.
The tag value is used only by special routing applications.

Example
The following command configures a default route to be advertised by RIP if there is a
default route in the system routing table:
# enable rip originate-default cost 7

History
This command was first available in ExtremeXOS 10.1.

Switch Engine™ Command Reference Guide for version 32.7.1 2389

Platform Availability Commands

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

enable rip poisonreverse

enable rip poisonreverse

Description
Enables poison reverse algorithm for RIP.

Syntax Description
Enables poison reverse algorithm for RIP.

Default
Enabled.

Usage Guidelines
Like split horizon, poison reverse is a scheme for eliminating the possibility of loops in
the routed topology. In this case, a router advertises a route over the same interface
that supplied the route, but the route uses a hop count of 16, defining it as unreachable.

Example
The following command enables the split horizon with poison reverse algorithm for
RIP:
# enable rip poisonreverse

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

enable rip splithorizon

enable rip splithorizon

2390 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Enables the split horizon algorithm for RIP.

Syntax Description
Enables the split horizon algorithm for RIP.

Default
Enabled.

Usage Guidelines
Split horizon is a scheme for avoiding problems caused by including routes in updates
sent to the router from which the route was learned. Split horizon omits routes learned
from a neighbor in updates sent to that neighbor.

Example
The following command enables the split horizon algorithm for RIP:
# enable rip splithorizon

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

enable rip triggerupdates

Triggered updates are a mechanism for immediately notifying a router’s neighbors
when the router adds or deletes routes or changes their metric.
enable rip triggerupdates

Description
Enables the trigger update mechanism.

Syntax Description
This command has no arguments or variables.

Switch Engine™ Command Reference Guide for version 32.7.1 2391

Default Commands

Default
Enabled.

Usage Guidelines
Triggered updates occur whenever a router changes the metric for a route and it is
required to send an update message immediately, even if it is not yet time for a regular
update message to be sent. This will generally result in faster convergence, but may
also result in more RIP-related traffic.

Example
The following command enables the trigger update mechanism:
3 enable rip triggerupdate

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

enable rip use-ip-router-alert

enable rip use-ip-router-alert

Description
Enables the router alert IP option in the outgoing RIP control packets.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
None.

2392 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command enables the RIP router alert IP option:
# enable rip use-ip-router-alert

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all platforms with a Base license or higher as described in
the Switch Engine 32.7.1 Feature License Requirements document.

enable ripng
enable ripng

Description
Enables RIPng for the whole router.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Although RIPng is useful in small networks, it has a number of limitations that can
cause problems in large networks, including:
• A limit of 15 hops between the source and destination networks.
• A large amount of bandwidth taken up by periodic broadcasts of the entire routing
table.
• Slow convergence.
• Routing decisions based on hop count; no concept of link costs or delay.
• Flat networks; no concept of areas or boundaries.

For larger networks, consider OSPFv3 as an alternative IGP.

Switch Engine™ Command Reference Guide for version 32.7.1 2393

Example Commands

Example
The following command enables RIPng for the whole router:

enable ripng

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

enable ripng export

enable ripng export [direct | ospfv3 | ospfv3-extern1 | ospfv3-extern2
| ospfv3-inter | ospfv3-intra | static | isis | isis-level-1| isis-
level-1-external | isis-level-2| isis-level-2-external | bgp | e-bgp
i-bgp] [cost number {tag number} | policy policy-name]

Description
Enables RIPng to redistribute routes from other routing functions.

Syntax Description
direct Specifies interface routes (only interfaces that have IP
forwarding enabled are exported).
ospfv3 Specifies all OSPFv3 routes.
ospfv3-extern1 Specifies OSPFv3 external route type 1.
ospfv3-extern2 Specifies OSPFv3 external route type 2.
ospfv3-inter Specifies OSPFv3-inter area routes.
ospfv3-intra Specifies OSPFv3-intra area routes.
static Specifies static routes.
isis Specifies IS-IS routes.
isis-level-1 Specifies IS-IS Level 1 routes.
isis-level-1-external Specifies IS-IS Level 1 External routes.
isis-level-2 Specifies IS-IS Level 2 routes.
isis-level-2-external Specifies IS-IS Level 2 External routes.
bgp Specifies BGP IPv6 routes
e-bgp Specifies EBGP routes.

2394 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

i-bgp Specifies IBGP routes.

cost number Specifies the cost metric, from 0-15. If set to 0, RIPng uses
the route metric obtained from the route origin.
tag number Specifies a tag number.
policy-name Specifies a policy.

Default
Disabled. However, direct routes will always be advertised for all the interfaces where
RIPng is enabled. For those interfaces where RIPng is not enabled, the corresponding
direct route could be redistributed if direct route export is enabled through this
command.

Default tag is 0.

Usage Guidelines
This command enables the exporting of static, direct, IS-IS, and OSPFv3-learned routes
from the routing table into the RIPng domain. You can choose which types of IS-IS or
OSPFv3 routes are injected, or you can simply choose isis or ospfv3, which will inject all
learned routes (of all types) for the selected protocol.

The cost metric is inserted for all RIPng-learned, static, and direct routes injected into
RIPng. If the cost metric is set to 0, the cost is inserted from the route table. The tag
value is used only by special routing applications. Use 0 if you do not have specific
requirements for using a tag.

Each protocol can have a policy associated with it to control or modify the exported
routes. The following is sample policy file which modifies the cost of redistributed
routes from OSPFv3 and statically configured routes:

entry filter_rt {
If match any {
Route-origin ospfv3;
Route-origin static;
}
then {
cost 10;
}
}

Example
The following command enables RIPng to redistribute routes from all OSPFv3 routes:

enable ripng export ospfv3 cost 0

Switch Engine™ Command Reference Guide for version 32.7.1 2395

History Commands

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

enable ripng originate-default

enable ripng originate-default {always} cost metric {tag number}

Description
Configures a default route to be advertised by RIPng.

Syntax Description
always Specifies to advertise the default route in addition to
learned default route.
cost metric Specifies a cost metric. The range is 1 - 15.
tag number Specifies a tag number.

Default
Disabled.

Usage Guidelines
If always is specified, RIPng always advertises the default route to its neighbors. If
always is not specified, RIPng advertises a default route only if a reachable default route
is in the system route table (the route is learned from other neighbors).

The default route advertisement is filtered using the out policy. Use the command,
configure ripng route-policy, to specify the out policy.

The cost metric is inserted for all RIPng-learned, static, and direct routes injected into
RIPng. The tag value is used only by special routing applications.

Example
The following command configures a default route to be advertised by RIPng if there is
a default route in the system routing table:

enable ripng originate-default cost 7

2396 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

enable ripng poisonreverse

enable ripng poisonreverse {vlan vlan-name | tunnel tunnel_name | [vlan
| tunnel] all}

Description
Enables the split horizon with poison reverse algorithm for RIPng on specified
interfaces.

Syntax Description
vlan-name Specifies an IPv6 configured VLAN.
tunnel_name Specifies an IPv6 tunnel.
all Specifies all interfaces.

Default
Enabled.

Usage Guidelines
Used with split horizon, poison reverse is a scheme for eliminating the possibility of
loops in the routed topology. In this case, a router advertises a route over the same
interface that supplied the route, but the route uses a hop count of 16, defining it as
unreachable.

If both split horizon and poison reverse are enabled, poison reverse takes precedence.

Example
The following command enables split horizon with poison reverse for RIPng on all IPv6
interfaces in the virtual router:

enable ripng poisonreverse

Switch Engine™ Command Reference Guide for version 32.7.1 2397

History Commands

The following command enables split horizon with poison reverse for all the IPv6
configured VLANs in the virtual router:

enable ripng poisonreverse vlan all

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

enable ripng splithorizon

enable ripng splithorizon {vlan vlan-name | tunnel tunnel_name | [vlan |
tunnel] all}

Description
Enables the split horizon algorithm for RIPng.

Syntax Description
vlan-name Specifies an IPv6 configured VLAN.
tunnel_name Specifies an IPv6 tunnel.
all Specifies all interfaces.

Default
Enabled.

Usage Guidelines
Split horizon is a scheme for avoiding problems caused by including routes in updates
sent to the router from which the route was learned. Split horizon omits routes learned
from a neighbor in updates sent to that neighbor.

Example
The following command enables the split horizon algorithm for RIPng on all IPv6
configured interfaces:

enable ripng splithorizon

2398 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

enable ripng triggerupdates

enable ripng triggerupdates {vlan vlan-name | tunnel tunnel_name | [vlan
| tunnel] all}

Description
Enables the trigger update mechanism. Triggered updates are a mechanism for
immediately notifying a router’s neighbors when the router adds or deletes routes or
changes their metric.

Syntax Description
vlan-name Specifies an IPv6 configured VLAN.
tunnel_name Specifies an IPv6 tunnel.
all Specifies all interfaces.

Default
Enabled.

Usage Guidelines
Triggered updates occur whenever a router changes the metric for a route and it is
required to send an update message immediately, even if it is not yet time for a regular
update message to be sent. This will generally result in faster convergence, but may
also result in more RIPng-related traffic.

Example
The following command enables the trigger update mechanism on all IPv6 configured
interfaces:

enable ripng triggerupdate

Switch Engine™ Command Reference Guide for version 32.7.1 2399

History Commands

History
This command was first available in ExtremeXOS 11.2.

Platform Availability
This command is available on platforms with an Edge, Advanced Edge, or Core license.
For licensing information, see the Switch Engine 32.7.1 Feature License Requirements
document.

enable rmon
enable rmon

Description
Enables the collection of RMON statistics on the switch.

Syntax Description
This command has no arguments or variables.

Default
By default, RMON is disabled. However, even in the disabled state, the switch responds
to RMON queries and sets for alarms and events. By enabling RMON, the switch begins
the processes necessary for collecting switch statistics.

Usage Guidelines
The switch supports four out of nine groups of Ethernet RMON statistics. In an enabled
state, the switch responds to the following four groups:
• Statistics—The RMON Ethernet Statistics group provides traffic and error statistics
showing packets, bytes, broadcasts, multicasts, and errors on a LAN segment or
VLAN.
• History—The History group provides historical views of network performance by
taking periodic samples of the counters supplied by the Statistics group. The
group features user-defined sample intervals and bucket counters for complete
customization of trend analysis.
• Alarms—The Alarms group provides a versatile, general mechanism for setting
threshold and sampling intervals to generate events on any RMON variable. Both
rising and falling thresholds are supported, and thresholds can be on the absolute
value of a variable or its delta value. In addition, alarm thresholds may be auto
calibrated or set manually.
• Events—The Events group creates entries in an event log and/or sends SNMP traps
to the management workstation. An event is triggered by an RMON alarm. The
action taken can be configured to ignore it, to log the event, to send an SNMP trap

2400 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

to the receivers listed in the trap receiver table, or to both log and send a trap. The
RMON traps are defined in RFC 1757 for rising and falling thresholds.

The switch also supports the following parameters for configuring the RMON agent, as
defined in RFC2021:
• probeCapabilities—If you configure the probeCapabilities object, you can view the
RMON MIB groups supported on at least one interface by the probe.
• probeSoftwareRev—If you configure the probeSoftwareRev object, you can view the
current software version of the monitored device.
• probeHardwareRev—If you configure the probeHardwareRev object, you can view
the current hardware version of the monitored device.
• probeDateTime—If you configure the probeDateTime object, you can view the
current date and time of the probe.
• probeResetControl—If you configure the probeResetControl object, you can restart a
managed device that is not running normally. Depending on your configuration, you
can do one of the following:
◦ Warm boot—A warm boot restarts the device using the current configuration
saved in non-volatile memory.
◦ Cold boot—A cold boot causes the device to reset the configuration parameters
stored in non-volatile memory to the factory defaults and then restarts the device
using the restored factory default configuration.

Note
You can only use the RMON features of the system if you have an RMON
management application and have enabled RMON on the switch.

RMON requires one probe per LAN segment, and stand-alone RMON probes have
traditionally been expensive. Therefore, the approach taken by Extreme Networks
has been to build an inexpensive RMON probe into the agent of each system. This
allows RMON to be widely deployed around the network without costing more than
traditional network management. The switch accurately maintains RMON statistics at
the maximum line rate of all of its ports.

For example, statistics can be related to individual ports. Also, because a probe must
be able to see all traffic, a stand-alone probe must be attached to a nonsecure port.
Implementing RMON in the switch means that all ports can have security features
enabled.

To view the status of RMON polling on the switch, use the show management command.
The show management command displays information about the switch including the
enable/disable state for RMON polling.

To view the RMON memory usage statistics for a specific memory type (for example,
statistics, events, logs, history, or alarms) or for all memory types, use the following
command:
show rmon memory {detail | memoryType}

Switch Engine™ Command Reference Guide for version 32.7.1 2401

Example Commands

Example
The following command enables the collection of RMON statistics on the switch:

enable rmon

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable router-discovery
enable router-discovery {ipv6} vlan vlan_name

Description
Enables router discovery advertisements on the VLAN and the processing of router
discovery messages.

Syntax Description
vlan_name Specifies an IPv6 configured VLAN.

Default
N/A.

Usage Guidelines
This command is only valid when the specified VLAN has an IPv6 address associated
with it. After IPv6 Router Discovery is enabled on a VLAN, router advertisement
messages are regularly sent on all ports associated with the VLAN.

Example
The following example enables router discovery for the VLAN "top_floor":
enable router-discovery vlan top_floor

History
This command was first available in ExtremeXOS 11.2.

2402 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

enable sflow
enable sflow

Description
Globally enables sFlow statistical packet sampling.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command enables sFlow globally on the switch.

Note
sFlow and mirroring are not mutually exclusive. You can enable sFlow and
mirroring at the same time.

Any traffic grouping using QP2 may encounter unexpected results when sFlow is
enabled. For more information about QoS, see the Quality of Service section in the
Switch Engine 32.7.1 User Guide.

Example
The following command enables sFlow sampling globally:
enable sflow

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 2403

enable sflow ports Commands

enable sflow ports

enable sflow ports [ all |port_list ] {ingress | egress | both }

Description
Enables sFlow statistical packet sampling on a particular list of ports.

Syntax Description
port_list Specifies a list of ports.
all All ports in the system.
ingress Enables ingress sFlow on a per-port basis.
egress Enables egress sFlow on a per-port basis.
both Enables both ingress and egress sFlow on a per-port basis.

Default
Ingress.

Usage Guidelines
This command enables sFlow on a particular list of ports. Ingress, egress, or a
combination of both types of sampling can be enabled on a port. You also need to
enable sFlow globally in order to gather statistics and send the data to the collector.
Once sFlow is enabled globally, and on the ports of interest, sampling and polling
begins.

Use the following command to enable sFlow globally: enable sflow

Note
sFlow and mirroring are not mutually exclusive. You can enable sFlow and
mirroring at the same time.

For more information about mirroring, see Configuring Slots and Ports on a Switch.

Example
The following command enables egress sFlow sampling on the port 3:1:
enable sflow ports 3:1 egress

History
This command was first available in ExtremeXOS 11.0.

The ingress, egress, and both keywords we added in ExtremeXOS 15.4.

2404 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

enable sharing grouping

enable sharing port grouping port_list {algorithm [address-based {L2 |
L3 | L3_L4 | custom} | port-based }]} {resilient-hashing [on | off]}
{distribution-mode [all | local-slot | port-lists]} {lacp | health-
check}

Description
Enables the switch to configure port link aggregation, or load sharing. By using link
aggregation, you use multiple ports as a single logical port. Link aggregation also
provides redundancy because traffic is redistributed to the remaining ports in the LAG
if one port in the group goes down. LACP allows the system to dynamically configure
the LAGs.

The port-based keyword was added to the command to support the creation of port-
based load sharing groups.

Syntax Description
port Specifies the master logical port for a load-sharing group or link
aggregation group (LAG).
port_list Specifies one or more ports or slots and ports to be grouped to the
logical port.
address- Specifies link aggregation by address-based algorithm.
based
L2 Specifies address-based link aggregation by Layer 2. This is the
default value.
L3 Specifies address-based link aggregation by Layer 3.

Note: The L3 algorithm will be deprecated. Selection of L3 behaves

the same as L3_L4. The inclusion of Layer 4 ports for distribution
is not available on a per group basis. The inclusion of Layer4 ports
for distribution is controlled globally for all LAGs in a switch via the
configure forwarding sharing [L3 | L3_L4] command.

L3_L4 Specifies address-based link aggregation by Layer 3 IP plus Layer4

port.

Note: The inclusion of Layer4 ports for distribution is not available

on a per group basis. The inclusion of Layer4 ports for distribution
is controlled globally for all LAGs in a switch via the configure
forwarding sharing [L3 | L3_L4] command.

Switch Engine™ Command Reference Guide for version 32.7.1 2405

Default Commands

custom Selects the custom link aggregation algorithm configured with the
following command: configure sharing address-based custom
[ipv4 [L3-and-L4 | source-only | destination-only |
source-and-destination] | hash-algorithm [xor | crc-16]].
The configuration of the custom option applies to all LAGs on the
switch.
port-based Supports the creation of port-based load sharing groups.
all All active members of the group are eligible for distribution on all
slots in the switch.
local-slot If there are one or more active members of the group on the slot
where traffic is received, distribution wil be restricted to these local-
slot members.
port-lists If there are one or more active members of the group in the
configured distribution port list for the slot on which traffic is
received, distribution will be restricted to these configured ports.
resilient- Enables the resilient hashing hardware-based capability that
hashing minimizes the remapping of flows to aggregator member ports
during aggregator member changes.
lacp Specifies dynamic link aggregation, or load sharing, using the LACP.
health-check Specifies a health check type of link aggregation group.

Default
Disabled.

Usage Guidelines
Link aggregation, or load sharing, allows you to increase bandwidth and availability
between switches by using a group of ports to carry traffic in parallel between switches.
The aggregation algorithm allows the switch to use multiple ports as a single logical
port. For example, VLANs see the link aggregation group (LAG) as a single logical port.

Note
All ports that are designated for the LAG must be removed from all VLANs prior
to configuring the LAG.

You can enable and configure dynamic link aggregation, using LACP or health-check
link aggregation. Static link aggregation is the default link aggregation method.

Note
Always verify the LACP configuration by issuing the show ports sharing
command. Look for the ports listed as being in the aggregator.

If a port in a LAG fails, traffic is redistributed to the remaining ports in the LAG. If the
failed port becomes active again, traffic is redistributed to include that port.

Link aggregation must be enabled on both ends of the link, or a network loop will
result.

2406 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Any attempt to enable sharing on ports that have an configuration is denied with
following error message:
ERROR: Sharing configuration on MLAG ports cannot be modified. Use "disable mlag port
<port>" to remove port from MLAG group first.

Note
See the appropriate version of the Switch Engine 32.7.1 User Guide for
information on the interaction of port-based ACLs and LAGs of ports.

If there is a port configuration mismatch detected in the LAG, warning messages like
the following may display:
WARNING: Member port 11 has a different speed (100 Mbps) than the Master port speed (1
Gbps). It is recommended that master and member ports configuration be consistent to avoid
traffic imbalance across LAG members.

LAGs are defined according to the following rules:

• Although you can reference only the logical port of a LAG to a STPD, all the ports of a
load-sharing group actually belong to the specified STPD.
• When using link aggregation, you should always reference the logical port of the
LAG when configuring or viewing VLANs. VLANs configured to use other ports in the
LAG will have those ports deleted from the VLAN when link aggregation becomes
enabled.

Link aggregation, or load-sharing, algorithms allow you to select the distribution

technique used by the LAG to determine the output port selection. Algorithm selection
is not intended for use in predictive traffic engineering.

ExtremeXOS switches use address based algorithms to determine which physical port
in the LAG to use for forwarding traffic out of the switch. Refer to configure sharing
address-based custom for more information on using addressing information.

For Port-based load sharing:

Note
If you attempt to create a port-based load sharing group with more than 16
possible aggregator ports, the following message will be displayed:
Error: The system can have a maximum of 16 ports in a load sharing group withthe
configured algorithm.
This message indicates enforcement of the limit of 16 aggregator ports in
a port-based LAG. Existing error messages are also used to enforce the 16
aggregator port limit for port-based load sharing groups modified by the
configure sharing port add portsport_list command.

You cannot enable sharing on ports that have MVRP enabled.

The following guidelines apply to link aggregation on all switches:

• For all switches a static LAG can contain up to 8 ports.
• An LACP LAG can include twice the number of ports as a static LAG; out of these half
can be selected links and any remaining ports will be standby links.
• A Health Check LAG may contain the same number of ports as a static LAG.

Switch Engine™ Command Reference Guide for version 32.7.1 2407

History Commands

• The maximum number of LAGs is 128.

• The default load-sharing algorithm is L2 address-based aggregation. Any broadcast,
multicast, or unknown unicast packet is distributed across all members in the LAG.
• The available address-based parameters are L2 for Layer 2 and L3_L4 for Layer 3 plus
Layer4. If the packet is not IP, the switch applies the Layer 2 algorithm, which is the
default setting.
• The custom keyword is supported on all switches.

History
This command was first available in ExtremeXOS 10.1.

The address-based algorithm was added in ExtremeXOS 11.0.

The L2 and L3 optional parameters were added in ExtremeXOS 11.1.

IPv6-compatibility was added in ExtremeXOS 11.2.

Dynamic link aggregation, using LACP, was added in ExtremeXOS 11.3.

The L3_L4 optional parameter was added in ExtremeXOS 11.5.

SummitStack functionality was added in ExtremeXOS 12.0.

Health-check link aggregation was added in ExtremeXOS 12.1.3.

The custom keyword was added in ExtremeXOS 12.3.

The port-based keyword was added in ExtremeXOS 15.4.

The resilient-hashing keyword was added in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable slpp guard

enable slpp guard ports [port_list | all]

Description
Enables the Simple Loop Protection Protocol (SLPP) Guard feature.

Syntax Description
slpp Specifies enabling SLPP.
guard Specifies disabling a port as soon as an SLPP PDU is
received.

2408 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

ports Specifies selecting ports on which to enable SLPP guard.

port_list Selects which ports to enable SLPP guard on.
all Specifies enabling SLPP guard on all ports.

Default
By default, SLPP Guard is disabled on all ports.

Usage Guidelines
SLPP is an application that detects loops in a Split Multi-link Trunking (SMLT) network.
SLPP Guard is a complementary feature that helps prevent loops in networks by
administratively disabling an edge port if a switch receives an SLPP PDU from an SMLT
network.

Example
The following example enables SLPP Guard on port 5:
# enable slpp guard ports 5

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable smartredundancy
enable smartredundancy port_list

Description
Enables the Smart Redundancy feature on the primary port.

Syntax Description
port_list Specifies one or more ports or slots and ports.

Default
Enabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2409

Usage Guidelines Commands

Usage Guidelines
You must configure the software-controlled redundant port using the configure
ports redundant command prior to enabling Smart Redundancy.

The Smart Redundancy feature works in concert with the software-controlled

redundant port feature. With Smart Redundancy enabled on the switch, when the
primary port becomes active the switch redirects all traffic to the primary port and
blocks the redundant port again. If you disable Smart Redundancy, the primary port is
blocked because traffic is now flowing through the redundant port.

Example
The following command enables the Smart Redundancy feature on port 4 on a switch:

enable smartredundancy 4

History
This command was available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable snmp access

enable snmp access {snmp-v1v2c | snmpv3}

Description
Selectively enables SNMP access on the switch.

Syntax Description
snmp-v1v2c Specifies SNMPv1/v2c access only.
snmpv3 Specifies SNMPv3 access only.

Default
Disabled.

Usage Guidelines
To have access to the SNMP agent residing in the switch, at least one VLAN must have
an IP address assigned to it.

2410 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Any network manager running SNMP can manage the switch for v1/v2c/v3, provided
the MIB is installed correctly on the management station. Each network manager
provides its own user interface to the management facilities.

For SNMPv3, additional security keys are used to control access, so an SNMPv3
manager is required for this type of access.

This command allows you to enable either all SNMP access, no SNMP access, v1/v2c
access only, or v3 access only.

To prevent any SNMP access, use the following command : disable snmp access
{snmp-v1v2c | snmpv3}

ExtremeXOS 11.2 introduced the concept of safe defaults mode. Safe defaults mode
runs an interactive script that allows you to enable or disable SNMP, Telnet, and switch
ports. When you set up your switch for the first time, you must connect to the console
port to access the switch. After logging in to the switch, you enter safe defaults mode.
Although SNMP, Telnet, and switch ports are enabled by default, the script prompts
you to confirm those settings.

If you choose to keep the default setting for SNMP—the default setting is enabled—the
switch returns the following interactive script:
Since you have chosen less secure management methods, please remember to increase the
security of your network by taking the following actions: * change your admin password
* change your SNMP public and private strings * consider using SNMPv3 to secure network
management traffic

In addition, you can return to safe defaults mode by issuing the following command:
run provisioning

If you return to safe defaults mode, you must answer the questions presented during
the interactive script.

For more detailed information about safe defaults mode, see the Using Safe Defaults
Mode section in the Switch Engine 32.7.1 User Guide.

Example
The following command enables all SNMP access for the switch:
enable snmp access

History
This command was first available in ExtremeXOS 10.1.

SNMPv3 was added to ExtremeXOS 12.2. It was also included in ExtremeXOS 11.6.4 and
12.1.2.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 2411

enable snmp access vr Commands

enable snmp access vr

enable snmp access vr [vr_name | all]

Description
Selectively enables SNMP access on virtual routers.

Syntax Description
vr_name Specifies the virtual router name.
all Specifies all virtual routers.

Default
Enabled on all virtual routers.

Usage Guidelines
Use this command to enable SNMP access on any or all virtual routers.

To disable SNMP access on virtual routers, use the disable snmp access vr
command.

To display the SNMP configuration and statistics on a specified virtual router, use the
show snmp vr_name command.

Example
The following command enables SNMP access on the virtual router vr-finance:
enable snmp access vr vr-finance

History
This command was first available in ExtremeXOS 12.4.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable snmp community

enable snmp community [encrypted enc_community_name | community_name |
alphanumeric-community-string | hex hex_community_name

2412 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Enables SNMP community strings.

Syntax Description
encrypted Community name is encrypted.
enc_community_name Encrypted community name.
community_name Community name in ASCII format.
hex Provide value in hexadecimal.
hex_community_name Community name in hexadecimal.
alphanumeric- Specifies the SNMP community string name.
community-string

Default
N/A.

Usage Guidelines
This command allows the administrator to enable an snmp community that has been
disabled. It sets the row status of the community to Active.

Example
The following command enables the community string named extreme:

enable snmp community extreme

History
This command was first available in ExtremeXOS 12.1.

The hex keyword and hex_community_name variable were added in ExtremeXOS 15.6.

Platform Availability
This command is available on all Universal switches supported in this document.

enable snmp trap l3vpn

enable snmp trap l3vpn {vr_name}

Switch Engine™ Command Reference Guide for version 32.7.1 2413

Description Commands

Description
This command enables Layer 3 VPN MIB notification traps for the child VPN VRFs of the
specified VR.

Syntax Description
vr_name Specifies the name of the parent VR where this RFC 4382
scalar is applied. If vr_name is not provided, then this
command is applied to the VR in the current context.

Default
Disabled.

Usage Guidelines
This command enables generation of the following Layer 3 VPN SNMP traps:
• mplsL3VpnVrfUp—Sent when the first IP VLAN becomes active and the
administrative state is enabled.
• mplsL3VpnVrfDown—Sent when the last active IP VLAN becomes inactive, or the
administrative state is disabled.

Example
The following example enables SNMP traps for Layer 3 VPNs on the default VR:

enable snmp traps l3vpn vr vr-default

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable snmp traps

enable snmp traps

Description
Turns on SNMP trap support.

2414 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
An authorized trap receiver can be one or more network management stations on your
network. The switch sends SNMP traps to all trap receivers.

To view if SNMP traps are being sent from the switch, use the show management
command. The show management command displays information about the switch
including the enabled/disabled state of SNMP traps being sent.

Example
The following command enables SNMP trap support on the switch:

enable snmp traps

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable snmp traps configuration

enable snmp traps configuration [save | change]

Description
Enables sending SNMP trap when saving or changing the switch configuration.

Syntax Description
configuration Sends SNMP trap for switch configuration.
save Generates SNMP trap when switch configuration is saved
(default is disabled).
change Generates SNMP trap when switch configuration is
changed (default is disabled).

Switch Engine™ Command Reference Guide for version 32.7.1 2415

Default Commands

Default
The default is that SNMP traps are disabled for switch configuration changes/saves.

Example
The following example enables SNMP traps for switch configuration changes:
enable snmp traps configuration change

History
This command was first available in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document..

enable snmp traps bfd

enable snmp traps bfd session down | session-up

Description
This command enables session up/down trap reception for BFD.

Syntax Description
snmp Configure SNMP specific settings.
traps Configure SNMP Trap generation settings.
bfd BFD-specific traps.
session-down Generate trap when BFD session goes down.
session-up Generate trap when BFD session goes up.

Default
Both session-down and session-up.

Usage Guidelines
Use this command to enable trap reception for BFD session up/down.

Example
The following command will enable trap generation for BFD session down events.
# enable snmp traps bfd session-down

2416 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on all Universal switches supported in this document.

enable snmp traps fdb mac-tracking

enable snmp traps fdb mac-tracking

Description
Enables SNMP trap generation when MAC-tracking events occur for a tracked MAC
address.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
None.

Example
The following example enables SNMP traps for MAC-tracking events:
enable snmp traps fdb mac-tracking

History
This command was first available in ExtremeXOS 12.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable snmp traps identity-management

enable snmp traps identity-management

Switch Engine™ Command Reference Guide for version 32.7.1 2417

Description Commands

Description
Enables the identity management feature to send SNMP traps for low memory
conditions.

Syntax Description
This command has no arguments or variables.

Default
No traps are sent.

Usage Guidelines
The low memory conditions are described in the description for the configure
identity-management stale-entry aging-time seconds command.

Example
The following command enables the identity management SNMP trap feature:

enable snmp traps identity-management

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

enable snmp traps l2vpn

enable snmp traps l2vpn

Description
Enables SNMP traps associated with Layer 2 VPNs for all MPLS configured VLANs.

Syntax Description
This command has no arguments or variables.

Default
All Layer 2 VPN traps are disabled.

2418 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command enables SNMP traps associated with Layer 2 VPNs:
enable snmp traps l2vpn

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable snmp traps l3vpn

enable snmp traps l3vpn {vr vr_name}

Description
Use this command to turn on SNMP trap support for L3 VPN.

Syntax Description
vr_name Specifies the name of the parent VR where this RFC 4382
scalar is applied. If VR name is not provided, then this
command is applied to the VR in the current context.

Default
Enabled.

Usage Guidelines
Use this command to enable generation of L3VPN SNMP traps—mplsL3VpnVrfUp and
mplsL3VpnVrfDown. These trap notifications are sent under the following conditions:
• mplsL3VpnVrfUp—first IP VLAN becomes active and administrative state is enabled.
• mplsL3VpnVrfDown—last active IP VLAN becomes inactive OR administrative state
is disabled.

Example
The following example enables L3 VPN SNMP traps support on the switch:
enable snmp traps l3vpn vr vr-default

Switch Engine™ Command Reference Guide for version 32.7.1 2419

History Commands

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable snmp traps lldp

enable snmp traps lldp {ports [all | port_list]}

Description
Enables the transmission of LLDP SNMP trap notifications.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.

Default
Disabled.

Usage Guidelines
Note
To enable SNMP traps for LLDP MED TLVs, you must issue a separate
command; use the enable snmp traps lldp-med {ports [all |
port_list]} .

If you do not specify any ports, the system sends LLDP traps for all ports.

Note
The Avaya-Extreme proprietary TLVs do not send traps.

Example
The following command enables LLDP SNMP traps for all ports:

enable snmp traps lldp ports all

History
This command was first available in ExtremeXOS 11.2.

2420 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

enable snmp traps lldp-med

enable snmp traps lldp-med {ports [all | port_list]}

Description
Enables the transmission of LLDP SNMP trap notifications related to LLDP MED
extension TLVs.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.

Default
Disabled.

Usage Guidelines
If you do not specify any ports, the system sends LLDP-MED traps for all ports.

Example
The following command enables LLDP-MED SNMP traps for all ports:

enable snmp traps lldp-med ports all

History
This command was first available in ExtremeXOS 11.5.

Platform Availability
This command is available on all Universal switches supported in this document.

enable snmp traps mpls

enable snmp traps mpls

Description
Enables SNMP traps associated with MPLS for all MPLS configured VLANs.

Switch Engine™ Command Reference Guide for version 32.7.1 2421

Syntax Description Commands

Syntax Description
This command has no arguments or variables.

Default
All MPLS traps are disabled.

Example
The following command enables SNMP traps associated with MPLS:

enable snmp traps mpls

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable snmp traps ospf

enable snmp traps ospf [all | trap-map bit-map]

Description
Enables the OSPF module to send traps on various OSPF events.

Syntax Description
all Sets RFC1850 ospfSetTrap to 0x1ffff.
trap-map Specifies the ospfSetTrap as defined in RFC1850.
bit-map Specifies the ospfSetTrap value in HEX (for example, 0x1ffff
for all traps).

Default
The default is disabled.

Usage Guidelines
This command enables the OSPF module to send traps on various OSPF events.

2422 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command sets ospfSetTrap for all traps:

enable snmp traps ospf all

History
This command was first available in ExtremeXOS 12.6.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable snmp traps ospfv3

enable snmp traps ospfv3

Description
Enables the transmission of OSPFv3 SNMP notifications.

Syntax Description
ospfv3 OSPFv3-related traps.

Default
The default is disabled.

Example
The following example enables the transmission of OSPFv3 SNMP notifications:
enable snmp traps ospfv3

History
This command was first available in ExtremeXOS 22.1.

Platform Availability
This command is available on platforms with Base license, or higher, as described in the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 2423

enable snmp traps port-up-down ports Commands

enable snmp traps port-up-down ports

enable snmp traps port-up-down ports [port_list | all]

Description
Enables port up/down trap reception for specified ports.

Syntax Description
port_list Specifies one or more ports or slots and ports.
all Specifies all ports on the switch.

Default
Enabled.

Usage Guidelines
Use this command to begin receiving SNMP trap messages when a port transitions
between being up and down.

Example
The following command enables ports 3, 5, and 12 through 15 on a stand-alone switch to
receive SNMP trap messages when the port goes up/down:

enable snmp traps port-up-down ports 3,5,12-15

History
This command was first available in ExtremeXOS 10.6.

Platform Availability
This command is available on all Universal switches supported in this document.

enable snmpv3
enable snmpv3 default-group

Description
Selectively enables SNMPv3 default-group access on the switch.

2424 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
default-group Specifies SNMPv3 default-group.

Default
Enabled.

Usage Guidelines
This command is used to enable SNMPv3 default-group access.

Enabling SNMPv3 default-group access activates the access to an SNMPv3 default-

group and the user-created SNMPv3-user part of default-group. This command
produces an error if SNMPv3 access is disabled on the switch.

The default groups are: admin, initial, v1v2c_ro, v1v2c_rw.

Example
The following command enables the default group access on the switch:

enable snmp default-group

History
This command was available in ExtremeXOS 12.2.

It was also included in ExtremeXOS 11.6.4 and ExtremeXOS 12.1.2.

The default-user option was removed in ExtremeXOS 22.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable snmpv3 community

enable snmpv3 community [ community_index | hex hex_community_index ]

Description
This command enables a community entry specified by the community index.

Switch Engine™ Command Reference Guide for version 32.7.1 2425

Syntax Description Commands

Syntax Description
community_index Community index in ASCII.
hex Provide value in hexadecimal.
hex_community_index Community index in hexadecimal.

Default
Enabled.

Usage Guidelines
This command is used to enable a community entry specified by the community index.

Example

enable snmpv3 community abcd

History
This command was available in ExtremeXOS 15.6.

Platform Availability
This command is available on all Universal switches supported in this document.

enable sntp-client
enable sntp-client

Description
Enables the SNTP client.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
SNTP can be used by the switch to update and synchronize its internal clock from
a Network Time Protocol (NTP) server. After the SNTP client has been enabled, the

2426 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

switch sends out a periodic query to the indicated NTP server, or the switch listens
to broadcast NTP updates. In addition, the switch supports the configured setting for
Greenwich Mean Time (GMT) offset and the use of Daylight Savings Time (DST).

Example
The following command enables the SNTP client:

enable sntp-client

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable ssh2
enable ssh2 {access-profile [access_profile | none]} {port
tcp_port_number} {vr [vr_name | all | default]}

Description
Enables SSH2 server to accept incoming sessions from SSH2 clients.

Syntax Description
access_profile Specifies an ACL policy.
none Cancels a previously configured ACL policy.
port Specifies a TCP port number. The default is port 22.
vr_name Specifies a virtual router name.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

all Specifies that SSH is enabled on all virtual routers.

default Specifies that SSH is enabled on the default virtual router.

Default
The SSH2 feature is disabled by default.

Switch Engine™ Command Reference Guide for version 32.7.1 2427

Usage Guidelines Commands

Usage Guidelines
SSH2 enables the encryption of session data. You must be logged in as an
administrator to enable SSH2.

Use the port option to specify a TCP port number other than the default port of 22. You
can only specify ports 22 and 1024 through 65535.

Using ACLs to Control SSH Access

You can specify a list of predefined clients that are allowed SSH2 access to the switch.
To do this, you configure an ACL policy to permit or deny a specific list of IP addresses
and subnet masks for the SSH port. You must create an ACL policy file before you can
use the access-profile option. If the ACL policy file does not exist on the switch, the
switch returns an error message indicating that the file does not exist.

Use the none option to cancel a previously configured ACL.

In the ACL policy file for SSH2, the source-address field is the only supported match
condition. Any other match conditions are ignored.

Policy files can also be configured using the following command:

configure ssh2 access-profile [ access_profile | [[addrule ] [first |
[[before | after]previous_rule]]] | delete rule | none ]

Creating an ACL Policy File

To create an ACL policy file, use the edit policy command. For more information
about creating and implementing ACL policy files, see Policy Manager and ACLs.

If you attempt to implement a policy that does not exist on the switch, an error
message similar to the following appears:
Error: Policy /config/MyAccessProfile_2.pol does not exist on file system

If this occurs, make sure the policy you want to implement exists on the switch. To
confirm the policies on the switch, use the ls command. If the policy does not exist,
create the ACL policy file.

Viewing SSH Information

To view the status of SSH2 sessions on the switch, use the show management command.
This command displays information about the switch including the enable/disable
state for SSH2 sessions and whether a valid key is present.

Example
The following command enables the SSH2 feature:
enable ssh2

The next example assumes you have already created an ACL to apply to SSH.

2428 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The following command applies the ACL MyAccessProfile_2 to SSH:

enable ssh2 access-profile MyAccessProfile_2

History
This command was first available in the ExtremeXOS 11.0

The access-profile and none options were added in ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable stacking
enable stacking {node-address node-address}

Description
This command enables stacking on one or all nodes.

Syntax Description
node-address Specifies the MAC address of a node in the stack. To view
the MAC addresses for all nodes in a stack, enter the show
stacking command.

Default
Default value is stacking disabled.

Usage Guidelines
This command enables stacking on one or all nodes. When a node is operating in
stacking mode, QoS profile QP7 cannot be created.

For information about stacking methods, and which switches can stack with other
switches, see the Available Stacking Methods topic in the Switch Engine 32.7.1 User
Guide.

If a node-address is not specified, this command first performs an analysis of the

current stacking configuration on the entire stack. If the stack has not yet been
configured for stacking operation, or if the configuration is self-inconsistent, the user is
offered the option of invoking the easy setup function. The following message appears:
You have not yet configured all required stacking parameters. Would you
like to perform an easy setup for stacking operation? (y/N)

Switch Engine™ Command Reference Guide for version 32.7.1 2429

Example Commands

If you enter Yes, the easy setup procedure is invoked and you first see the following
message:
Executing "configure stacking easy-setup" command...

If you enter No, the following message appears:

Stacking has been enabled as requested.

The following describes the operation performed if easy setup is neither offered nor
selected.

If you do not enter any node-address, stacking is enabled on all nodes in the stack
topology.

If the node-address parameter is present, stacking is enabled on the node with the
specified node-address. This is the MAC address assigned to the stackable by the
factory.

The show stacking configuration command shows the current configuration of this
parameter as well as the value currently in use.

A node that is enabled for stacking attempts to join the active topology. If successful,
it then negotiates a node role with the other nodes in the stack and becomes an
operational node in the stack according to its role. The master node's configuration is
applied to the node.

When this command is executed successfully, the following message appears:

This command will take effect at the next reboot of the specified
node(s).

Example
To enable stacking on a stack:
# enable stacking
This command will take effect at the next reboot of the specified node(s).

To enable stacking on node 5, with a MAC address 00:04:96:26:6b:ed:

# enable stacking node-address 00:04:96:26:6b:ed
This command will take effect at the next reboot of the specified node(s).

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available with all licenses and platforms that support the
SummitStack feature. For information about which licenses and platforms support
the SummitStack feature, see the Switch Engine 32.7.1 Feature License Requirements
document.

2430 Switch Engine™ Command Reference Guide for version 32.7.1

Commands enable stacking-support

enable stacking-support
enable stacking-support

Description
This command enables a switch with dual-purpose hardware to participate in a stack.

Syntax Description
This command does not have additional syntax.

Default
Stacking support is disabled by default for all platforms.

Usage Guidelines
The Stacking-Support Option Control column in Table 17 on page 1417 displays Yes
in the rows for switch configurations for which you can enable the stacking-support
option.

After you enable the stacking-support option, you must reboot the switch to activate
the configuration change.

If you enable the stacking-support option on a switch and reboot, data

communications on the data ports listed in Table 17 on page 1417 stops, and the ports
use stacking protocols instead of Ethernet protocols.

Example
To enable the stack ports, enter the following command:
# enable stacking-support
This setting will take effect at the next reboot of this switch.

History
This command was first available in ExtremeXOS 12.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable stpd
enable stpd {stpd_name}

Switch Engine™ Command Reference Guide for version 32.7.1 2431

Description Commands

Description
Enables the STP protocol for one or all STPDs.

Syntax Description
stpd_name Specifies an STPD name on the switch.

Default
Enabled.

Usage Guidelines
If you want to enable the STP protocol for all STPDs, do not specify an STPD name.

Example
The following command enables an STPD named Backbone_st:

enable stpd backbone_st

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable stpd auto-bind

enable stpd stpd_name auto-bind [ {vlan} vlan_name | vlan vlan_list]

Description
Automatically adds ports to an STPD when ports are added to a member VLAN.

Syntax Description
stpd_name Specifies an STPD name on the switch.
vlan_name Specifies the name of the VLAN to have autobind enabled.
vlan_list Specifies the VLAN list of IDs to have autobind enabled.

2432 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
The autobind feature is disabled on user-created STPDs. The autobind feature is
enabled on the default VLAN that participates in the default STPD S0.

If you enable autobind and add ports to a member VLAN, those ports are automatically
added to the STPD.

Usage Guidelines
If you create an STPD and a VLAN with unique names, the keywords stpd and vlan are
optional.

You cannot configure the autobind feature on a network login VLAN.

In an EMISTP or PVST+ environment, when you issue this command, any port or list
of ports that you add to the carrier VLAN are automatically added to the STPD with
autobind enabled. In addition, any port or list of ports that you remove from a carrier
VLAN are automatically removed from the STPD. This allows the STPD to increase or
decrease its span as you add ports to or remove ports from a carrier VLAN.

For MSTP, when you issue this command, any port or list of ports that gets
automatically added to an MSTI are automatically inherited by the CIST. In addition, any
port or list of ports that you remove from an MSTI protected VLAN are automatically
removed from the CIST. For more information see the section. For more information,
see Automatically Inheriting Ports--MSTP Only on page 2434.

Carrier VLAN
A carrier VLAN defines the scope of the STPD, which includes the physical and logical
ports that belong to the STPD and the 802.1Q tag used to transport STP BPDUs in the
encapsulation mode is EMISTP or PVST+. Only one carrier VLAN can exist in a given
STPD, although some of its ports can be outside the control of any STPD at the same
time.

Note
The STPD ID must be identical to the VLAN ID of the carrier VLAN in that STPD.

If you configure MSTP, you do not need a carrier VLAN. With MSTP, you configure a
CIST that controls the connectivity of interconnecting MSTP regions and sends BPDUs
across the regions to communicate the status of MSTP regions. All VLANs participating
in the MSTP region have the same privileges.

Protected VLAN
Protected VLANs are all other VLANs that are members of the STPD. These VLANs
“piggyback” on the carrier VLAN. Protected VLANs do not transmit or receive STP
BPDUs, but they are affected by STP state changes and inherit the state of the carrier
VLAN. Protected VLANs can participate in multiple STPDs, but any particular port in the
VLAN can belong to only one STPD.

Switch Engine™ Command Reference Guide for version 32.7.1 2433

Automatically Inheriting Ports--MSTP Only Commands

Enabling autobind on a protected VLAN does not expand the boundary of the STPD.
However, the VLAN and port combinations are added to or removed from the STPD
subject to the boundaries of the carrier VLAN.

If you configure MSTP, all member VLANs in an MSTP region are protected VLANs.
These VLANs do not transmit or receive STP BPDUs, but they are affected by STP state
changes communicated by the CIST to the MSTP regions. MSTIs cannot share the same
protected VLAN; however, any port in a protected VLAN can belong to multiple MSTIs.

Automatically Inheriting Ports--MSTP Only

In an MSTP environment, whether you manually or automatically bind a port to an
MSTI in an MSTP region, the switch automatically binds that port to the CIST. The CIST
handles BPDU processing for itself and all of the MSTIs; therefore, the CIST must inherit
ports from the MSTIs in order to transmit and receive BPDUs.

Displaying STP Information

To view STP configuration status of the ports on a VLAN, use the following command:
show {vlan} [vlan_name | vlan_list] stpd

Example
The examples in this section assume that you have already removed the ports from the
Default VLAN.

To automatically add ports to an STPD running 802.1D, EMISTP, or PVST+ and to expand
the boundary of the STPD, you must complete the following tasks:
• Create the carrier VLAN.
• Assign a VLAN ID to the carrier VLAN.
• Add ports to the carrier VLAN.
• Create an STPD (or use the default, S0).
• Enable autobind on the STPDs carrier VLAN.
• Configure the STPD tag (the STPD ID must be identical to the VLAN ID of the carrier
VLAN in the STP domain).
• Enable STP.

The following example enables autobind on an STPD named s8 after creating a carrier
VLAN named v5:
create vlan v5
configure vlan v5 tag 100
configure vlan v5 add ports 1:1-1:20 tagged
create stpd s8
enable stpd s8 auto-bind v5
configure stpd s8 tag 100
enable stpd s8

2434 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

To automatically add ports to the CIST STPD and to expand the boundary of the STPD,
you must complete the following tasks:
• Create a VLAN or use the Default VLAN. (In this example, the Default VLAN is used.)
• Create the MSTP region.
• Create the STPD to be used as the CIST, and configure the mode of operation for the
STPD.
• Specify the priority for the CIST.
• Enable the CIST.

The following example enables autobind on the VLAN Default for the CIST STPD named
s1. (Starting with ExtremeXOS 22.2, before configuring a user-created STP domain for
MSTP, you must first disable the STPD "s0" domain, which by default is in the MSTP
CIST domain, and change its operational mode to dot1d or dot1w, as only one MSTP
CIST domain can be there on a switch.):
disable stpd s0
configure stpd s0 mode dot1d
configure mstp region 1
create stpd s1
configure stpd s1 mode mstp cist
configure stpd s1 priority 32768
enable stpd s1

The following example enables autobind on the VLAN math for the MSTI STPD named
s2:
create vlan math
configure vlan math tag 2
configure vlan math add ports 2-3
configure mstp region 1
create stpd s2
configure stpd s2 mode mstp msti 1
configure stpd s2 priority 32768
enable stpd s2 auto-bind vlan math
configure stpd s2 ports link-type point-to-point 5-6
enable stpd s2

History
This command was first available in ExtremeXOS 10.1.

The vlan_list variable was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable stpd ports

enable stpd stpd_name ports [all | port_list]

Switch Engine™ Command Reference Guide for version 32.7.1 2435

Description Commands

Description
Enables the STP protocol on one or more ports.

Syntax Description
stpd_name Specifies an STPD on the switch.
all Specifies all ports for a given STPD.
port_list Specifies one or more ports or slots and ports.

Default
Enabled.

Usage Guidelines
If you create an STPD with a unique name, the keyword stpd is optional.

If STP is enabled for a port, BPDUs are generated and processed on that port if STP is
enabled for the associated STPD.

You must configure one or more STPDs before you can use the enable stpd ports
command. To create an STPD, use the create stpd stpd_name {descriptionstpd-
description} command. If you have considerable knowledge and experience with
STP, you can configure the STPD using the configure stpd commands. However, the
default STP parameters are adequate for most networks.

Example
The following command enables slot 2, port 4 on an STPD named Backbone_st:

enable stpd backbone_st ports 2:4

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable stpd rapid-root-failover

enable stpd stpd_name rapid-root-failover

2436 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Enables rapid root failover for faster STP recovery times.

Syntax Description
stpd_name Specifies an STPD name on the switch.

Default
Disabled.

Usage Guidelines
This command is applicable for STPDs operating in 802.1D.

If you create an STPD with a unique name, the keyword stpd is optional.

To view the status of rapid root failover on the switch, use the show stpd command.
The show stpd command displays information about the STPD configuration on the
switch including the enable/disable state for rapid root failover.

Example
The following command enables rapid root fail over on STPD Backbone_st:

enable stpd backbone_st rapid-root-failover

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable subvlan-proxy-arp vlan

enable subvlan-proxy-arp vlan [vlan-name | all]

Description
Enables the automatic entry of subVLAN information in the proxy ARP table.

Switch Engine™ Command Reference Guide for version 32.7.1 2437

Syntax Description Commands

Syntax Description
vlan-name Specifies a superVLAN name.
all Specifies all VLANs.

Default
Enabled.

Usage Guidelines
To facilitate communication between subVLANs, by default, an entry is made in the
IP ARP table of the superVLAN that performs a proxy ARP function. This allows
clients on one subVLAN to communicate with clients on another subVLAN. In certain
circumstances, intra-subVLAN communication may not be desired for isolation reasons.

Note
The isolation option works for normal, dynamic, ARP-based client
communication.

Example
The following example enables the automatic entry of subVLAN information in the
proxy ARP table of the superVLAN "vsuper":
enable subvlan-proxy-arp vlan vsuper

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable switch bluetooth

enable switch bluetooth {discovery | pairing }

Description
Enables Bluetooth capability on a switch.

Syntax Description
switch Designates enabling switch capabilities.
bluetooth Designates enabling Bluetooth capabilities on a switch.

2438 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

discovery Sets discoverable mode of the switch. Default is enabled.

pairing Sets pairing ability with other Bluetooth-capable devices.
Default is enabled.

Default
By default, discovery and pairing modes are enabled.

Usage Guidelines
Using the command with no options enables Bluetooth capability on the switch. The
discovery and pairing options set discoverable mode and pairing ability, respectively.

To disable Bluetooth capabilites, use the disable switch bluetooth {discovery |

pairing } command.

To view Bluetooth and discovery/pairing status, use the show switch bluetooth
[statistics | inventory] command.

Example
The following example enables Bluetooth capability on a switch:
# enable switch bluetooth

The following example enables discovery mode on a switch:

# enable switch bluetooth discovery

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable switch locally-administered-address

enable switch locally-administered-address

Description
Directs the switch to generate locally administered per-port MAC addresses.

Syntax Description
This command has no arguments or variables.

Switch Engine™ Command Reference Guide for version 32.7.1 2439

Default Commands

Default
This feature is disabled by default.

Usage Guidelines
ExtremeXOS switches do not use a unique per-port MAC address when transmitting
bridge protocol data units (BPDUs). As a result, switch management can become
inaccessible when switch MAC addresses are learned on the wrong L2 path
(corresponding to a blocking port). This command allows you to direct the switch
to generate locally administered MAC addresses used by STP/RSTP/MSTP BPDUs as
source MAC address instead of the switch MAC address.

Example
The following example directs the switch to generate locally administered MAC
addresses:
enable switch locally-administered-address

History
This command was first available in ExtremeXOS 22.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable switch usb

enable switch usb

Description
Enables use of the switch's USB port.

Syntax Description
usb Specifies USB port on switch.

Default
Enabled by default.

2440 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This command requires a reboot to take effect. This setting persists after reboots. To
remove it, use the command disable switch usb or use the command unconfigure
switch {all | erase [all | nvram]} with the all option.

Stack support is not available. You need to run this command individually on each node
in a stack.

Example
The following example enables use of the USB port:
enable switch usb
This setting will take effect at the next system reboot.

History
This command was first available in ExtremeXOS 22.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable syslog
enable syslog

Description
Enables logging to all remote syslog host targets.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
To enable remote logging, you must do the following:
• Configure the syslog host to accept and log messages.
• Enable remote logging by using the enable syslog command.
• Configure remote logging by using the configure syslog command.

Switch Engine™ Command Reference Guide for version 32.7.1 2441

Example Commands

When you use the enable syslog command, the exporting process of the syslog
begins. This command also determines the initial state of an added remote syslog
target.

Example
The following command enables logging to all remote syslog hosts:

enable syslog

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable tacacs
enable tacacs

Description
Enables TACACS+ authentication.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
After they have been enabled, all web and Telnet logins are sent to one of the two
TACACS+ servers for login name authentication.

Example
The following command enables TACACS+ user authentication:

enable tacacs

2442 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable tacacs-accounting
enable tacacs-accounting

Description
Enables TACACS+ accounting.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
If accounting is used, the TACACS+ client must also be enabled.

Example
The following command enables TACACS+ accounting for the switch:

enable tacacs-accounting

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable tacacs-authorization
enable tacacs-authorization

Switch Engine™ Command Reference Guide for version 32.7.1 2443

Description Commands

Description
Enables CLI command authorization.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
When enabled, each command is transmitted to the remote TACACS+ server for
authorization before the command is executed. TACACS+ authentication must also
be enabled to use TACACS+ authorization. Use the following command to enable
authentication:
enable tacacs

Example
The following command enables TACACS+ command authorization for the switch:

enable tacacs-authorization

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable tech-support collector

enable tech-support collector

Description
Enables te tech support feature.

Syntax Description
This command has no arguments or variables.

2444 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Disabled.

Usage Guidelines
This command turns on the tech-support feature. In the ExtremeXOS 15.4 release, the
feature is disabled by default. When the feature is disabled, the previous scheduled
reports are canceled, and the bootup event and critical severity events are ignored.

When the feature is enabled, if any configured collector has the report mode set to
automatic, the switch automatically attempts to send switch status reports to those
collectors based on the configuration setting for each individual collector.

You can always use the run tech-support report command to trigger a one-time
report to a particular collector, or all collectors, regardless if the feature is enabled or
disabled or if the collector’s report mode is set to automatic or manual.

Example
The following command enables the tech-support feature:

enable tech-support collector

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

enable telnet
enable telnet

Description
Enables external Telnet services on the system.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2445

Usage Guidelines Commands

Usage Guidelines
You must be logged in as an administrator to enable or disable Telnet.

ExtremeXOS 11.2 introduces the concept of safe defaults mode. Safe defaults mode
runs an interactive script that allows you to enable or disable SNMP, Telnet, and switch
ports. When you set up your switch for the first time, you must connect to the console
port to access the switch. After logging in to the switch, you enter safe defaults mode.
Although SNMP, Telnet, and switch ports are enabled by default, the script prompts
you to confirm those settings.

If you choose to keep the default setting for Telnet—the default setting is enabled—the
switch returns the following interactive script:
Since you have chosen less secure management methods, please remember to increase the
security of your network by taking the following actions: * change your admin password
* change your SNMP public and private strings * consider using SNMPv3 to secure network
management traffic

In addition, you can return to safe defaults mode by issuing the following command:
run provisioning

If you return to safe defaults mode, you must answer the questions presented during
the interactive script.

For more detailed information about safe defaults mode, see the Using Safe Defaults
Mode section in the Switch Engine 32.7.1 User Guide.

Example
With administrator privilege, the following command enables Telnet services on the
switch:
enable telnet

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

enable tunnel
enable {tunnel} tunnel_name

Description
Allows GRE tunnels to be enabled.

2446 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
tunnel_name GRE tunnel name

Default
Enabled.

Usage Guidelines
Use this command to enable GRE tunnels.

Example
enable myGREtunnel

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable twamp reflector

enable twamp reflector {restrict}

Description
This command enables the Session-Reflector.

Syntax Description
restrict Restricts only TWAMP control sessions to create test
sessions and reflector does not respond to TWAMP-test
packets tgat do not match a test session created by a
control session.

Default
N/A.

Usage Guidelines
If the you disable the Session-Reflector, the application terminates all current TWAMP
test sessions. If you specify the restrict keyword, only TWAMP control sessions may

Switch Engine™ Command Reference Guide for version 32.7.1 2447

History Commands

create test sessions and the reflector will not respond to TWAMP-test packets that do
not match a test session created by a control session.

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable twamp server

enable twamp server

Description
This command enables the TWAMP server.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

History
This command was first available in ExtremeXOS 16.1.

Platform Availability
The command is available on all platforms.

enable udp-echo-server
enable udp-echo-server {vr vrid}{udp-port port}

Description
Enables UDP echo server support.

2448 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vrid Specifies the VR or VRF.
port Specifies the UDP port.

Default
Disabled.

Usage Guidelines
UDP echo packets are used to measure the transit time for data between the
transmitting and receiving ends.

Example
The following example enables UDP echo server support:
enable udp-echo-server

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

enable upm profile

enable upm profile profile-name

Description
Enables the use of the specified Universal Port profile on the switch.

Syntax Description
profile-name Specifies the UPM profile to be enabled.

Default
A UPM profile is enabled by default.

Switch Engine™ Command Reference Guide for version 32.7.1 2449

Example Commands

Example
The following command enables a UPM profile called example on the switch:

enable upm profile example

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the Universal Port feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

enable virtual-network remote-endpoint vxlan

enable virtual-network remote-endpoint vxlan [ ipaddress ipaddress {vr
vr_name} | all ]

Description
Enables a VXLAN remote endpoint.

Syntax Description
virtual-network Virtual overlay network.
remote-endpoint Remote tunnel endpoint information.
vxlan VXLAN virtual networks remote endpoint.
ipaddress Specifies an IP address of a remote endpoint.
ipaddress Specifies the IP address of the desired remote endpoint.
vr Specifies a VR/VRF instance the remote endpoint is
associated with.
vr_name Specifies the desired existing VR/VRF instance the remote
endpoint is associated with. Default is VR-Default.
all Specifies all remote tunnel endpoints.

Default
If a VR is not specified, VR-Default is the VR.

2450 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Extreme Loop Recognition Protocol (ELRP) detects loops across VXLAN tunnels. If a
loop is detected across the tunnel, ELRP takes down the VXLAN remote endpoint. You
can use this command to re-enable the remote endpoint.

Example
The following example enables the remote endpoint at 100.1.1.1 on VR-Default (not
specified, command default):
# enable virtual-network remote-endpoint vxlan ipaddress 100.1.1.1

History
This command was first available in ExtremeXOS 22.4.

Platform Availability
This command is available on all Universal switches and stacks supported in this
document.

enable virtual-router
enable virtual-router vrf-name

Description
Enables a VRF.

Note
This command does not affect virtual routers.

Syntax Description
vrf-name Specifies the name of the VR or VRF instance.

Default
Enabled.

Usage Guidelines
This command is used to administratively enable or disable a VRF. The VRF specific
commands are still accepted and retained by the switch. This configuration has an
operational impact on the VRF.

Switch Engine™ Command Reference Guide for version 32.7.1 2451

Example Commands

When you enable a VRF, the software does the following:

• Enables Layer 3 protocols for the VRF.
• Marks static routes as active and adds them to the hardware forwarding tables.

Example
The following example enables VRF "vrf1":
enable virtual-router vrf1

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

enable vlan
enable [ {vlan} vlan_name | vlan vlan_list]

Description
Use this command to re-enable a VLAN that you previously disabled.

Syntax Description
vlan_name Specifies the VLAN you want to enable.
vlan_list Specifies the VLAN list of IDs you want to enable.

Default
Enabled.

Usage Guidelines
This command allows you to administratively enable specified VLANs that you
previously disabled.

Example
The following example enables the VLAN named "accounting":
enable vlan accounting

2452 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.4.

The vlan_list option was added in ExtremeXOS 16.1.

Platform Availability
This command is available on all Universal switches supported in this document.

enable vman cep egress filtering ports

enable vman cep egress filtering ports {port_list | all}

Description
Enables the egress filtering of frames based on their CVIDs on ports configured as
CEPs.

Syntax Description
port_list Specifies a list of ports.
all Specifies all switch ports.

Default
Egress CVID filtering is disabled.

Usage Guidelines
For a given VMAN and a port configured as a CEP for that VMAN, only frames with
CVIDs that have been mapped from the CEP to the VMAN are forwarded from the
VMAN and out the CEP.

To view the configuration setting for the egress CVID filtering feature, use the show
ports information command.

Note
CVID egress filtering is available only on switches that support this feature,
and when this feature is enabled, it reduces the maximum number of CVIDs
supported on a port. The control of CVID egress filtering applies to fast-
path forwarding. When frames are forwarded through software, CVID egress
filtering is always enabled.

Example
The following command enables egress CVID filtering on port 1:
enable vman cep egress filtering port 1

Switch Engine™ Command Reference Guide for version 32.7.1 2453

History Commands

History
This command was first available in ExtremeXOS 12.6.

Platform Availability
This command is available on all Universal switches supported in this document.

enable vm autostart
enable vm vm_name autostart

Description
Enables automatic start-up of guest virtual machines (VMs).

Syntax Description
vm Designates a virtual machine.
vm_name Specifies the VM name.
autostart Specifies automatic start-up of the specified VM. Default is
disabled.

Default
By default, automatic start-up is disabled.

Usage Guidelines
This command enables automatically starting up a specific VM when the system starts.

You must reboot the switch for this command to take effect.

To disable automatic start-up, use the command disable vm vm_name autostart.

Example
The following example enables automatic start-up of VM "vm1":
# enable vm vm1 autostart

History
This command was first available in ExtremeXOS 30.3.

2454 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all platforms that support the Integrated Application
Hosting (IAH) feature and have a Core or Premier license installed. For a list of platforms
that support the IAH feature and for information about licenses, see the Switch Engine
32.7.1 Feature License Requirements.

enable vm-tracking
enable vm-tracking

Description
Enables the XNV feature on the switch.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command enables the XNV feature, which tracks VMs that connect to the switch.

This command does not enable XNV on any ports. To start tracking VMs, you must
enable VM tracking on one or more ports using the enable vm-tracking ports
command.

Example
The following command enables the XNV feature:
# enable vm-tracking

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on ExtremeSwitching 5420 and 5520 series switches.

enable vm-tracking dynamic-vlan ports

enable vm-tracking dynamic-vlan ports port_list

Switch Engine™ Command Reference Guide for version 32.7.1 2455

Description Commands

Description
This command enables VM-tracking dynamic VLAN on specific ports. The ALL option
is not supported because VM-tracking dynamic VLAN should never be enabled on a
switch's uplink port.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
Use this command to enable VM-tracking dynamic VLAN on specific ports. The ALL
option is not supported because VM-tracking dynamic VLAN should not be enabled on
a switch's uplink port.

Example
The following command enables VM tracking dynamic VLAN on port 2:1:
# enable vm-tracking dynamic-vlan ports 2:1

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on ExtremeSwitching 5420 and 5520 series switches.

enable vm-tracking ports

enable vm-tracking ports port_list

Description
Enables the XNV feature on the specified ports.

Syntax Description
port_list Specifies one or more ports or slots and ports.

2456 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Disabled.

Usage Guidelines
You must enable VM tracking on the switch with the enable vm-tracking command
before you can use this command. This command enables VM tracking on the specified
ports. You should enable VM tracking only on ports that connect directly to a server
that hosts VMs that you want to track. You should never enable VM tracking on a switch
uplink port.

Example
The following command enables VM tracking on port 2:1:
# enable vm-tracking ports 2:1

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on ExtremeSwitching 5420 and 5520 series switches.

enable vpex
enable vpex

Description
Enables VPEX mode for using bridge port extenders (BPEs).

Syntax Description
vpex Specifies Virtual Port Extender (VPEX).

Default
N/A.

Usage Guidelines
This command enables VPEX mode and allows you to refer to ports in the slot:port
notation in applicable commands. A reboot of the switch is required for the command

Switch Engine™ Command Reference Guide for version 32.7.1 2457

Example Commands

to take effect. After rebooting, the CLI prompt changes to show that the switch is now
slot 1 (for example):
Slot-1 VPEX switch model #

After enabling VPEX mode, to use the BPE, you need to configure the slot assignment
for the BPE, using the command: enable vpex

VPEX mode is not compatible with stacking mode. Only one of these modes can be
enabled at a time.

Example
The following example enables VPEX mode:
# enable vpex

History
This command was first available in ExtremeXOS 22.5.

Platform Availability
This command is available on ExtremeSwitching 5420 and 5520 series switches, and
Extreme 7520-48Y switches.

enable vpex auto-configuration

enable vpex auto-configuration

Description
Enables automatic configuration of the Extended Edge Switchingarchitecture
(controlling bridge (CB) and bridge port extenders (BPEs)).

Syntax Description
vpex Specifies Virtual Port Extender (VPEX).
auto-configuration Specifies enabling automatic configuration of the
Extended Edge Switching architecture.

Default
Disabled.

2458 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
When this command is run the controlling bridge switch detects new BPEs connected
to ports not configured as cascade ports, and automatically configures cascade ports,
extended slots, and LAGs/MLAGs on cascade ports.

If you want to use redundant CBs, you must create the peer relationship between
redundant CBs and ensure that both CBs are up. The rest of the MLAG setup for
redundant CBs is handled automatically.

To enable auto-configuration, you must first enter VPEX mode (see enable vpex on
page 2457).

When auto-configuration mode is enabled, you cannot manually configure Extended

Edge Switching ports using the command configure vpex ports port_list slot
slot_num

Example
The following example enables auto-configuration mode:
# enable vpex auto-configuration

History
This command was first available in ExtremeXOS 22.6.

Platform Availability
This command is available on ExtremeSwitching 5420 and 5520 series switches, and
Extreme 7520-48Y switches.

enable vpex auto-upgrade

enable vpex auto-upgrade

Description
Enables automatic upgrading on Extended Edge Switching topologies.

Syntax Description
vpex Specifies Virtual Port Extender (VPEX).
auto-upgrade Specifies that the controlling bridge (CB) automatically
upgrades bridge port extender (BPE) slots in mode (default
is enabled).

Switch Engine™ Command Reference Guide for version 32.7.1 2459

Default Commands

Default
Automatic upgrading is enabled by default.

Usage Guidelines
Automatic upgrading can occur only when both CBs in the MLAG have the same BPE
xmod versions installed, and only after all slots are synchronized between the CBs.

To enable automatic upgrading, you must first enter VPEX mode (see enable vpex on
page 2457). To view the status of automatic upgrading, use the command show vpex.

Example
The following example enables automatic upgrading:
# enable vpex auto-upgrade

History
This command was first available in ExtremeXOS 30.5.

Platform Availability
This command is available on ExtremeSwitching 5420 and 5520 series switches, and
Extreme 7520-48Y switches.

enable vpls
enable vpls [vpls_name | all]

Note
This command has been replaced with the following command: enable
l2vpn [vpls [vpls_name | all] | vpws [vpws_name | all]] .
This command is still supported for backward compatibility, but it will be
removed from a future release, so we recommend that you start using the
new command.

Description
Enables the VPLS instance specified by vpls_name.

Syntax Description
vpls_name Identifies the VPLS within the switch (character string).
all Specifies all VPLS.

2460 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
All newly created VPLS instances are enabled.

Usage Guidelines
This command enables the VPLS instance specified by vpls_name. By default, all
newly created VPLS instances are enabled. When enabled, VPLS attempts to establish
sessions between all configured peers. Services must be configured and enabled for
sessions to be established successfully.

Example
The following command enables the VPLS instance myvpls:

enable vpls myvpls

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable vpls fdb mac-withdrawal

enable vpls fdb mac-withdrawal

Note
This command has been replaced with the following command: enable
l2vpn vpls fdb mac-withdrawal .
This command is still supported for backward compatibility, but it will be
removed from a future release, so we recommend that you start using the
new command.

Description
Enables the VPLS MAC address withdrawal capability.

Syntax Description
This command has no arguments or variables.

Switch Engine™ Command Reference Guide for version 32.7.1 2461

Default Commands

Default
Enabled.

Usage Guidelines
Use this command to enable FDB MAC withdrawal after it has been disabled.

Example
The following command enables MAC address withdrawal:

enable vpls fdb mac-withdrawal

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable vpls health-check vccv

enable vpls vpls_name health-check vccv

Note
This command has been replaced with the following command: enable
l2vpn [vpls vpls_name | vpws vpws_name] health-check vccv .
This command is still supported for backward compatibility, but it will be
removed from a future release, so we recommend that you start using the
new command.

Description
Enables the VCCV health check feature on the specified VPLS.

Syntax Description
vpls_name Identifies the VPLS for which health check is to be enabled.

Default
Health check is disabled.

2462 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Health check must be enabled on both ends of a PW to verify connectivity between
two VPLS peers. Both VCCV peers negotiate capabilities at PW setup. A single VCCV
session monitors a single PW. Therefore, a VPLS with multiple PWs will have multiple
VCCV sessions to multiple peers.

VCCV in ExtremeXOS uses LSP ping to verify connectivity.

Example
The following command enables the health check feature on the VPLS instance
myvpls:

enable vpls myvpls health-check vccv

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable vpls service

enable vpls [vpls_name | all] service

Note
This command has been replaced with the following command: enable
l2vpn [vpls [vpls_name | all] | vpws [vpws_name | all]]
service .
This command is still supported for backward compatibility, but it will be
removed from a future release, so we recommend that you start using the
new command.

Description
Enables the configured VPLS services for the specified vpls_name.

Syntax Description
vpls_nam Identifies the VPLS within the switch (character string).
e
all Specifies all VPLS.

Switch Engine™ Command Reference Guide for version 32.7.1 2463

Default Commands

Default
Enabled.

Usage Guidelines
This command enables the configured VPLS services for the specified vpls_name.
When services are disabled, the VPLS is withdrawn from all peer sessions. The keyword
all enables services for all VPLS instances.

Example
The following command enables the configured VPLS services for the specified VPLS
instance:

enable vpls myvpls service

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

enable vrrp group

enable vrrp group group_name {configuration | members}

Description
This command appliles group configuration on individual VRs and they then become
member VRs.

Syntax Description
group Form a group of VRRP VRs to operate in high-scale mode.
group_name Specifies the VRRP group name.
configuration Applies group configuration on individual VRs (default).
members Enables all VRs that are members of the group.

Default
If you do not specify, group configuration is applied to individual VRs.

2464 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
When this command is issued the primary VR of the group sends VRRP
advertisements at configured intervals. Secondary VRs send at a much slower rate.

Example
The following example brings group configuration into effect on the member VRs of
the group:
enable vrrp group ExtremeNet configuration

History
This command was first available in ExtremeXOS 22.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable vrrp vrid

enable vrrp {vlan [vlan_name | vlan_list] vrid [vridval | vrid_list}

Description
Enables a specific VRRP instance or all VRRP instances on the switch.

Syntax Description
vlan_name Specifies the name of a VRRP VLAN.
vlan_list VLAN list (1–4,094).
vridval Specifies the VRID for the VRRP instance to be enabled.
To display the configured VRRP router instances, enter the
show vrrp command.
vrid_list List of virtual router IDs (1–255).

Default
N/A.

Usage Guidelines
This enables a specific VRRP instance on the device. If you do not specify a VRRP
instance, all VRRP instances on this device are enabled.

Switch Engine™ Command Reference Guide for version 32.7.1 2465

Example Commands

Example
The following command enables all VRRP instances on the switch:
enable vrrp

History
This command was first available in ExtremeXOS 10.1.

VLAN and VR list options added in ExtremeXOS 22.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the VRRP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

enable watchdog
enable watchdog

Description
Enables the system watchdog timer.

Syntax Description
This command has no arguments or variables.

Default
Enabled.

Usage Guidelines
The watchdog timer monitors the health of the switch hardware and software events.
For example, the watchdog timer reboots the switch if the system cannot reset
the watchdog timer. This is caused by a long CPU processing loop, any unhandled
exception, or a hardware problem with the communication channel to the watchdog.
In most cases, if the watchdog timer expires, the switch captures the current CPU
status and posts it to the console and the system log. In some cases, if the problem is
so severe that the switch is unable to perform any action, the switch reboots without
logging any system status information prior to reboot.

This command takes affect immediately.

The watchdog settings are saved in the configuration file.

2466 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

To display the watchdog state of your system, use the show switch command.

Example
The following command enables the watchdog timer:

enable watchdog

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

enable web http

enable web http

Description
Enables hypertext transfer protocol (HTTP) access to the switch on the default HTTP
port (80).

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
If HTTP access has been disabled, use this command to enable HTTP access to the
switch.

Example
The following command enables HTTP on the default port:

enable web http

History
This command was first available in the ExtremeXOS 11.6.

Switch Engine™ Command Reference Guide for version 32.7.1 2467

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

enable web https

enable web https

Description
Enables secure socket layer (SSL) access to the switch on the default port (443).

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
If an SSL certificate and key are not present in switch, this command will result in
automatically generating both.

Use this command to allow users to connect using a more secure HTTPS connection.

To use secure HTTP access (HTTPS) for web-based login connections, you must specify
HTTPS as the protocol when configuring the redirect URL. For more information about
configuring the redirect URL, see the configure netlogin redirect-page command.

Example
The following command enables SSL on the default port:
enable web https

History
This command was first available in the ExtremeXOS 11.2.

Platform Availability
This command is available on all Universal switches supported in this document.

enable cli xml-mode

enable cli xml-mode

2468 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Enables XML configuration mode on the switch.

Syntax Description
This command has no arguments or variables.

Default
Disabled.

Usage Guidelines
This command enables the XML configuration mode on the switch, however XML
configuration mode is not supported for end users, and Extreme Networks strongly
cautions you not to enable this mode. Use this command only under the direction of
Extreme Networks.

If you inadvertently issue this command, the switch prompt will be changed by adding
the text (xml) to the front of the prompt. If you see this mode indicator, please disable
XML configuration mode by using the following command:
disable xml-mode

Example
The following command enables XML configuration mode on the switch:
enable cli xml-mode

History
This command was first available in an ExtremeXOS 11.2.

The cli keyword was added for syntax consistency in ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

enable/disable bfd vlan

[enable | disable] bfd vlan vlan_name

Description
Enables or disables BFD on a VLAN.

Switch Engine™ Command Reference Guide for version 32.7.1 2469

Syntax Description Commands

Syntax Description
vlan_name Specifies the VLAN name.

Default
N/A.

Usage Guidelines
Use this command to enable or disable BFD on a VLAN.

Example
The following command enables the bfd on the VLAN named finance:
# enable bfd vlan finance

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

enable/disable xml-notification
[enable|disable] xml-notification [all | target]

Description
Enables or disables Web server target(s).

Syntax Description
target wSpecifies the configured target.

Default
By default, the target Web server is not enabled for xml-notifications. You have to
explicitly enable it, and the display value is “no.”

Usage Guidelines
Use the enable option to enable Web server target(s) in order to receive events from
ExtremeXOS modules and to send out events to the targeted Web server(s).

2470 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Use the disable option to disable the Web server target(s).

Example
The following command enables all of the configured targets:

enable xml-notification all

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

ENDIF
ENDIF

Note
This is a script command and operates only in scripts when scripting
is enabled with the following command: enable cli scripting
{permanent}.

Description
Causes the IF construct to be terminated.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
The ENDIF command should be used after the IF _expression THEN statement(s)
command.

You can insert comments by using a number sign (#). CLI scripting must be enabled to
use this command.

Switch Engine™ Command Reference Guide for version 32.7.1 2471

Example Commands

Example
The following example executes the show switch command if the value of the variable
is greater than 2 and execute the show vlan command otherwise:

IF ($x > 2) THEN

show switch

ELSE

show vlan

ENDIF

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

ENDWHILE
ENDWHILE

Note
This is a script command and operates only in scripts when scripting
is enabled with the following command: enable cli scripting
{permanent}.

Description
Causes the WHILE construct to be terminated.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
The ENDWHILE command must be used after a corresponding WHILE _expression
DOstatement(s) command.

2472 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

You can insert comments by using a number sign (#). CLI scripting must be enabled to
use this command.

Example
This example creates 10 VLANs, named x1 to x10:

set var x 1

WHILE ($x <= 10) DO

create vlan v$x

set var x ($x + 1)

ENDWHILE

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

exit
exit

Description
Logs out the session of a current user for CLI or Telnet.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Use this command to log out of a CLI or Telnet session.

When you issue this command, you are asked to save your configuration changes to
the current, active configuration. Enter y if you want to save your changes. Enter n if you
do not want to save your changes.

Switch Engine™ Command Reference Guide for version 32.7.1 2473

Example Commands

Example
The following command logs out the session of a current user for CLI or Telnet:

exit

A message similar to the following is displayed:

Do you wish to save your configuration changes to primary.cfg? (y or n)

Enter y if you want to save your changes. Enter n if you do not want to save your
changes.

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

history
history {last | -c | -d start {- {end}}

Description
Displays a list of all the commands entered on the switch, and enables the clearing or
deleting of entries.

Syntax Description
last Specifies the number of most recent entries of
command history to display, or all of the entries if not
specified. Range is 1-2147483647.
-c Specifies to Clear all entries of command history.
-d Specifies to Delete an entry or a range of entries of
command history.
start Specifies the start of the range of command history
entries (or a single entry) to delete. Range is
1-2147483647.
- Range separator.
end Specifies the end of the range of command history
entries to delete. Range is 1-2147483647.

Default
N/A.

2474 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
ExtremeXOS software “remembers” all the commands you entered on the switch.

Use the history command to display a list of these commands.

Example
The following command displays all the commands entered on the switch:

# history
1 enable ssh
2 show switch
3 show ver images
4 show switch
5 configure timezone name EST -300 autodst name EDT
6 show switch
7 configure time 8 17 2021 14 58 0
8 save
9 show switch
10 history

The following command deletes the history for the range of 4 and 5 from the previous
list:
# history -d 4 - 5

The following command clears the history:

history -c

If you use a command more than once, consecutively, the history will only list the first
instance.

History
This command was first available in ExtremeXOS.

The ability to clear and delete entries was added in ExtremeXOS 31.4.

Platform Availability
This command is available on all Universal switches supported in this document.

IF ... THEN
IF (_expression) THEN

Note
This is a script command and operates only in scripts when scripting is enabled
with the following command: enable cli scripting {permanent}.

Switch Engine™ Command Reference Guide for version 32.7.1 2475

Description Commands

Description
Optionally executes a code block based on the condition supplied.

Syntax Description
expression Specifies the condition for which the statements should be
executed.
statements Actions to be executed when the specified conditions are
met.

Default
N/A.

Usage Guidelines
This command is usually followed by statements that are executed if the condition
evaluates to true.

It can also be followed by an ELSE block, which is executed if the condition evaluates to
false.

The IF construct should be terminated by an ENDIF command.

The _expression must be enclosed in parentheses.

The IF construct can be nested inside other IF and WHILE constructs. Nesting is
supported up to five levels. If there is incorrect nesting of IF conditions, an error
message is displayed. If a user tries to execute more than five nested IF conditions,
an error message is displayed.

The operators mentioned in Using Operators can be used in an _expression in an IF

condition.

You can insert comments by using a number sign (#).

Example
The following example executes the show switch command if the value of the variable
is greater than 2 and executes the show vlan command otherwise:

IF ($x > 2) THEN

show switch

ELSE

show vlan

ENDIF

2476 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

install bootrom
install bootrom [from-image | fname | local-file] {slot slot-number}
{reboot}

Description
Installs a new version of the ExtremeXOS BootROM image.

Syntax Description
from-image Specifes using BootROM image packaged in the booted
software image.
fname Specifies the BootROM image file name of previously
downloaded image.
local-file Specifies using a BootROM image file on a local file
path (USB is /usr/local/ext, internal memory is /usr/
local/tmp, and home directory is /usr/local/cfg).
slot For SummitStacks, specifies installing the BootROM
image on a particular node (slot).
slot-number On a SummitStack, selects which node the BootROM
image should be installed on.
reboot Reboots the switch after the image is installed.

Default
N/A.

Usage Guidelines
When you download a BootROM image (download bootrom [[ipaddress |
hostname] filename {{vr} vrname} {block-size block_size}] {slot slotid}
{install} {reboot}}), you are prompted to install the image immediately after the
download is finished. If you choose to install the image at a later time, you can use this
command to install the software on the switch.

The BootROM image file is designated with a .xtr file extension.

Switch Engine™ Command Reference Guide for version 32.7.1 2477

Displaying the BootROM Versions Commands

For ExtremeSwitching 5420 and 5520 series switches only, the ExtremeXOS (.xos)
image file includes the bootROM image. The from-exos specifies using the BootROM
version packaged with the ExtremeXOS image. You do not need to specify a file name.
After the .xos image installation is finished, and when a new .xos image is in use,
the bootROM image is available in ExtremeXOS file system (/exos/bin). When this
command is run with the from-exos option, this image will be used for bootROM
upgrade. To see what version bootROM is installed on each partition, use the show
version {detail | process name | images {partition partition} command.

Displaying the BootROM Versions

To display the BootROM version for the switch, use the show version command.

Local File Name Character Restrictions

When specifying a local or remote file name, the switch permits only the following
characters:
• Alphabetical letters, upper case and lower case (A-Z, a-z)
• Numerals (0-9)
• Period ( . )
• Dash ( - )
• Underscore ( _ )

SummitStack Only
You can run this command only from the master node.

Example
The following example installs the previously downloaded BootROM image file
summitX-1.0.1.5-bootrom.xtr:
# install bootrom summitX-1.0.1.5-bootrom.xtr

The following messages appear:

Installing bootrom...
Writing bootrom...
........................................................................
........................................................................
.........................
Verifying Flash contents...
........................................................................
........................................................................
........................................................................
........................................................................
....................................................
bootrom written.
Bootrom installed successfully

2478 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The following example installs the bootROM image file uboot.xtr located on the local
file system at /usr/local/tmp/:
# install bootrom /usr/local/tmp/uboot.xtr

Downloading to Switch.
Installing bootrom...

Bootrom installed successfully. It will be used on the next reboot.

History
This command was first available in ExtremeXOS 11.0.

Support for SummitStack was added in ExtremeXOS 12.0.

The local-file option was added in ExtremeXOS 30.7.

The from-exos option was removed in ExtremeXOS 31.5.

The from-image option was added in ExtremeXOS 31.5.

Platform Availability
This command is available on all Universal switches supported in this document.
and stacks.

install firmware
install firmware {force} {slot slot-number}

Description
This command upgrades the ExtremeSwitching Universal platforms using images from
the installed Switch Engine package.

Syntax Description
force Specifies that a new image is installed without a version
check.
slot Slot for firmware installation.
slot-number Slot number.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 2479

Usage Guidelines Commands

Usage Guidelines
On the ExtremeSwitching 5520 switch, use the install firmware command to
upgrade the system FPGA and PLD images.

Firmware images are bundled with ExtremeXOS software images.

On the ExtremeSwitching 5520 switch, the ExtremeXOS software automatically

compares the existing firmware image flashed into the hardware with the firmware
image bundled with the ExtremeXOS image. You can also use the install firmware
command to compare the firmware images.

Before using the install firmware command in a stack, wait until the show slot
command indicates the slots are operational. When the slots are operational, use the
install firmware command.

The switch checks internal devices for a possible firmware upgrade. If the bundled
firmware image is newer than the existing firmware image, the switch prompts you to
confirm the upgrade.
• Enter y to upgrade the firmware.
• Enter n to cancel the firmware upgrade for the specified hardware and continue
scanning for other hardware that needs to be upgraded.
• Enter cr to cancel the upgrade. After a firmware image upgrade, messages are sent
to the log.

The new FPGA and PLD firmware overwrites the older versions flashed into the
hardware. The switch always maintains a backup version in hardware in case the install
is interrupted. Use the reboot command to reboot the switch and activate the new
firmware.

During the firmware upgrade, do not cycle down or disrupt the power to the switch. If
a power interruption occurs, the installed firmware may be corrupted. In this case, the
switch uses a backup version, and you can run the upgrade again to install the latest
version.

The switch displays status messages after you use the install firmware command. The
output varies depending upon your platform and the software version running on your
system.

During a firmware upgrade, the switch prompts you to save your configuration changes
to the current, active configuration. Enter y to save your configuration changes to the
current, active configuration. Enter n if you do not want to save your changes.

PoE firmware is always automatically upgraded or downgraded to match the

operational code image. This configuration is not applicable to PoE firmware.

Sample Output--ExtremeSwitching 5520 Switch

The following is sample output from a ExtremeSwitching 5520 switch:
5520-24W # install firmware
Installing FPGA/PLD image(s) to slot 1. Do you want to continue?

2480 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Displaying Firmware Versions

(y - yes, n - no, <cr> - cancel) Yes

Installing firmware...

Firmware image has been updated successfully.

Installing firmware...

Firmware image has been updated successfully.

Installing firmware...

Firmware image has been updated successfully.

The FPGA/PLD image(s) were installed

successfully and will be activated upon the next system reboot.

Displaying Firmware Versions

To display the firmware version for all devices in the switch, use the show version
command.

Example
The following example installs the newer firmware image(s):
# install firmware

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

install image
install image [inactive |filename | local-file] {partition} {slot
slotid}{reboot}

Description
Installs a new version of the ExtremeXOS software image.

Syntax Description
filename Specifies the file name of a previously downloaded
image.
local-file Specifies using an image file on a local file path (USB
is /usr/local/ext, internal memory is /usr/local/
tmp, and home directory is /usr/local/cfg).

Switch Engine™ Command Reference Guide for version 32.7.1 2481

Default Commands

partition Specifies primary or secondary partition, or specifies

active or inactive for automatic determination: "active"
"inactive" "primary" "secondary".
inactive Copies an image from the active partition to the
inactive partition. This includes the .xos image and
all .xmod and .lst files.
slot For SummitStacks, specifies installing the image on a
particular node (slot).
slotid On a SummitStack, selects which node the image
should be installed on.
reboot Reboots the switch after the image is installed.

Default
N/A.

Usage Guidelines
When you download a software image (download [url url {vr vrname} |
image [active | inactive] [[hostname | ipaddress] filename {{vr} vrname}
{block-size block_size}] {partition} {install {reboot}}, you are asked if you
want to install the image immediately after the download is finished. If you choose to
install the image at a later time, use this command to install the software on the switch.

The software image file can be an .xos file, which contains an ExtremeXOS core image,
or an .xmod file, which contains additional functionality to supplement a core image.

Note
Beginning with ExtremeXOS 12.1, an ExtremeXOS core image must be installed
on the alternate (non-active) partition. If you try to install on an active partition,
the following error message appears: Error: Image can only be installed
to the non-active partition.

When you install a new version of an ExtremeXOS image, the system automatically
compares the currently installed bootROM image against the bootROM image
contained in the new ExtremeXOS image. If the installed version is older, the system
automatically upgrades to the bootROM version contained in the new ExtremeXOS
image.

SummitStack Only
You can issue this command only from a master node.

Displaying the Software Image Version

To display the software image version running on the switch, use the show version or
show switch commands.

2482 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Displaying the Downloaded Software Image Version.

Displaying the Downloaded Software Image Version.

To display a software image version that has been downloaded but not installed, use
the install image ? command.

Local File Name Character Restrictions

When specifying a local file name, the switch permits only the following characters:
• Alphabetical letters, upper case and lower case (A-Z, a-z)
• Numerals (0-9)
• Period ( . )
• Dash ( - )
• Underscore ( _ )

Installing an ExtremeXOS Core Image

Install the software image on the alternate partition. You can continue to run the
currently booted image, but to run the newly installed image, you need to set the
boot partition with the use image {partition} partition command and reboot the
switch.

Installing an ExtremeXOS module image

An ExtremeXOS module (.xmod) image has functionality that supplements a core
image. You need to install a module onto an already installed core image. The version
number of the core image and the module must match.

For more detailed information about a hitless upgrade, see the download [url url
{vr vrname} | image [active | inactive] [[hostname | ipaddress] filename
{{vr} vrname} {block-size block_size}] {partition} {install {reboot}}
command.

Example
The following example installs the software image file summitX440-11.5.1.2.xos on a
switch:
# install image summitX440-11.5.1.2.xos

The following example shows software images that have been downloaded, but not
installed:
install image ?

# install image ?
<fname> Image file name
"summitX-12.1.0.52.xos"

Switch Engine™ Command Reference Guide for version 32.7.1 2483

History Commands

History
This command was first available in ExtremeXOS 10.1.

The slot parameter was added to support SummitStack in ExtremeXOS 12.0.

The local-file option was added in ExtremeXOS 30.7.

Platform Availability
This command is available on all Universal switches supported in this document.

install image inactive

install image inactive {slot slot}

Description
Copies the image installed on the active partition to the inactive partition.

Syntax Description
inactive Copy image from active partition to inactive partition.
This includes the .xos image and all .xmod and .lst files.
slot Copy image only on the specified slot. Default is to copy
to all slots.
slot Specifies slot number to copy image to.

Default
By default, for stacks, if a slot is not specified, the image is copied to all slots.

Usage Guidelines
Copying from active partition to inactive partition includes the .xos image and all .xmod
and .lst files.

This command can act on any or all slots only from the master. If not from the master,
the command can only act on its own slot.

Example
The following example copies the image on the active partition to the inactive partion:

# install image inactive

This will overwrite the image installed on the secondary partition with the image
installed on the primary partition.
Do you want to proceed? (y/N) Yes
Copying image to secondary partition... 100% complete.
Image installed to the secondary partition successfully.

2484 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on all Universal switches supported in this document.

install license file

install license file filename {slot slot}

Description
Installs a license key file on ExtremeSwitching 5420 and 5520 series switches.

Syntax Description
file Specifies providing the license key file.
filename Specifies the name of the license key file. The file name
must have a .lic extension.
slot For stacks and Extended Edge Switching, specifies
providing a slot for the license key file.
slot For stacks and Extended Edge Switching, specifies the slot
for the license key file.

Default
N/A.

Usage Guidelines
This command installs all of the license features contained in the selected license file to
the specified slot (node).

To uninstall a license, use the command uninstall license file filename

[{revoke revocation_file} | withhold ]{slot slot}.

To uninstall a specific feature, use the command uninstall license product

product_name [revoke revocation_file | withhold] {slot slot}

Example
The following example installs a license using the license file mylicense.lic:
# install license file mylicense.lic

Switch Engine™ Command Reference Guide for version 32.7.1 2485

History Commands

History
This command was first available in ExtremeXOS 31.1.

Platform Availability
This command is available on all Universal switches supported in this document.

load script
load script filename {arg1} {arg2} ... {arg9}

Description
Loads (plays back) an ASCII-formatted configuration file or a user-written script file on
the switch.

Syntax Description
filename Specifies the user-defined name of the ASCII-formatted
configuration file or a user-written script file. The script file
is known as the XOS script file and uses the .xsf or .py file
extension.
arg Specifies up to nine variable values that can be specified
by the user. The variables are created with the names
CLI.ARGV1, CLI.ARGV2, ... CLIARGV9.

Default
N/A.

Usage Guidelines
Use this command to load an ASCII-formatted configuration file or a user-written script
file.

Configuration File: After downloading the configuration file from the TFTP server, this
command loads and restores the ASCII-formatted configuration file to the switch.

An ASCII-formatted configuration file uses the .xsf file extension, not the .cfg file
extension. The .xsf file extension (known as the XOS script file) saves the XML-based
configuration in an ASCII format readable by a text editor.

For more detailed information about the ASCII configuration file, including the
steps involved to upload, download, and save the configuration, see the upload
configuration [hostname | ipaddress] filename {vr vr-name} command.

User-Written Script File: After writing a script, this command executes the script and
passes arguments to it. As with the configuration files, these files use the .xsf or .py file
extension that is automatically added.

2486 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

The command allows up to nine optional variable values to be passed to the script.
These are created with the names CLI.ARGV1, CLI.ARGV2, CLI.ARGV3, ... CLI.ARGV9.

In addition, two other variables are always created. CLI.ARGC gives the count of the
number of parameters passed, and CLI.ARGV0 contains the name of the script that is
being executed.

To check the variable values use the command, show var.

Note
Only the .xsf and .py extensions are used. The load script command assumes
a .py or .xsf extension and retries opening the file if the file cannot be found
with the original specified name or no extension is provided.

Example
The following command loads the ASCII-formatted configuration named
configbackup.xsf:

load script configbackup.xsf

After issuing this command, the ASCII configuration quickly scrolls across the screen.
The following is an example of the type of information displayed when loading the
ASCII configuration file:

script.meg_upload_config1.xsf.389 # enable snmp access

script.meg_upload_config1.xsf.390 # enable snmp traps
script.meg_upload_config1.xsf.391 # configure mstp region purple
script.meg_upload_config1.xsf.392 # configure mstp revision 3
script.meg_upload_config1.xsf.393 # configure mstp format 0
script.meg_upload_config1.xsf.394 # create stpd s0

ExtremeXOS 15.6 provided capability for Python scripting. Current Python scripting
implementation allows a script to interact directly with the CLI inteface for managing
ExtremeXOS functionality. Python script files end in .py. The .py suffix on the script file
name tells the load script command to use the Python interpreter to process the
script file. Additionally, ExtremeXOS 15.6 introduced a synonym command: run script.
This command functions exactly as load script.

History
This command was first available in ExtremeXOS 11.4.

Multiple arguments for user-written scripts were added in ExtremeXOS 12.1.

Scripting support for Python was added in ExtremeXOS 15.6.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 2487

load var key Commands

load var key

load var key key [var1 var2 …]

Note
This is a script command and operates only in scripts or on the command
line when scripting is enabled with the following command: enable cli
scripting {permanent}.

Description
Imports the specified set of variables associated with a key into the current session.

Syntax Description
key Specifies the key associated with the variables to be
imported.
var1 var2 Specifies the variables to be imported. The first variable
is mandatory, up to four more optional variables can be
specified.

Default
N/A.

Usage Guidelines
The specified key should have created by the user. Also, the variables specified should
have been saved using that key.

Attempting to use this command with a non-existent key results in an error message
being displayed.

Example
The following example imports the variables “username,” “ipaddr,” and “vlan” from the
key “blue:”

load var key blue username ipaddr vlan

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

2488 Switch Engine™ Command Reference Guide for version 32.7.1

Commands logout

logout
logout

Description
Logs out the session of a current user for CLI or Telnet.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Use this command to log out of a CLI or Telnet session.

When you issue this command, you are asked to save your configuration changes to
the current, active configuration. Enter y if you want to save your changes. Enter n if you
do not want to save your changes.

Example
The following command logs out the session of a current user for CLI or Telnet:

logout

A message similar to the following is displayed:

Do you wish to save your configuration changes to primary.cfg? (y or n)

Enter y if you want to save your changes. Enter n if you do not want to save your
changes.

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

ls
ls file_name

Switch Engine™ Command Reference Guide for version 32.7.1 2489

Description Commands

Description
Lists all configuration, policy, and if configured, core dump files in the system.

Syntax Description
file_name Lists all the files that match the wildcard.

Default
N/A.

Usage Guidelines
When you use issue this command without any options, the output displays all of the
configuration and policy files stored on the switch.

When you configure and enable the switch to send core dump (debug) information to
the internal memory, specify the internal memory location /usr/local/tmp to display
the core dump files stored internally. For more information about core dump files, see
Core Dump Files on page 2490.

When you specify the file-name option, the output displays all of the files that fit the
wildcard criteria.

Understanding the Output

Output from this command includes the following:
• The first column displays the file permission using the following ten place holders:
◦ The first place holder displays - for a file.
◦ The next three place holders display r for read access and w for write access
permission for the file owner.
◦ The following three place holders display r for read access permission for
members of the file owner’s group.
◦ The last three place holders display r for read access for every user that is not a
member of the file owner’s group.
• The second column displays how many links the file has to other files or directories.
• The third column displays the file owner.
• The remaining columns display the file size, date and time the file was last modified,
and the file name.

Core Dump Files

Core dump files have a .gz file extension. The file name format is: core.process-
name.pid.gz where process-name indicates the name of the process that failed and
pid is the numerical identifier of that process.

2490 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

When the switch has not saved any debug files, no files appear. For information about
configuring and sending core dump information to internal memory or a USB 2.0
storage device, see the configure debug core-dumps and save debug tracefiles
memorycard commands.

For more detailed information about core dump files, see Troubleshooting section in
the Switch Engine 32.7.1 User Guide.

Example
The following command displays a list of all current configuration and policy files in the
system:
ls

The following is sample output from this command:

total 424
-rw-r--r-- 1 root root 50 Jul 30 14:19 hugh.pol
-rw-r--r-- 1 root root 94256 Jul 23 14:26 hughtest.cfg
-rw-r--r-- 1 root root 100980 Sep 23 09:16 megtest.cfg
-rw-r--r-- 1 root root 35 Jun 29 06:42 newpolicy.pol
-rw-r--r-- 1 root root 100980 Sep 23 09:17 primary.cfg
-rw-r--r-- 1 root root 94256 Jun 30 17:10 roytest.cfg

The following command displays a list of all current configuration and policy files on a
removable storage device:
ls /usr/local/ext

The following is sample output from this command:

-rwxr-xr-x 1 root 0 15401865 Mar 30 00:03 onie-11.2.0.13.xos

-rwxr-xr-x 1 root 0 10 Mar 31 09:41 test-1.pol
-rwxr-xr-x 1 root 0 10 Apr 4 09:15 test.pol
-rwxr-xr-x 1 root 0 10 Mar 31 09:41 test_1.pol
-rwxr-xr-x 1 root 0 223599 Mar 31 10:02 v11_1_3.cfg

The following command displays a list of all configuration and policy files with a file
name beginning with the letter “a:”
(debug) BD-12804.1 # ls a*

Following is sample output from this command:

-rw-r--r-- 1 root 0 2062 Jan 6 09:11 abc

-rw-rw-rw- 1 root 0 1922 Jan 7 02:19 abc.xsf
1k-blocks Used Available Use%
16384 496 15888 3%

The following command displays a list of all .tgz files:

ls /usr/local/tmp/*.tgz

Switch Engine™ Command Reference Guide for version 32.7.1 2491

History Commands

Following is sample output from this command:

-rwxr-xr-x 1 root 0 79076 Jan 6 09:47 old_traces.tgz
1k-blocks Used Available Use%
49038 110 48928 0%

History
This command was first available in ExtremeXOS 10.1.

The memorycard option was added in ExtremeXOS 11.0.

The internal-memory option was added in ExtremeXOS 11.4.

The file-name option was added in ExtremeXOS 12.2.

Support for USB 2.0 storage devices was added in ExtremeXOS 12.5.3.

Pathname support was added in ExtremeXOS 15.5.1.

Platform Availability
This command is available on all Universal switches supported in this document.

mkdir
mkdir directory_name

Description
Creates a new directory on the specified file system to relative to the current working
directory.

Syntax Description
mkdir Create a directory.
directory_name Pathname of a directory.

Default
N/A.

Usage Guidelines
Use this command to create a new directory on the specified file system to relative to
the current working directory.

2492 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 15.5

Platform Availability
This command is available on all Universal switches supported in this document.

mrinfo
mrinfo {router_address} {from from_address} {timeout seconds} {multiple-
response-timeout multi_resp_timeout} {vr vrname}

Description
Requests information from a multicast router.

Syntax Description
router_address Specifies the unicast IP address of the router for which you
want information.
from_address Specifies the unicast IP address of the interface where the
mrinfo request is generated.
seconds Specifies a maximum time to wait for a response. The range is
1–30 seconds.
multi_resp_timeout Specifies a maximum time to wait for additional responses after
the first response is received. The range is 0 to 3 seconds.
vrname Specifies a VR name.

Default
router_address: One of the local interface addresses.

from_address: IP address of interface from which the mrinfo query is generated.

timeout: 3 seconds

multiple-response-timeout: 1 second

vr: DefaultVR

Usage Guidelines
The last column of the mrinfo command output displays information in the following
format:
[Metric/threshold/type/flags]

Switch Engine™ Command Reference Guide for version 32.7.1 2493

Example Commands

This information is described in detail in the Syntax Description on page 2493..

Table 22: mrinfo Command Display Data

Data Description
Metric This should always be 1 because mrinfo queries the directly
connected interfaces of a device.
Threshold This should always be 0 because the threshold feature is not
supported in ExtremeXOS software.
Type The type specifies the multicast protocol type. Because the
ExtremeXOS software only supports PIM, this value is always
pim.
querier The querier flag indicates that the queried router is the IGMP
querier.
leaf The leaf flag indicates that the IP interface has no neighbor
router.
down The down flag indicates that the interface link status is down.

Example
The following command requests information from multicast router 1.1.1.1:
Switch.1 # mrinfo 1.1.1.1
1.1.1.1 [Flags:PGM]
2.2.2.1 -> 2.2.2.2 [1/0/pim/querier]
1.1.1.1 -> 0.0.0.0 [1/0/pim/querier/leaf]
8.8.8.1 -> 8.8.8.4 [1/0/pim/querier]
3.3.3.1 -> 0.0.0.0 [1/0/pim/down]

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

mtrace
mtrace source src_address {destination dest_address} {group grp_address}
{from from_address} {gateway gw_address} {timeout seconds} {maximum-
hops number} {router-alert [include | exclude]} {vr vrname}

Description
Traces multicast traffic from the receiver back to the source.

2494 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
src_address Specifies the unicast IP address of the multicast source.
dest_address Specifies the unicast IP address of the multicast group
receiver.
grp_address Specifies the multicast IP address of the group.
from_address Specifies the unicast IP address of the interface where the
mtrace request originates. This is used as the IP destination
address of the mtrace response packet.
gw_address Specifies the gateway router IP address of the multicast
router to which the unicast mtrace query is sent.
seconds Specifies a maximum time to wait for the mtrace response
before making the next attempt. The range is 1–30 seconds.
number Specifies the maximum number of hops for the trace. The
range is 1 to 255.
router-alert Specifies whether the router-alert option is included or
excluded in mtrace packets.
vrname Specifies a VR name.

Default
destination: IP address of interface from which mtrace query is generated.

group: 0.0.0.0

from: IP address of interface from which mtrace query is generated.

gateway: 224.0.0.2 when the destination is in the same subnet as one of the IP
interfaces. For a non-local destination address, it is mandatory to provide a valid
multicast router address.

timeout: 3 seconds

maximum-hops: 32

router-alert: include

vr: DefaultVR

Usage Guidelines
The multicast traceroute initiator node generates a multicast query and waits for
timeout period to expire. If there is no response for the timeout period, the initiator
node makes two more attempts. If no response is received after three attempts, the
initiator node moves to a hop-by-hop trace by manipulating the maximum hop fields
to perform a linear search.

Switch Engine™ Command Reference Guide for version 32.7.1 2495

Usage Guidelines Commands

The multicast trace response data contains the following fields:

• Incoming interface address—Interface on which traffic is expected from the specific
source and group
• Outgoing interface address—Interface on which traffic is forwarded from the
specified source and group towards the destination
• Previous hop router address
• Input packet count on incoming interface
• Output packet count on outgoing interface
• Total number of packets for this source-group pair
• Multicast routing protocol
• Forwarding code

Extreme Networks switches set the packet count statistics field to 0xffffffff to indicate
that this field is not supported.

The last column of the mtrace command output displays forwarding codes, which are
described in the following table.

Table 23: mtrace Command Forwarding Codes

Forwarding Code Description
Wrong interface mtrace request arrived on an interface to which this router
would not forward for this source and group.
Prune sent This router has sent a prune request upstream for the source
upstream and group in the mtrace request.
Output pruned This router has stopped forwarding for this source and group in
response to a prune request from the next hop router.
Hit scope boundary The group is subject to administrative scoping at this hop.
No route This router has no route for the source or group and no way to
determine a potential route.
Wrong Last Hop This router is not the proper last-hop router.
Not forwarding 2 This router is not forwarding for this source and group on the
outgoing interface for an unspecified reason.
Reached RP/Core Reached rendezvous point or core.
RPF Interface mtrace request arrived on the expected RPF interface (upstream
interface) for this source and group.
Multicast disabled mtrace request arrived on an interface which is not enabled for
multicast.
Info. Hidden 2 One or more hops have been hidden from this trace.
No space in packet There was not enough room to insert another response data
block in the packet.

2 ExtremeXOS switches along the mtrace path do not provide this forwarding code.

2496 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Table 23: mtrace Command Forwarding Codes (continued)

Forwarding Code Description
Next router no The previous hop router does not understand mtrace requests.
mtrace 2
Admin. Prohibiteda mtrace is administratively prohibited.

Example
The following command initiates an mtrace for group 225.1.1.1 at IP address 1.1.1.100:
Switch.6 # mtrace source 1.1.1.100 group 225.1.1.1
Mtrace from 1.1.1.100 to Self via 225.1.1.1
0 34.2.2.4
-1 34.2.2.4 PIM thresh^ 0 1.1.1.100/32 RPF Interface
-2 34.2.2.3 PIM thresh^ 0 1.1.1.100/32
-3 23.1.1.2 PIM thresh^ 0 1.1.1.100/32
-4 2.2.2.1 PIM thresh^ 0 1.1.1.100/32
Round trip time 9 ms; total ttl of 4 required.

History
This command was first available in ExtremeXOS 12.4.

The router-alert option was added in ExtremeXOS 12.5.3.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the IPv4 multicast feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

mv
mv old_name new_name

Description
Moves a file from the specified file system or relative to the current working directory to
another file on the specified file system or relative to the current working directory.

Syntax Description
old_name Specifies the current name of the configuration or policy
file on the system.
new_name Specifies the new name of the configuration or policy file
on the system.

Switch Engine™ Command Reference Guide for version 32.7.1 2497

Default Commands

Default
N/A.

Usage Guidelines
Use this command to move a file from the specified file system or relative to the current
working directory to another file on the specified file system or relative to the current
working directory. This command provides the functionality to relocate an existing file
by creating a new entry in the file system, linking the content of the existing file to the
new one and removing the old entry. If given a different name, the new file can be
created in the same directory as the existing file
• XML-formatted configuration files have the .cfg file extension. The switch only
runs .cfg files.
• ASCII-formatted configuration files have the .xsf file extensions. For more
information, see the Software Upgrade and Boot Options section in the
Switch Engine 32.7.1 User Guide.
• Policy files have the .pol file extension.
• Core dump files have the .gz file extension. For more information, see the Internal
Memory and Core Dump Files section in the Switch Engine 32.7.1 User Guide.

Make sure the renamed file uses the same file extension as the original file. If you
change the file extensions, the file may be unrecognized by the system. For example,
if you have an existing configuration file named test.cfg, the new file name must
include the .cfg file extension.

You cannot rename an active configuration file (the configuration currently selected to
boot the switch). To verify the configuration that you are currently using, run the show
switch {detail} command. If you attempt to rename the active configuration file, the
switch displays a message similar to the following:
Error: Cannot rename current selected active configuration file.

When you rename a file, the switch displays a message similar to the following:
Rename config test.cfg to config megtest.cfg on switch? (y/n)

Type y to rename the file on your system. Type n to cancel this process and keep the
existing file name.

Case-Sensitive File Names

File names are case-sensitive. For example, if you have a configuration file named
Test.cfg, and you attempt to rename the file with the incorrect case, for example
test.cfg, the switch displays a message similar to the following:
Error: mv: unable to rename `/config/test.cfg': No such file or directory

Since the switch is unable to locate test.cfg, the file is not renamed.

2498 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Local File Name Character Restrictions

Local File Name Character Restrictions

When specifying a local file name, the switch permits only the following characters:
• Alphabetical letters, upper case and lower case (A-Z, a-z).
• Numerals (0-9).
• Period ( . ).
• Dash ( - ).
• Underscore ( _ ).

Internal Memory and Core Dump Files

Core dump files have a .gz file extension. The file name format is: core.process-
name.pid.gz, where process-name indicates the name of the process that failed and
pid is the numerical identifier of that process.

When you configure the switch to send core dump (debug) information to internal
memory, specify the file path /usr/local/tmp to rename an existing core dump file. If
you have a switch with a USB storage device installed, you can move and rename the
core dump file to that location.

For information about configuring and saving core dump information, see the
configure debug core-dumps [ off | directory_path] and save debug
tracefiles directory_path commands.

Example
The following command renames the configuration file named Testb91.cfg to
Activeb91.cfg:
# mv Testb91.cfg Activeb91.cfg

The following example moves the configuration file named test1.cfg from the switch
to the USB storage device:
# mv test1.cfg /usr/local/ext/test1.cfg

The following example moves the policy file named bgp.pol from the USB storage
device to the switch:
# mv /usr/local/ext/bgp.pol bgp.pol

History
This command was first available in ExtremeXOS 10.1.

The memorycard option was added in ExtremeXOS 11.1.

The internal-memory option was added in ExtremeXOS 11.4.

Support for USB 2.0 storage devices was added in ExtremeXOS 12.5.3.

Switch Engine™ Command Reference Guide for version 32.7.1 2499

Platform Availability Commands

Path name support was added in ExtremeXOS 15.5.1.

Platform Availability
This command is available on all Universal switches supported in this document.

nslookup
nslookup {IPv4 | IPv6} hostname

Description
Displays the IP address of the requested host.

Syntax Description
IPv4 Lookup only IPv4 address(es).
IPV6 Lookup only IPv6 address(es).
hostname Specifies the hostname.

Default
Lookup both IPv4 and IPv6 addresses.

Usage Guidelines
For nslookup to work, you must configure the DNS client, and the switch must be able
to reach the DNS server.

By default, the command looks for both IPv4 and IPv6 addresses and reports an error
only when neither an IPv4 address nor an IPv6 address is found for the host.

If the IPv4 or IPv6 option is specified, DNS lookup happens only for that address type,
and an error is reported when no address of that type is found.

Host Name and Remote IP Address Character Restrictions

This section provides information about the characters supported by the switch for host
names and remote IP addresses.

When specifying a host name or remote IP address, the switch permits only the
following characters:
• Alphabetical letters, upper case and lower case (A-Z, a-z).
• Numerals (0-9).
• Period ( . ).
• Dash ( - ) Permitted only for host names.

2500 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

• Underscore ( _ ) Permitted only for host names.

• Colon ( : ).

When naming or configuring an IP address for your network server, remember the
requirements listed above.

Example
The following command looks up the IP addresses of a computer with the name
myhost.mydomain that has 2 IPv4 addresses and 1 IPv6 address:

nslookup myhost.mydomain

The following is sample output from the command on a switch:

Host "myhost.mydomain" has the IPv4 address 192.168.1.1

Host "myhost.mydomain" has the IPv4 address 192.168.1.2
Host "myhost.mydomain" has the IPv6 address 2000::1

History
This command was first available in ExtremeXOS 10.1.

Support for using an IP address to obtain the name of the host was added in
ExtremeXOS 11.0. Support for looking up IPv6 addresses was added in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

open vm console
open vm vm_name {console}

Description
Opens a session to the serial console of a virtual machine (VM).

Syntax Description
vm Designates a virtual machine.
vm_name Specifies the VM name to use with a serial console.
console Open VM serial console (default).

Default
By default, a serial console is opened.

Switch Engine™ Command Reference Guide for version 32.7.1 2501

Usage Guidelines Commands

The VM must be internally configured to enable the serial console.

Usage Guidelines
You can disconnect the console session by typing CTRL + Y, or, if using Telnet recursively
with an appropriate client, by typing CTRL + ] followed by “send escape”. A maximum of
one session can be active for a VM.

You cannot access the serial console before starting a VM. You must start the VM, and
then reboot it to gain serial console access.

The Integrated Application Hosting (IAH) feature requires the Solid State Storage
Device SSD-120.

Example
The following example opens a serial console session with VM "vm1":
# open vm vm1 console

History
This command was first available in ExtremeXOS 30.3.

Platform Availability
This command is available on all platforms that support the Integrated Application
Hosting (IAH) feature and have a Core or Premier license installed. For a list of platforms
that support the IAH feature and for information about licenses, see the Switch Engine
32.7.1 Feature License Requirements.

ping
ping {count count {start-size start-size} | continuous {start-size
start-size} | {start-size start-size {end-size end-size}}} {udp}
{dont-fragment} {ttl ttl} {tos tos} {interval interval} {vr vrid}
{ipv4 host | ipv6 host} {from} {with record-route}

Description
Enables you to send User Datagram Protocol (UDP) or ICMP echo messages or to a
remote IP device.

Syntax Description
count Specifies the number of ping requests to send.
start-size Specifies the size, in bytes, of the packet to be sent, or the
starting size if incremental packets are to be sent.

2502 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

continuous Specifies that UDP or ICMP echo messages to be sent

continuously. This option can be interrupted by pressing
[Ctrl] + C.
end-size Specifies an end size for packets to be sent.
udp Specifies that the ping request should use UDP instead of
ICMP.
dont-fragment Sets the IP to not fragment the bit.
ttl Sets the TTL value.
tos Sets the TOS value.
interval Sets the time interval between sending out ping requests.
vr Specifies the virtual route to use for sending out the echo
message. If not specified, VR-Default is used.

Note: User-created VRs are supported only on the

platforms listed for this feature in the Switch Engine 32.7.1
Feature License Requirements document.

ipv4 Specifies IPv4 transport.

ipv6 Specifies IPv6 transport.

Note: If you are contacting an IPv6 link local address, you

must specify the VLAN you are sending the message from:
ping ipv6 link-local address %vlan_name host .

host Specifies a host name or IP address (either v4 or v6).

from Uses the specified source address. If not specified, the
address of the transmitting interface is used.
with record-route Sets the traceroute information.

Default
N/A.

Usage Guidelines
The ping command is used to test for connectivity to a specific host.

You use the ipv6 variable to ping an IPv6 host by generating an ICMPv6 echo request
message and sending the message to the specified address. If you are contacting an
IPv6 link local address, you must specify the VLAN you are sending the message from,
as shown in the following example (you must include the % sign):

ping ipv6 link-local address %vlan_name host.

The ping command is available for both the user and administrator privilege level.

When the IPv6 host ping fails, the following error message appears:

Switch Engine™ Command Reference Guide for version 32.7.1 2503

Example Commands

Error: cannot determine outgoing interface. Link local address must be of form LLA%
vlan_name.

Due to upgrading ExtremeXOS 30.1 to 4.14 Linux kernel, ping success to local IP
addresses does not depend on link-layer status. Earlier releases of ExtremeXOS had
customized Linux behavior that meant that pinging a local VLAN interface would fail
when the local interface was down. However, in ExtremeXOS 30.1, pinging a local VLAN
interface that is down will result in a successful ping.

If you have an asymmetric routing to a specific destination (where the traffic from the
source to the destination uses one path, and the return traffic uses another), use this
command with option 7, with record-route.

For example:
ping <destination address> with record-route
ping <destination address> from <source-address> with record-route

For more information about this option, see enable ip-option record-route.

Example
The following example enables continuous ICMP echo messages to be sent to a remote
host:
ping continuous 123.45.67.8

The following example uses the with record-route option:

ping 10.2.1.1 from 10.2.1.2 with record-route
Ping(ICMP) 10.2.1.1: 4 packets, 8 data bytes, interval 1 second(s).
16 bytes from 10.2.1.1: icmp_seq=0 ttl=63 time=10 ms
RR: 10.2.1.2 10.2.0.21 10.2.1.1 10.2.1.1 10.2.0.1 10.2.1.2

History
This command was first available in ExtremeXOS 10.1.

The ipv6 option was added in ExtremeXOS 11.2.

The IPv6 error message was modified in ExtremeXOS 15.2.

Ping success to local IP addresses not depend on link-layer status added in

ExtremeXOS 30.1.

Platform Availability
This command is available on all Universal switches supported in this document.

ping mac port

The ping, or loopback message (LBM), goes from the MEP configured on the port
toward the given MAC address.

2504 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

ping mac mac port port {domain} domain_name {association}

association_name

Description
Allows you to ping on the Layer 2 level throughout the specified domain and MA.

Syntax Description
mac Enter the unique system MAC address on the device
you want to reach. Enter this value in the format
XX:XX:XX:XX:XX:XX.
port Enter the port number of the MEP from which you are
issuing the ping.
domain Enter this keyword.
domain_name Enter the name of the domain from which you are issuing
the ping.
association Enter this keyword.
association_name Enter the name of the association from which you are
issuing the ping.

Default
N/A.

Usage Guidelines
You must have CFM parameters configured prior to issuing a Layer 2 ping.

In order to send a Layer 2 ping, you must specify the port (MEP), the domain, and the
MA from which you are issuing the ping. An UP MEP sends the ping to all ports (except
the sending port) on the VLAN that is assigned to the specified MA, and a DOWN MEP
sends the ping out from that port from that MA toward the specified MAC address.

All MIPs along the way forward the LBM to the destination. The destination MP
responds back to the originator with a loopback reply (LBR).

This command sends out a ping from the MEP configured on the specified port toward
the specified MAC address. If you attempt to send a ping message from a port that is
not configured as a MEP, the system returns an error message. If the specified MAC
address is not present in the Layer 2 forwarding table (FDB), the system cannot send
the ping (applies to UpMEP, not DownMEP).

Switch Engine™ Command Reference Guide for version 32.7.1 2505

Example Commands

Example
The following command sends a Layer 2 ping to the unique system MAC address
00:04:96:1F:A4:31 from the previously configured UP MEP (port 2:4) in the speed
association in the atlanta domain:

ping mac 00:04:96:1F:A4:31 port 2:4 atlanta speed

The following is sample output from the Layer 2 ping command:

BD-12802.48 # ping mac 00:04:96:1e:14:70 port 2:12 "extreme" 100

Send L2 Ping from Down MEP on 2:12, waiting for responses [press Ctrl-C to abort].
42 bytes from 00:04:96:1e:14:70, seq=4 time=17 ms

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

ping mpls lsp

ping mpls lsp [lsp_name | any host | prefix ipNetmask] {reply-mode [ip
| ip-router-alert]} {continuous | count count} {interval interval}
{start-size start-size {end-size end-size}} {ttl ttl} {{from from}
{next-hop hopaddress}}

Description
Sends an MPLS ping packet to a FEC over an LSP.

Syntax Description
lsp_name Specifies the LSP on which to send the MPLS echo request.
any Allows the echo request to be sent over any available LSP.
host Specifies the FEC using an ipaddress or hostname.
prefix Specifies a prefix.
ipNetmask Specifies the prefix address.
reply-mode Specifies the return path for the MPLS echo response.
ip Requests an IP UDP reply packet. This is the default mode.
ip-router-alert Requests an IP UDP reply packet with the IP Router Alert option.
If the reply is sent in an LSP, the router-alert label is inserted at the
top of the label stack.
continuous Sends pings continuously until the user intervenes.

2506 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

count Determines whether the size of the packet increments by one

byte for each new MPLS echo request sent.
interval Specifies the time interval (in seconds) between pings.
start-size The number of payload data bytes in the MPLS ping packet. The
range is from 1 - 1518 (if jumbo frames are disabled) and from 1 -
the configured jumbo packet size (if jumbo frames are enabled).
The default is 8 bytes.
end-size Specifies that the size of the packet increments by one byte for
each new MPLS echo request sent, up to the specified maximum
size for the MPLS ping packet.
ttl Sets the time-to-live value in the ping packet
from Specifies the source IP address of the packet.
hopaddress Specifies the next-hop address.

Default
Destination IP address for MPLS echo request - random, from the 127 and 128 IP
address space IP TTL - 1 TTL value in MPLS echo request - 255 Destination UDP port
- 3503 Payload data packet size - 8 bytes Number of pings sent - 4

Usage Guidelines
This command sends an MPLS ping packet to a FEC over an LSP. The ping command,
with mpls keyword option, can be used to verify data plane connectivity across an LSP.
This is useful because not all failures can be detected using the MPLS control plane.
The lsp keyword and lsp_name parameter may be used to specify the LSP on which
to send the MPLS echo request. The lsp keyword along with the any keyword allows
the echo request to be sent over any available LSP that terminates at host, specified
as an ipaddress or hostname. If no LSP exists to the specified host, the ping command
fails even though an IP routed path may exist. If the optional next-hop is specified,
the MPLS echo request is sent along the LSP that traverses the specified node. This
option is useful for specifying an LSP when multiple LSPs exist to the specified FEC.
For RSVP-TE LSPs, the FEC is implied from the LSP configuration. The TTL value in the
MPLS Echo Request is set to 255.

By default, the destination IP address of the MPLS echo request is randomly chosen
from the 127/8 IP address space and the IP TTL is set to 1. The destination UDP port is
3503 and the sender chooses the source UDP port.

The optional start-size keyword specifies the number of bytes to include as payload
data in the MPLS ping packet. If no start-size parameter is specified, the size of
the payload data is eight bytes. The minimum valid start-size value is one. The
maximum start-size value is variable, depending on the type of MPLS ping packet
sent, but the total size of the MPLS ping packet cannot exceed the configured jumbo
packet size, if jumbo frames are enabled, or 1518 if jumbo frames are disabled. If the
end-size keyword is specified, the size of the packet increments by one byte for
each new MPLS echo request sent. The next MPLS echo request is not sent until the

Switch Engine™ Command Reference Guide for version 32.7.1 2507

Example Commands

MPLS echo response for the previous packet is received. This is useful for detecting
interface MTU mismatch configurations between LSRs. The switch ceases sending
MPLS echo requests when the specified end-size value is reached, the MPLS ping is
user interrupted, or an MPLS echo response is not received after four successive retries.

The optional reply-mode keyword is used to specify the reply mode for the MPLS echo
response. When the ip option is specified, the MPLS echo reply is routed back to the
sender in a normal IPv4 packet. When the ip-router-alert option is specified, the
MPLS echo reply is routed back to the sender in an IPv4 packet with the Router Alert IP
option set. Additionally, if the ip-router-alert option is specified and the reply route
is through an LSP, the Router Alert Label is pushed onto the top of the label stack. If the
reply-mode is not specified, the reply-mode ip option applies.

Example
The following example shows a ping command and the resulting display:

ping mpls lsp prefix 11.100.100.212/32

Ping(MPLS) : 4 packets, 8 data bytes, interval 1 second(s).
98 bytes from 11.100.100.212: mpls_seq=0 ttl=64 time=6.688 ms
98 bytes from 11.100.100.212: mpls_seq=1 ttl=64 time=6.036 ms
98 bytes from 11.100.100.212: mpls_seq=2 ttl=64 time=6.218 ms
98 bytes from 11.100.100.212: mpls_seq=3 ttl=64 time=6.467 ms
--- ping statistics ---
4 packets transmitted, 4 received, 0% loss
round-trip min/avg/max = 6/6/6/ms

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

pwd
pwd

Description
Prints the full pathname of the current working directory.

Syntax Description
pwd Print current working directory.

2508 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
Use this command to print the full pathname of the current working directory.

History
This command was first available in ExtremeXOS 15.5

Platform Availability
This command is available on all Universal switches supported in this document.

quit
quit

Description
Logs out the session of a current user for CLI or Telnet.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Use this command to log out of a CLI or Telnet session.

When you issue this command, you are asked to save your configuration changes to
the current, active configuration. Enter y if you want to save your changes. Enter n if you
do not want to save your changes.

Example
The following command logs out the session of a current user for CLI or Telnet:

quit

Switch Engine™ Command Reference Guide for version 32.7.1 2509

History Commands

A message similar to the following is displayed:

Do you wish to save your configuration changes to primary.cfg? (y or n)

Enter y if you want to save your changes. Enter n if you do not want to save your
changes.

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

reboot
reboot {[time mon day year hour min sec] | cancel} {slot slot-number}
| node-address node-address | stack-topology {as-standby} | all} |
rolling}

Description
Reboots the switch, bridge port extenders (BPEs), or SummitStack in the specified slot
at a specified date and time.

Syntax Description
time Specifies a reboot date in mm dd yyyy format and reboot
time in hh mm ss format.
cancel Cancels a previously scheduled reboot.
slot slot-number Specifies the slot number currently being used by the
active stack node or BPE that is to be rebooted.
all Specifies rebooting all attached BPEs and the controlling
bridge switch. Using this option requires a Core License or
above.
rolling Specifies to reboot or upgrade a stack by rebooting one
node at a time.

Default
N/A.

Usage Guidelines
If you do not specify a reboot time, the switch reboots immediately following the
command, and any previously scheduled reboots are cancelled.

2510 Switch Engine™ Command Reference Guide for version 32.7.1

Commands SummitStack Only

Prior to rebooting, the switch returns the following message:

Do you want to save configuration changes to primary and reboot? (y - save and reboot, n -
reboot without save, <cr> - cancel command)

To cancel a previously scheduled reboot, use the cancel option.

After selecting the rolling option, if a new image was not installed, a rolling reboot of
all the nodes will be performed.

SummitStack Only
The reboot command used without any parameters on the master node reboots all
members of the same active topology to which the master node belongs.

This version can only be used on the master node.

The reboot slot slot-number command can be used on any active node. The
command will reboot the active node that is currently using the specified slot number
in the same active topology as the issuing node. This variation cannot be used on a
node that is not in stacking mode.

The reboot node-address node-address command can be used on any node

whether or not the node is in stacking mode. It will reboot the node whose MAC
address is supplied.

The reboot stack-topology {as-standby} command reboots every node in the

stack topology. The command can be issued from any node whether or not the node
is in stacking mode. If the as-standby option is used, every node in the stack topology
restarts with master-capability disabled. This option is useful when manually resolving
a dual master situation.

The reboot rolling command initiates a Stack Rolling Software Upgrade (Rolling
Upgrade), which reboots each node in a stack one-by-one, allowing the stack to
continue functioning during the reboot. The rolling upgrade process reboots all the
Standby nodes, reboots the Backup node, and then initiates a failover to make the old
Backup node the new Primary. The failover results in the old Primary node rebooting.
Since the selected software version on each node is the newer, upgraded software
version, after each node reboots, they will run the new software version. Performing a
Rolling Upgrade does not change the current method of installing software, only how
the stack is rebooted.

Bridge Port Extenders (BPEs)

Under normal circumstances, it is not necessary to reboot the BPEs slots. After
rebooting a controlling switch, BPE upstream port down events cause the BPE's
software to bring down all extended ports. This makes the BPE slot appear as down
to any adjacently attached devices, and traffic properly re-converges on any redundant
paths. When the controlling bridge switch comes back up, the BPE comes back up
without any intervention. Therefore, using the commands reboot or unconfigure

Switch Engine™ Command Reference Guide for version 32.7.1 2511

Example Commands

switch {all | erase [all | nvram]} does not reboot the attached BPEs. To reboot
attached BPEs, you must use the all option.

Example
The following example reboots the switch at 8:00 AM on April 15, 2005:
reboot time 04 15 2005 08 00 00

History
This command was first available in ExtremeXOS 10.1.

The alternate BootROM image was added in ExtremeXOS 11.1.

The slot, node-address, stack-topology, and as-standby options were added in

ExtremeXOS 12.0.

The all option for rebooting attached BPEs was added in ExtremeXOS 22.5.

The rolling option was added in ExtremeXOS 31.6.

Platform Availability
This command is available on all Universal switches supported in this document.

refresh access-list network-zone

refresh access-list network-zone [zone_name | all]

Description
This command is used to refresh a specific network zone, or all the network zones.

Syntax Description
network-zone Specifies the logical group of remote devices.
zone_name Specifies the network_zone name.
all Refresh all the network-zones.

Default
N/A.

Usage Guidelines
Use this command to refresh a specific network zone, or all the network zones.

2512 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

When you issue the command to refresh a network-zone, or all network-zones, it can
take a long time to clear the CLI because each individual policy must be converted
before it is refreshed. The command succeeds, or fails, only after it receives a response
for all policy refresh results from the hardware.

If the refresh fails for a specific zone, the following error message will be printed on the
console.

Switch # refresh access-list network-zone zone1

ERROR: Refresh failed for network-zone "zone1".

Example
The following example refreshes all policies in “zone1”:

refresh access-list network-zone zone1

History
This command was first available in ExtremeXOS 15.2.

Platform Availability
This command is available on all Universal switches supported in this document.

refresh identity-management role

refresh identity-management role user [user_name {domain domain_name} |
all {role role_name}]

Description
Refreshes the role evaluation for the specified user, for all users, or for all users currently
under the specified role.

Syntax Description
user_name Specifies a user name for which role evaluation will be
refreshed.
domain_name Specifies a domain name for the specified user.
all Specifies a refresh for all users associated with the specified
role.
role_name Specifies a a role name for which all users will be refreshed.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 2513

Usage Guidelines Commands

Usage Guidelines
It may be necessary to refresh the role of a user due to a new role which might be
better suited for the user or due to a change in LDAP attributes of the user which in
turn might result in the user being classified under a different role. This command can
be used in all such cases.

Example
The following example refreshes the role for user Tony:

* Switch.22 # refresh identity-management role user “Tony”

The following example refreshes the role for all users who are currently classified under
the Marketing role:

* Switch.22 # refresh identity-management role all “Marketing”

History
This command was first available in ExtremeXOS 12.7.

Platform Availability
This command is available on all Universal switches supported in this document.

refresh igmp ssm-map

refresh igmp ssm-map {dns group} [grpipaddress netmask | ipNetmask]
{{vr} vrname}

Description
Refreshes an IGMP SSM mapping entry.

Syntax Description
dns group Refreshes DNS sources for a multicast group.
grpipaddress Specifies the multicast group IP address.
netmask Specifies th multicast group netmask.
ipNetmask Specifes the multicast gorup IP address and netmask.
vrname Specifies the name of the virtual router.

Default
N/A

2514 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
None.

Example
The following example refreshes an IGMP SSM mapping entry.
refresh igmp ssm-map 224.0.0.5/24 VR-Default

History
This command was first available in ExtremeXOS 15.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

refresh mld ssm-map

refresh mld ssm-map { v6groupnetmask } {{vr} vr_name}

Description
Sends a DNS request for a particular group. On receiving the DNS response, the “DNS
Age” in the SSM mapping entry is refreshed.

Syntax Description
v6groupnetmask Refreshes the specific group information.
vr vr_name Specifies the virtual router name.

Default
Disabled.

Usage Guidelines
Use this command to send out DNS requests for a particular group. On receiving the
DNS response, the “DNS Age” in the SSM mapping entry is refreshed.

Example
The following command send out DNS requests:
refresh mld ssm-map

When v6groupnetmask is specified, the SSM Mapping status and the SSM Mapping
entries specific to the group range on the VR are displayed.

Switch Engine™ Command Reference Guide for version 32.7.1 2515

History Commands

History
This command was first available in ExtremeXOS 15.5.

Platform Availability
This command is available on the platforms listed for the IPv6 multicast routing feature
in the Switch Engine 32.7.1 Feature License Requirements document.

refresh policy
refresh policy policy-name

Description
Refreshes the specified policy.

Syntax Description
policy-name Specifies the policy to refresh.

Default
N/A.

Usage Guidelines
Use this command when a new policy file for a currently active policy has been
downloaded to the switch, or when the policy file for an active policy has been edited.
This command reprocesses the text file and updates the policy database.

Before 12.6.1 there was no support to refresh the policies that are associated to the
local VPP. For network VPP, you can achieve policy refresh by changing the policy
timestamp file. Beginning in release 11.4, the policy manager uses Smart Refresh to
update the ACLs. When a change is detected, only the ACL changes needed to modify
the ACLs are sent to the hardware, and the unchanged entries remain. This behavior
avoids having to blackhole packets because the ACLs have been momentarily cleared.
Smart Refresh works well for minor changes, however, if the changes are too great,
the refresh reverts to the earlier behavior. To take advantage of Smart Refresh, disable
access-list refresh blackholing by using the command:
disable access-list refresh blackhole

If you attempt to refresh a policy that cannot take advantage of Smart Refresh while
blackholing is enabled, you will receive a message similar to the following:
Incremental refresh is not possible given the configuration of policy
<name>. Note, the current setting for Access-list Refresh Blackhole is
Enabled. Would you like to perform a full refresh? (Yes/No) [No]:

If blackholing is not enabled, you will receive a message similiar to the following:

2516 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Incremental refresh is not possible given the configuration of policy

<name>. Note, the current setting for Access-list Refresh Blackhole
is Disabled. WARNING: If a full refresh is performed, it is possible
packets that should be denied may be forwarded through the switch during
the time the access list is being installed. Would you like to perform a
full refresh? (Yes/No) [No]:

If you attempt to refresh a policy that is not currently active, you will receive an error
message.

For an ACL policy, the command is rejected if there is a configuration error or hardware
resources are not available.

Example
The following example refreshes the policy zone5:

refresh policy zone5

History
This command was first available in ExtremeXOS 11.0.

Smart Refresh was added in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

reset inline-power ports

reset inline-power ports port_list

Description
Power cycles the specified ports.

Syntax Description
port_list Specifies one or more ports or slots and ports for which
power is to be reset.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 2517

Usage Guidelines Commands

Usage Guidelines
This command power cycles the specified ports. Ports are immediately disabled and
then re-enabled, allowing remote PDs to be power-cycled.

This command affects only inline power; it does not affect network connectivity for the
port(s).

Example
The following command resets power for port 4 on a switch:

reset inline-power ports 4

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on the PoE devices listed in Extreme Networks PoE Devices.

restart ports
restart ports [all | port_list]

Description
Resets autonegotiation for one or more ports by resetting the physical link.

Syntax Description
all Specifies all ports on the switch.
port_list Specifies one or more ports or slots and ports.

Default
N/A.

Usage Guidelines
N/A.

2518 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command resets autonegotiation on slot 1, port 4 on a modular switch:

restart ports 1:4

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal switches supported in this document.

restart process
restart process [class cname | name {msm slot}]

Description
Terminates and restarts the specified process during a software upgrade on the switch.

Syntax Description
cname Specifies the name of the process to restart. With this parameter, you
can terminate and restart all instances of the process associated with
a specific routing protocol on all VRs.You can restart the OSPF routing
protocol and associated processes.
name Specifies the name of the process to terminate and restart. You can
use this command with the following processes: bgp, eaps, exsshd, isis,
lldp, netLogin, netTools, ntp, ospf, ospfv3, snmp Subagent, snmpMaster,
telnetd, thttpd, tftpd, vrrp, and xmld.
slot On a SummitStack, specifies the node’s slot number. The number is a
value from 1 to 8.

Default
N/A.

Usage Guidelines
Use this command to terminate and restart a process during a software upgrade on the
switch. You have the following options:
• cname—Specifies that the software terminates and restarts all instances of the
process associated with a specific routing protocol on all VRs.
• name—Specifies the name of the process.

Switch Engine™ Command Reference Guide for version 32.7.1 2519

SummitStack Only Commands

Depending on the software version running on your switch and the type of switch
you have, you can terminate and restart different or additional processes. To see which
processes you can restart during a software upgrade, enter restart process followed by
[Tab]. The switch displays a list of available processes.

SummitStack Only
You can issue this command only from the master node. If you issue this command
from any other node, the following message appears:
Error: Processes created by user can only be restarted on the primary node slot.

To display the status of ExtremeXOS processes on the switch, including how many
times a process has been restarted, use the show process {name} {detail}
{description} {slotslotid} command. The following is a truncated sample of the
show process command on a switch:

Process Name Version Restart State Start Time

-------------------------------------------------------------------------
aaa 3.0.0.2 0 Ready Thu Sep 1 17:00:52 2005
acl 3.0.0.2 0 Ready Thu Sep 1 17:00:54 2005
bgp Not Started 0 No license Not Started
cfgmgr 3.0.0.21 0 Ready Thu Sep 1 17:00:52 2005
cli 3.0.0.22 0 Ready Thu Sep 1 17:00:52 2005
devmgr 3.0.0.2 0 Ready Thu Sep 1 17:00:52 2005
dirser 3.0.0.2 0 Ready Thu Sep 1 17:00:51 2005
dosprotect 3.0.0.1 0 Ready Thu Sep 1 17:00:56 2005
eaps 3.0.0.8 0 Ready Thu Sep 1 17:00:53 2005
...

You can also use the restart process command when upgrading a software modular
package. For more information, see the section Upgrading a Modular Software Package
in the Switch Engine 32.7.1 User Guide.

Example
The following example stops and restarts the process tftpd during a software upgrade:
restart process tftpd

The following example stops and restarts all instances of the OSPF routing protocol for
all VRs during a software upgrade:
restart process class ospf

History
This command was first available in ExtremeXOS 11.3.

Support for restarting the Link Layer Discovery Protocol (lldp), Open Shortest Path First
(ospf), and network login (netLogin) processes was added in ExtremeXOS 11.3.

Support for Border Gateway Protocol (bgp) and Ethernet Automatic Protection
Switching (eaps) was added in ExtremeXOS 11.4.

2520 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Support for MultiProtocol Label Switching (mpls) and Virtual Router Redundancy
Protocol (vrrp) was added in ExtremeXOS 11.6.

Support for netTools was added in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

restart process mpls

restart process mpls

Description
Restarts the MPLS process when it does not respond to the CLI commands.

Default
N/A.

Usage Guidelines
None.

Example
The following command restarts the MPLS process:

restart process mpls

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

restart vm
restart vm vm_name {forceful | graceful}

Description
Restarts (reboots) a virtual machine (VM).

Switch Engine™ Command Reference Guide for version 32.7.1 2521

Syntax Description Commands

Syntax Description
vm Virtual machine.
vm_name Specifies the VM to restart.
forceful Forcefully terminates the VM.
graceful Gracefully shuts down the VM if possible (default).

Default
By default, the VM is gracefully shut down before restarting, if possible.

Usage Guidelines
N/A.

Example
The following example restarts the VM "testvm" gracefully:
restart vm testvm gracefully

History
This command was first available in ExtremeXOS 30.4.

Platform Availability
This command is available on all platforms that support the Integrated Application
Hosting (IAH) feature and have a Core or Premier license installed. For a list of platforms
that support the IAH feature and for information about licenses, see the Switch Engine
32.7.1 Feature License Requirements.

resume vm
resume vm vm_name

Description
Resumes a virtual machine (VM) that has been suspended.

Syntax Description
vm Specifies a VM.
vm_name Specifies the VM name to resume.

2522 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
When you resume a VM, the CPU state of the VM continues from the point at which it
was suspended.

To suspend the VM again, use the suspend vm vm_name command.

Example
The following example resumes the VM "vm1":
# resume vm vm1

History
This command was first available in ExtremeXOS 30.7.

Platform Availability
This command is available on all platforms that support the Integrated Application
Hosting (IAH) feature and have a Core or Premier license installed. For a list of platforms
that support the IAH feature and for information about licenses, see the Switch Engine
32.7.1 Feature License Requirements.

return
return statusCode

Note
This is a script command and operates only in scripts or on the command
line when scripting is enabled with the following command: enable cli
scripting {permanent} .

Description
Exits the current script and sets the $STATUS variable.

Syntax Description
statusCode Specifies a integer value to which the $STATUS variable is
set.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 2523

Usage Guidelines Commands

Usage Guidelines
When used in nested scripts, this command allows you to terminate the current script,
set the $STATUS variable, return to the parent script, and evaluate the $STATUS variable
in the parent script. For more information on the $STATUS variable, see “Using CLI
Scripting” in the Switch Engine 32.7.1 User Guide.

Example
The following example exits the current script and sets the $STATUS variable to -200:
return -200

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

rm
rm file_name

Description
Deletes an existing configuration, policy, or if configured, core dump file from the
system.

Syntax Description
file_name Specifies the name of the configuration, policy file, or if
configured, the core dump file to delete.

Default
N/A.

Usage Guidelines
After you delete a configuration or policy file from the system, that file is unavailable to
the system.

You cannot delete an active configuration file (the configuration currently selected to
boot the switch). To see which configuration that you are currently using, run the show
switch {detail} command. If you attempt to delete the active configuration file, the
switch displays a message similar to the following:
Error: Cannot remove current selected active configuration file.

2524 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Case-Sensitive File Names

When you delete a file from the switch, a message similar to the following appears:
Remove testpolicy.pol from /usr/local/cfg? (y/N)

Type y to delete the file from your system. Type n to cancel the process and keep the file
on your system.

Case-Sensitive File Names

File names are case-sensitive. For example, if you have a configuration file named
Test.cfg, and you attempt to delete a file with the incorrect case, for example
test.cfg, the system is unable to delete the file. The switch does not display an error
message; however, the ls command continues to display the file Test.cfg. To delete
the file, make sure you use the appropriate case.

Local File Name Character Restrictions

When specifying a local file name, the switch permits only the following characters:
• Alphabetical letters, upper case and lower case (A-Z, a-z).
• Numerals (0-9).
• Period ( . ).
• Dash ( - ).
• Underscore ( _ ).

Core Dump Files

When you configure the switch to send core dump (debug) information to internal
memory, specify the file path /usr/local/tmp.

For information about configuring and saving core dump information, see the
configure debug core-dumps [ off | directory_path] and save debug
tracefiles directory_path commands.

You can use the * wildcard to mass delete core dump files. Currently running and in-use
files are not deleted.

If you configure the switch to save core dump files to internal memory and attempt
to download a new software image, you might have insufficient space to complete the
image download. When this occurs, you must decide whether to continue the software
download or move or delete the core dump files from internal memory. To resolve this
problem, if you have a switch with a USB storage device installed with space available,
transfer the files to the USB device. Another option is to transfer the files from internal
memory to a TFTP server. This frees up space on the internal memory while keeping
the core dump files.

Switch Engine™ Command Reference Guide for version 32.7.1 2525

Example Commands

Example
The following example deletes the configuration file named Activeb91.cfg from the
system:
# rm Activeb91.cfg

The following example deletes all of the core dump files stored in internal memory:
# rm /usr/local/tmp/*

The following example deletes the policy file named test.pol from the USB storage
device:
# rm /usr/local/ext/test.pol

The following example deletes all of the configuration files from the USB storage device:
# rm /usr/local/ext/*.cfg

History
This command was first available in ExtremeXOS 10.1.

The memorycard option was added in ExtremeXOS 11.1.

The internal-memory option was added in ExtremeXOS 11.4.

Support for USB 2.0 storage devices was added in ExtremeXOS 12.5.3.

Path name support was added in ExtremeXOS 15.5.1.

Platform Availability
This command is available on all Universal switches supported in this document.

rmdir
rmdir directory_name

Description
Removes an existing directory from the specified file system or relative to the current
working directory.

Syntax Description
rmdur Change current working directory.
directory_name Pathname of a directory.

2526 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
Use this command to remove an existing directory from the specified file system or
relative to the current working directory.

History
This command was first available in ExtremeXOS 15.5

Platform Availability
This command is available on all Universal switches supported in this document.

rtlookup rpf
rtlookup [ipaddress | ipv6address] rpf {vr vr_name}

Description
Displays the RPF for a specified multicast source.

Syntax Description
ipaddress Specifies an IPv4 address.
ipv6address Specifies an IPv6 address.
rpf Selects the RPF for the specified multicast source.
vr_name Specifies the VR or VRF for which to display the route.

Default
vr_name is the VR of the current CLI context.

Usage Guidelines
None.

Example
The following example displays the RPF lookup for a multicast source through VR-
Default:

rtlookup 2001db8::ef80:2525:1023:5213 rpf vr vr-default

Switch Engine™ Command Reference Guide for version 32.7.1 2527

History Commands

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

rtlookup
rtlookup [ipaddress | ipv6address] { unicast | multicast | vr vr_name}

Description
Displays the available routes to the specified IPv6 address.

Syntax Description
ipaddress Specifies an IPv4 address.
ipv6address Specifies an IPv6 address.
unicast Displays the routes from the unicast routing table in the
current router context.
multicast Displays the routes from the multicast routing table in the
current router context.
vr_name Specifies the VR or VRF for which to display the route.

Default
N/A.

Usage Guidelines
None.

Example
The following command performs a look up in the route table to determine the best
way to reach the specified IPv6 address:

rtlookup 2001:db8::ef80:2525:1023:5213 unicast

History
This command was first available in ExtremeXOS 10.1.

The xhostname option was removed in ExtremeXOS 11.0.

2528 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Support for IPv6 was added in ExtremeXOS 11.2.

The unicast and multicast options were added in ExtremeXOS 12.1.

Platform Availability
This command is available on the platforms listed for the IPv6 unicast routing feature in
the Switch Engine 32.7.1 Feature License Requirements document.

run diagnostics
run diagnostics [extended | normal] }

Description
Runs normal or extended diagnostics on the switch or node, and stacking ports.

This command is not supported in stacking mode, but if you issue the show diagnostics
command from the master node, it will show the diagnostic results for all the nodes.

Syntax Description
extended Runs an extended diagnostic routine. Takes the ports
offline, and performs extensive ASIC and packet loopback
tests on all of the ports.
normal Runs a normal diagnostic routine. Takes the ports offline,
and performs a simple ASIC and packet loopback test on
all of the ports.

Default
N/A.

Usage Guidelines
Depending on your platform, use this command to run diagnostics on the switch or
stack port.

If you run the diagnostic routine on the switch, it reboots and then performs the
diagnostic test. During the test, traffic to and from the ports on the switch is
temporarily unavailable. When the diagnostic test is complete, the switch reboots and
becomes operational again.

To run the diagnostic routine on the stack ports, you need a dedicated stacking cable
that connects stack port 1 to stack port 2, which are located at the rear of the switch.
The stacking cable is available from Extreme Networks. The switch performs a hardware
test to confirm that the stack ports are operational; traffic to and from the ports on the
switch is temporarily unavailable. This Bit Error Rate Test (BERT) provides an analysis of
the number of bits transmitted in error.

Switch Engine™ Command Reference Guide for version 32.7.1 2529

Viewing Diagnostics Commands

After the switch runs the diagnostic routine, test results are saved to the switch’s
EEPROM and messages are logged to the syslog.

To run diagnostics on a switch that is in a SummitStack, first disable stacking on that

switch, then restart the switch. Once restarted, log into the switch via its console port,
and run diagnostics. The switch will perform the diagnostic tests, and then restart.
Once restarted, log into the switch via its console port and enable stacking, then reboot
the switch. Once restarted, the switch will rejoin the stack.

Viewing Diagnostics
To view results of the last diagnostics test run, use the following command:
show diagnostics {slot [slot_number]}

If the results indicate that the diagnostic failed on a node, replace the node with
another switch of the same type.

If the results indicate that the diagnostic failed on the switch, contact Extreme
Networks Technical Support.

The following example runs normal diagnostics on a ExtremeSwitching series switch:

run diagnostics normal

The switch displays a warning similar to the following about the impact of this test. You
also have the opportunity to continue or cancel the test:
Running Diagnostics will disrupt network traffic.
Are you sure you want to continue? (y/n)

Enter y to continue and run the diagnostics. Enter n to cancel the operation.

The following command runs diagnostics on the stack ports on a ExtremeSwitching

series switch:
run diagnostics stack-port

If you issue this command with a console connection, the switch displays the following
information. You also have the opportunity to continue or cancel the test:

Summit Diagnostics Mode Enabled, Starting Diagnostics....

Found 5520 in Motherboard
Motherboard CPLD Revision: 2
Starting stacking port diagnostics
*****************************************************************
* *
* Please connect a cable between Stack Port 1 and Stack Port 2. *
* *
* Press S to skip test, ENTER key to continue. *
* *
*****************************************************************

Press [Enter] to continue and run the diagnostics. Enter s to cancel the operation.

2530 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

If you continue with diagnostics, the switch displays messages similar to the following:

Stack Port 1 and Stack Port 2

BERT .....................................................................................
.
...................................................................................
Stacking ports
Port 1 (Device 0 - Device port 26)
Lane 0 PASSED.
Lane 1 PASSED.
Lane 2 PASSED.
Lane 3 PASSED.
Port 2 (Device 0 - Device port 27)
Lane 0 PASSED.
Lane 1 PASSED.
Lane 2 PASSED.
Lane 3 PASSED.
DIAGNOSTIC PASS: run test bert stacking
Summit Diagnostics completed, rebooting system...

If you issue this command with a Telnet connection, the switch displays a warning
similar to the following about the impact of this test. You also have the opportunity to
continue or cancel the test:
Running Diagnostics will disrupt network traffic.
Are you sure you want to continue? (y/n)

Enter y to continue and run the diagnostics. Enter n to cancel the operation.

History
This command was first available in ExtremeXOS 10.1.

Platform Availability
This command is available on all Universal platforms.

run elrp
run elrp {vlan}vlan_name {ports [ports |all | none]} {remote-endpoints
vxlan all} {interval interval {seconds | milliseconds} } {retry
count}

Description
Starts one-time, non-periodic ELRP packet transmission on the specified ports of the
VLAN using the specified count and interval.

Syntax Description
vlan vlan_name Specifies a VLAN name.
ports Specifies the set of VLAN ports for packet transmission.

Switch Engine™ Command Reference Guide for version 32.7.1 2531

Default Commands

remote-endpoints Specifies remote endpoints that are part of this VLAN.

vxlan Specifies VXLAN remote endpoints that are part of this
VLAN.
interval Time interval between two successive ELRP PDUs.
interval Interval value between 1–64 seconds or 100–64,000
milliseconds. Default is 1 second.
seconds Specifies that time interval is in the unit of seconds.
milliseconds Specifies that time interval is in the unit of milliseconds.
count Specifies the number of times ELRP packets must be
transmitted. The range is 3 to 255 times. The default is 10
times.

Default
Second—The interval between consecutive packet transmissions is 1 second.

Count—The number of time ELRP packets must be transmitted is 10.

If ports are not specified, the command is applied to all ports.

Usage Guidelines
This command starts one-time, non-periodic ELRP packet transmission on the
specified ports of the VLAN using the specified count and interval. If any of these
transmitted packets is returned, indicating loopback detection, the ELRP client prints a
log message to the console. There is no need to send a trap to the SNMP manager for
non-periodic requests.

If you do not specify the optional interval or retry parameters, the default values are
used.

Use the configure elrp-client periodic command to configure periodic

transmission of ELRP packets.

The ELRP client must be enabled globally in order for it to work on any VLANs. Use the
enable elrp-client command to globally enable the ELRP client.

The ELRP client can be disabled globally so that none of the ELRP VLAN configurations
take effect. Use the disable elrp-client command to globally disable the ELRP
client.

Example
The following command starts one-time, non-periodic ELRP packet transmission on
the VLAN green using the default interval and packet transmission:
run elrp green

2532 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 11.1.

The ability to specify the time interval in milliseconds was introduced in ExtremeXOS
22.4.

VXLAN remote endpoint option added in ExtremeXOS 22.4.

Designating ports made optional in ExtremeXOS 22.6.

Platform Availability
This command is available on all Universal switches supported in this document.

run failover
run failover {force}

Description
Causes a user-specified node failover.

Syntax Description
force Force failover to occur.

Default
N/A.

Usage Guidelines
Use this command to cause the master node to failover to the backup node in
SummitStack.

Before you initiate failover, use the show switch {detail} command to confirm that
the nodes are in sync and have identical software and switch configurations. If the
output shows MASTER and BACKUP (InSync), the two nodes are in sync.

If the master and backup SummitStack nodes' software and configuration are not in
sync and are running ExtremeXOS 12.0 or later, use the synchronize command to get
the two nodes in sync. This command ensures that the backup has the same software
in flash as the master.

Note
Both the backup and the master nodes must be running ExtremeXOS 11.0 or
later to use the synchronize command.

Switch Engine™ Command Reference Guide for version 32.7.1 2533

Example Commands

Example
The following command causes a failover on a SummitStack:

run failover

History
This command was first available in ExtremeXOS 12.0.

Platform Availability
This command is available only on a SummitStack.

run script
run script filename {arg1} {arg2} ... {arg9}

Description
Run (plays back) an ASCII-formatted configuration file or a user-written script file on the
switch. This command is synonomous with the load script command.

Syntax Description
filename Specifies the user-defined name of the ASCII-formatted
configuration file or a user-written script file. The script
file is known as the XOS script file and uses the .xsf file
extension.
arg Specifies up to nine variable values that can be specified
by the user. The variables are created with the names
CLI.ARGV1, CLI.ARGV2, ... CLIARGV9.

Default
N/A.

Usage Guidelines
Use this command to load an ASCII-formatted configuration file or a user-written script
file.

Configuration File: After downloading the configuration file from the TFTP server, this
command loads and restores the ASCII-formatted configuration file to the switch.

An ASCII-formatted configuration file uses the .xsf file extension, not the .cfg file
extension. The .xsf file extension (known as the XOS script file) saves the XML-based
configuration in an ASCII format readable by a text editor.

2534 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

For more detailed information about the ASCII configuration file, including the
steps involved to upload, download, and save the configuration, see the upload
configuration [hostname | ipaddress] filename {vr vr-name} command.

User-Written Script File: After writing a script, this command executes the script and
passes arguments to it. As with the configuration files, these files use the .xsf file
extension that is automatically added.

The command allows up to nine optional variable values to be passed to the script.
These are created with the names CLI.ARGV1, CLI.ARGV2, CLI.ARGV3, ... CLI.ARGV9.

In addition, two other variables are always created. CLI.ARGC gives the count of the
number of parameters passed, and CLI.ARGV0 contains the name of the script that is
being executed.

To check the variable values use the command, show var.

Note
Only the .xsf extension is used. The load script command assumes an .xsf
extension and retries opening the file if the file cannot be found with the
original specified name or no extension is provided.

Example
The following command loads the ASCII-formatted configuration named
configbackup.xsf:

load script configbackup.xsf

After issuing this command, the ASCII configuration quickly scrolls across the screen.
The following is an example of the type of information displayed when loading the
ASCII configuration file:

script.meg_upload_config1.xsf.389 # enable snmp access

script.meg_upload_config1.xsf.390 # enable snmp traps
script.meg_upload_config1.xsf.391 # configure mstp region purple
script.meg_upload_config1.xsf.392 # configure mstp revision 3
script.meg_upload_config1.xsf.393 # configure mstp format 0
script.meg_upload_config1.xsf.394 # create stpd s0

ExtremeXOS 15.6 provided capability for Python scripting. Current Python scripting
implementation allows a script to interact directly with the CLI inteface for managing
ExtremeXOS functionality. Python script files end in .py. The .py suffix on the script
file name tells the run script command to use the Python interpreter to process the
script file. This command is functions exactly as load script.

History
This command was first available in ExtremeXOS 15.6.

Scripting support for Python was added in ExtremeXOS 15.6.

Switch Engine™ Command Reference Guide for version 32.7.1 2535

Platform Availability Commands

Platform Availability
This command is available on all Universal switches supported in this document.

run provisioning
run provisioning

Description
Allows you to change management access to your device and to enhance security.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
This command runs an interactive script that lets you configure IP management
connectivity if you choose not to use Auto Provisioning. It also lets you choose whether
to enable or disable SNMP, Telnet, and ports.

Refer to “Using Safe Defaults Mode” in the Switch Engine 32.7.1 User Guide for complete
information on the safe default mode.

After you issue this command, the system presents you with the following interactive
script:

Example
The following command reruns the interactive script to configure management access:
# run provisioning
This switch is in a default state. Before entering the Command Line Interface,
please answer these questions about management connectivity and security.
You may quit by answering 'q' to accept the defaults for remaining questions.
Press <ENTER> to accept the default value listed, or shown in upper case.

By default, Auto-Provisioning uses DHCP on all Ethernet ports as this switch

attempts to connect to an Extreme Networks management product.
Instead of using DHCP, do you want to 'disable auto-provision' and
configure a static IP address, default gateway and DNS server now? [y/N/q]: y

You may answer 's' to skip questions about management connectivity

to keep Auto-Provisioning enabled and proceed to the next section.
Which Ethernet port will be used for a management connection?
Enter 'Mgmt' for switch's Mgmt port, or an in-band port number
[MGMT / <port num> / s to skip]: <ENTER>

Enter the IPv4 or IPv6 address/subnet mask length for this VLAN, e.g.

2536 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

'192.168.4.5/24' or '192.168.4.5 255.255.255.0', '2001::1/64' or 's' to skip

: 10.99.16.200/16
IP interface for VLAN Mgmt has been created.

If a network management product is not present on this subnet 10.99.16.200/24,

a default route is needed to establish a management connection.
To create a default route, enter the gateway IP address, or enter
'none' if a management product is on this subnet.
[Default is 10.99.16.1 / none / s to skip]: <ENTER>

Enter a DNS (Domain Name System) name server [Default is 8.8.8.8 / q]

: q

Management connectivity section completed. Auto-Provisioning has been disabled.

Multiple Spanning Tree Protocol (MSTP) is enabled by default to prevent

broadcast storms
Would you like to disable MSTP? [y/N/q]:

The switch offers an enhanced security mode. Would you like to read more,
and have the choice to enable this enhanced security mode? [y/N/q]:

Telnet is enabled by default. Telnet is unencrypted and has been the target of
security exploits in the past.

Would you like to disable Telnet? [y/N/q]:

SNMP access is disabled by default. SNMPv1/v2c uses no encryption, SNMPv3 can be

configured to eliminate this problem.

Would you like to enable SNMPv1/v2c? [y/N/q]:

Would you like to enable SNMPv3? [y/N/q]:

All ports are enabled by default. In some secure applications, it may be more
desirable for the ports to be turned off.

Would you like unconfigured ports to be turned off by default? [y/N/q]:

No failsafe account username and password are in effect. If you choose to

configure them, please remember them because they cannot be recovered.
Would you like to configure the failsafe username and password now? [y/N/q]:

Do you want to see the list of CLI commands executed by this provisioning
script? [y/N/q]: y
configure vlan Mgmt ipaddress 10.99.16.200/24
configure iproute add default 10.99.16.1 vr VR-Mgmt
configure dns-client add name-server 8.8.8.8 vr VR-Mgmt
disable auto-provision
configure auto-provision cloud-connector server vr VR-Mgmt
enable auto-provision cloud-connector

Do you want to see some basic CLI commands before entering the CLI? [y/N/q]: y
Operation Monitoring Configuration
------------------ ------------ -----------------------------
save configuration show vlan configure vlan add ports
download image show ports configure ports
ping show sharing enable sharing
reboot show log configure stacking easy-setup

To run this initial provisioning script again, use "run provisioning".

For help with CLI commands, press the <TAB> key or question mark <?> key.

Switch Engine™ Command Reference Guide for version 32.7.1 2537

History Commands

History
This command was first available in ExtremeXOS 32.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

run tech-support report

run tech-support report {now | in hours | cancel} {collector [all |
hostname | ip_address]}

Description
This command instructs the switch to generate a report and upload it to a collector.

Syntax Description
now Specifies that you run a report immediately. This is the default
setting.
in Specifies that you run report in a specified number of hours.
hours Specifies the hours from now to run report. The range is 1-168 hours
(one week).
cancel Cancels the scheduled report.
collector Specifies the report collector. The default value is all collectors.
all Specifies all report collectors.
hostname Specifies the host name of the collector.
ip_address Specifies the IPv4 address of the collector.

Default
The default time for running reports is now.

The default for number of collectors is all.

Usage Guidelines
This command instructs the switch to generate a report and upload it to a collector.
The default operation is to perform this operation immediately for all existing collectors.
Optionally, you can configure a one-time trigger to perform the operation in "hours
from now." The valid range is one to 168 hours (one week). If ou specify the hostname or
IP address, the switch runs a report for that particular collector.

Only a single one-time report per collector can be scheduled at any time. When run
tech-support report in hours is issued before the previous scheduled one-time

2538 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

report completes, the previous report is cancelled, and a new one-time report is
scheduled.

This command also provides a way to cancel a scheduled report for a particular
collector.

Example
The following command example configures a specific collector to display a detailed
output set:

# run tech-support report

Connecting to 10.5.2.107:800 with SSL disabled...
Collector connected successfully.
Generating summary report for 10.5.2.107:9998............................................
Report generated successfully.
Sending report to 10.5.2.107:800...
Report sent successfully

Connecting to 10.5.2.107:800 with SSL enabled...

Error: Failed to connect to the collector - Socket time out *

# run tech-support report in 1

Run tech-support report is scheduled on Thu Feb 21 05:06:32 2013 for the
collector 10.5.2.108:800.

Run tech-support report is scheduled on Thu Feb 21 05:06:32 2013 for the
collector 10.5.2.107:9998.

To cancel a scheduled report, use ‘run tech-support report cancel’ command.

History
This command was first available in ExtremeXOS 15.4.

Platform Availability
This command is available on all Universal switches supported in this document.

run update
run update

Description
Activates a newly installed modular software package.

Syntax Description
This command has no arguments or variables.

Switch Engine™ Command Reference Guide for version 32.7.1 2539

Default Commands

Default
N/A.

Usage Guidelines
After you install a modular software package to the active partition, use this command
to make the update active. This command causes the ExtremeXOS system to start the
newly installed processes contained in the package, without rebooting the switch.

If you installed the package to the inactive partition, you need to reboot the switch to
activate the package.

Example
The following command activates any newly installed modular software packages
installed on the active partition:

run update

History
This command was first available in ExtremeXOS 11.0.

Platform Availability
This command is available on all Universal switches supported in this document.

run upm profile

run upm profile profile-name {event event-name} {variables variable-
string}

Description
Executes the specified Universal Port profile on the switch.

Syntax Description
profile-name Specifies the UPM profile to be run.
event-name Specifies an event type for the specified profile. Valid
event types are device-detect, device-undetect, user-
authenticate, and user-unauthenticated.
variable-string Specifies a string of variable names and the
assigned variable values to be used in the profile.
The format is: var_name1=value_1; var_name2=value_2;
var_name3=value_3. Each variable name is followed by the
equal sign (=), the variable value, and a semicolon (;).

2540 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Example
The following command runs a UPM profile called example on the switch:

run upm profile example

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on platforms that support the appropriate license.
For complete information about software licensing, including how to obtain and
upgrade your license and which licenses support the Universal Port feature, see the
Switch Engine 32.7.1 Feature License Requirements document.

run vm-tracking repository

run vm-tracking repository sync-now

Description
Manually starts FTP file synchronization for NVPP and VMMAP files.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Before you can manually start FTP file synchronization, you must configure FTP servers
using the configure vm-tracking repository command.

Example
The following command starts file synchronization with the configured FTP server:
# run vm-tracking repository sync-now

Switch Engine™ Command Reference Guide for version 32.7.1 2541

History Commands

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
VLAN

save configuration
save configuration {primary | secondary | existing-config | new-config}

Description
Saves the current configuration from the switch's runtime memory to non-volatile
memory.

Syntax Description
primary Specifies the primary saved configuration.
secondary Specifies the secondary saved configuration.
existing-config Specifies an existing user-defined configuration.
new-config Specifies a new user-defined configuration.

Default
Saves the current configuration to the location used on the last reboot.

Usage Guidelines
The configuration takes effect on the next reboot.

Each file name must be unique and can be up to 32 characters long but cannot include
any spaces, commas, or special characters.

Configuration files have a .cfg file extension. When you enter the name of the file in the
CLI, the system automatically adds the .cfg file extension. Do not use this command
with ASCII-formatted configuration files. Those configuration files have an .xsf file
extension. For more information about using ASCII-formatted configuration files see
the upload configuration [hostname | ipaddress] filename {vr vr-name} and
the load script filename {arg1} {arg2} ... {arg9} commands.

This command also displays in alphabetical order a list of available configurations.

The following is sample output that displays the primary, secondary, and user-created
and defined configurations (“test” and “XOS1” are the names of the user-created and
defined configurations):
exsh.9 # save configuration
<cr> Execute the command

2542 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Local Filename Character Restrictions

primary Primary configuration file

secondary Secondary configuration file
<existing-config> Existing configuration file name
"test" "XOS1"
<new-config> New configuration file name

The switch prompts you to save your configuration changes. Enter y to save the
changes or n to cancel the process.

If you enter n, the switch displays a message similar to the following:

Save configuration cancelled.

If you enter y, the switch saves the configuration and displays a series of messages. The
following sections provide information about the messages displayed when you save a
configuration on your switch.

Note
Configuration files are forward-compatible only and not backward-compatible.
That is, configuration files created in a newer release, such as ExtremeXOS 12.4,
might contain commands that do not work properly in an older release, such
as ExtremeXOS 12.1.

Local Filename Character Restrictions

This section provides information about the characters supported by the switch for
local filenames.

When specifying a local filename, the switch permits only the following characters:
• Alphabetical letters, upper case and lower case (A-Z, a-z)
• Numerals (0-9)
• Period ( . )
• Dash ( - )
• Underscore ( _ )

When naming a local file, remember the requirements listed above.

Saving a New Configuration

If you create and save a configuration with a new file name, the switch saves the new
configuration and then prompts you to select the newly created configuration as the
switch’s default configuration.

The following sample output is similar to the message displayed:

Do you want to save configuration to test1.cfg? (y/n) Yes

Saving configuration................................. done!
Configuration saved to test1.cfg successfully.

Switch Engine™ Command Reference Guide for version 32.7.1 2543

Saving an Existing Configuration Commands

The switch then prompts you to select which configuration to use to bootup the
system. The following sample output is similar to the message displayed:

The current selected default configuration database to boot up the system

(primary.cfg) is different than the one just saved (test.cfg).
Do you want to make test.cfg the default database? (y/n)

Enter y to use the new configuration as the default configuration. Enter n to cancel the
operation and keep using the current default, active configuration.

Saving an Existing Configuration

If you make and save changes to an existing configuration, the switch prompts you to
save and override the existing configuration.

The following sample output is similar to the message displayed:

The configuration file test.cfg already exists.

Do you want to save configuration to test.cfg and overwrite it? (y/n) Yes
Saving configuration ............................... done!
Configuration saved to test.cfg successfully.

The following sample output on a SummitStack is similar to the output displayed:

The configuration file primary.cfg already exists.

Do you want to save configuration to primary.cfg and overwrite it? (y/N) Yes
Saving configuration on primary ........... done!
Synchronizing configuration to backup .... done!
Saving config on Standbys (Slots: 1).
...
Configuration saved on Standby (Slot 1): done!

If you override an existing configuration that is not the current default, active
configuration, the switch prompts you to select which configuration to use to bootup
the system. The following sample output is similar to the message displayed:

The current selected default configuration database to boot up the system

(primary.cfg) is different than the one just saved (test.cfg).
Do you want to make test.cfg the default database? (y/n) No
Default configuration database selection cancelled.

Enter y to use the updated configuration as the default configuration. Enter n to cancel
the operation and keep using the current default, active configuration.

Example
The following command saves the current switch configuration to the configuration file
named XOS1:
save configuration XOS1

2544 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The following command save the current switch configuration to the secondary
configuration file:
save configuration secondary

History
This command was first available in ExtremeXOS 10.1.

The status messages displayed by the switch were updated in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

save configuration as-script

save configuration as-script script-name

Description
Saves the running configuration as a script.

Syntax Description
script-name Specifies the name of the file to save the configuration
to. The script file is known as the XOS script file and uses
the .xsf file extension.

Default
N/A.

Usage Guidelines
This command allows you to save the current configuration as a script and export it out
of the box for later use.

For SummitStack only

The script is saved on all the nodes in a SummitStack when the save configuration
as-script command is executed.

Example
The following example saves a running ASCII-formatted configuration named
primary.xsf.
save configuration as-script primary.xsf

Switch Engine™ Command Reference Guide for version 32.7.1 2545

History Commands

History
This command was first available in ExtremeXOS 12.1.

Platform Availability
This command is available on all Universal switches supported in this document.

save configuration automatic

save configuration automatic {every minutes {primary | secondary |
existing-config | new-config} | never}

Description
This command configures the periodic auto-save of the currently running switch
configuration.

Syntax Description
automatic Configures auto-save of system configuration.
every Sets the switch configuration to be saved at the designated
recurrent intervals.
minutes Designates the auto-save interval in minutes with a range
of 2–1,440 minutes (default is two minutes).
primary Designates the primary configuration file for saving.
secondary Designates the secondary configuration file for saving.
existing-config Name of the existing configuration file name.
new-config New configuration file name.
never Turns off auto-save feature (default is turned off).

Default
By default, auto-save is turned off.

If you do not select a time interval for saving, the default is two minutes.

By default, the configuration is saved to the file specified in the Config Automatic
field of the show switch on page 3385 command output. If no value appears in this
field, the configuration is saved to the file specified in the Config Selected field of
the show switch on page 3385 command. If no value appears in this field either, the
configuration is saved to autosave.cfg.

2546 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
The auto-save features is turned off by default. To turn on the auto-save feature, use
the command save configuration automatic (to accept the default two-minute
save interval) or save configuration automatic every minutes (to specify the
auto-save interval). The message Do you want to auto-save configuration to
primary.cfg and overwrite it? (y/N) appears. Select "yes" to enable the auto-save
to the primary.cfg file. Selecting "no" cancels the command.

To turn off auto-save, use the command save configuration automatic never.

If you want to specify a different file to save the configuration to (than the default
primary.cfg), use the command save configuration automatic {every minutes
{primary | secondary | existing-config | new-config}}, specifying an
auto-save interval and configuration file name.

To see the current status of the auto-save feature, use the command show switch on
page 3385.

Example
The following example turns on auto-save, accepting the default auto-save interval (two
minutes) and the default configuration file (primary.cfg):
save configuration automatic

The switch status appear as:

show switch
...
Config Selected: primary.cfg
Config Booted: primary.cfg
Config Automatic: primary.cfg

primary.cfg Created by ExtremeXOS version 22.2.0.16

344404 bytes saved on Tue Jan 17 11:17:56 2017
Auto-saved every 2 minutes.
Next periodic save on Tue Jan 17 14:45:33 2017

The following example turns off auto-save:

save configuration automatic never

The switch status appear as:

show switch
...
Config Selected: primary.cfg
Config Booted: primary.cfg
Config Automatic: NONE

primary.cfg Created by ExtremeXOS version 22.2.0.16

344404 bytes saved on Tue Jan 17 14:45:33 2017

The following example changes the auto-save interval to five minutes and makes
autosave.cfg the file that is saved to:
save configuration automatic every 5 autosave

Switch Engine™ Command Reference Guide for version 32.7.1 2547

History Commands

The switch status appears as:

show switch
...
Config Selected: primary.cfg
Config Booted: primary.cfg
Config Automatic: primary.cfg (Disabled)
primary.cfg Created by ExtremeXOS version 22.2.0.16
344404 bytes saved on Tue Jan 17 14:45:33 2017
Auto-save not enabled

History
This command was first available in ExtremeXOS 22.2.

Platform Availability
This command is available on all Universal switches supported in this document.

save debug tracefiles

save debug tracefiles directory_path

Description
Copies debug information to USB 2.0 storage device.

Syntax Description
directory_path Directory path (memory card is /usr/local/ext; internal
memory is /usr/local/tmp; and home directory is /usr/
local/cfg.

Default
N/A.

Usage Guidelines
Note
Use this command only under the guidance of Extreme Networks Technical
Support to troubleshoot the switch.

Use this command to copy debug information to an installed removable storage device.
The debug information includes log files and trace files.

Progress messages are displayed that indicate the file being copied and when the
copying is finished.

2548 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Beginning with ExtremeXOS 11.6, you can use the upload debug [hostname |
ipaddress] {{vr}vrname} command to copy debug information to a network TFTP
server.

Example
The following command copies debug information to a removable storage device:
# save debug tracefiles /usr/local/ext

History
This command was first available in ExtremeXOS 11.0.

The syntax for this command was modified in ExtremeXOS 11.1 from upload debug-info
memorycard to save debug tracefiles memorycard.

Support for USB 2.0 storage devices was added in ExtremeXOS 12.5.3.

The option memorycard was removed and the variable directory_path was added in
ExtremeXOS 30.3.

Platform Availability
This command is available on all Universal switches supported in this document.

save var key

save var key key [var1 var2 …]

Note
This is a script command and operates only in scripts or on the command
line when scripting is enabled with the following command: enable cli
scripting {permanent}.

Description
Saves the specified variables to the specified key.

Syntax Description
key Specifies the key to which the specified variables are saved.
var1 var2 Specifies the variables to save, The first variable is
mandatory, up to four more optional variables can be
specified.

Switch Engine™ Command Reference Guide for version 32.7.1 2549

Default Commands

Default
N/A.

Usage Guidelines
The variables saved by the SAVE VAR command are represented by the specified key
and can be retrieved and restored in the context in which this profile was applied. They
are available to rollback events like user-unauthenticate and device-undetect. The key
option allows the user to save data for a unique key and retrieve the saved data based
on this key. The user is responsible for generating unique keys for each variable. The
system has a limited amount of memory to store these variables.

Example
The following example saves the variables “username,” “ipaddr,” and “vlan” to the key
“blue:”

save var key blue username ipaddr vlan

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

save vm image
save vm vm_name image image_file

Description
Exports a disk image of an existing virtual machine (VM).

Syntax Description
vm Virtual machine.
vm_name Specifies the VM to export a disk from.
image Saves (exports) the disk image of a VM in current format
(QCOW2 or VMDK).
image_file Specifies the file name for the exported VM disk image. File
extension are appended if not specified.

2550 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
N/A.

Example
The following example exports the disk image from VM "testvm" to a file named
"testvmimage":
# save vm testvm image testvmimage

History
This command was first available in ExtremeXOS 30.4.

Platform Availability
This command is available on all platforms that support the Integrated Application
Hosting (IAH) feature and have a Core or Premier license installed. For a list of platforms
that support the IAH feature and for information about licenses, see the Switch Engine
32.7.1 Feature License Requirements.

save vm state
save vm vm_name state

Description
Pauses the CPU state of a guest virtual machine (VM), saves the state to a file, and then
moves the VM to "shut-off" state to free resources.

Syntax Description
vm Specifies a virtual machine.
vm_name Specifies the virtual machine name.
state Specifies saving the running CPU state to persist across
switch reboots.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 2551

Usage Guidelines Commands

Usage Guidelines
The saved state persists across switch reboots and virtMgr process restarts. The next
time the VM is started, either by explicit start vm vm_name command or by autostart
(enable vm vm_name autostart), the saved CPU state is restored.

A suspended VM (suspend vm vm_name) can be saved. In this case, it is returned to

a suspended state after the next time it is started, and requires an explicit resume
( resume vm vm_name) to continue processing.

You cannot apply this command to a VM with Integrated Application Hosting (IAH)
dedicated ports attached.

Example
The following example saves the vm "vm1" preserving the state:
# save vm vm1 state

History
This command was first available in ExtremeXOS 30.7.

Platform Availability
This command is available on all platforms that support the Integrated Application
Hosting (IAH) feature and have a Core or Premier license installed. For a list of platforms
that support the IAH feature and for information about licenses, see the Switch Engine
32.7.1 Feature License Requirements.

scp2
scp2 {cipher cipher} {mac mac} {compression [on | off]} {port portnum}
{vr vr_name} user [hostname | ipaddress]:remote_file local_file

or
scp2 {cipher cipher} {macmac} {compression [on | off]} {port portnum}
{vr vr_name} local_file user [hostname | ipaddress]:remote_file

Description
The first command initiates an SCP2 client session to a remote SCP2 server and copies
a configuration or policy file from the remote system to the switch.

The second command initiates an SCP2 client session to a remote SCP2 server and
copies a configuration or policy file from the switch to a remote system.

2552 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
vr_name Specifies the virtual router. The default virtual router is VR-Mgmt.

Note: User-created VRs are supported only on the platforms

listed for this feature in the Switch Engine 32.7.1 Feature License
Requirements document.

cipher Specifies the name of the cipher.

Possible values are:
• aes128-cbc
• aes128-ctr
• aes192-cbc
• aes192-ctr
• aes256-cbc
• aes256-ctr
• [email protected]
• [email protected]

mac Specifies the name of the Message Authentication Code.

Possible values are:
• hmac-md5
• hmac-md5-96
• [email protected]
• [email protected]
• hmac-sha1
• hmac-sha1-96
• [email protected]
• [email protected]
• hmac-sha2-256
• [email protected]
• hmac-sha2-512
• [email protected]

on Specifies that the data is to be compressed.

off Specifies that compression is not to be used. This is the default.
portnum Specifies the TCP port number to be used for communicating with
the SSH2 client. The default is port 22.
user Specifies a login name for the remote host.
hostname Specifies the name of the remote host.
ipaddress Specifies the IP address of the remote host.

Note: For IPv6 addresses, use square brackets.

remote_file Specifies the name of the remote file (configuration file, policy file,
image file, public key file) to be transferred.
local_file Specifies the name of the local file (configuration file, policy file,
image file, public key file) to be transferred.

Switch Engine™ Command Reference Guide for version 32.7.1 2553

Default Commands

Default
The default settings for SSH2 parameters are as follows:
• cipher—the full cipher list
• mac—the full Message Authentication Code list
• port—22
• compression—off
• vr_name—VR-Mgmt

Usage Guidelines
SSH2 does not need to be enabled on the switch in order to use this command.

This command logs into the remote host as user and accesses the file remote_file.
You will be prompted for a password from the remote host, if required.

Host Name, User Name, and Remote IP Address Character Restrictions

This section provides information about the characters supported by the switch for host
names and remote IP addresses.

When specifying a host name, user name, or remote IP address, the switch permits
only the following characters:
• Alphabetical letters, upper case and lower case (A-Z, a-z)
• Numerals (0-9)
• Period ( . )
• Dash ( - ) Permitted for host and user names
• Underscore ( _ ) Permitted for host and user names
• Colon ( : )
• At symbol ( @ ). Permitted only for user names
• Slash ( / ). Permitted only for user names

When naming the host, creating a user name, or configuring the IP address, remember
the requirements listed above.

Remote Filename Character Restrictions

This section provides information about the characters supported by the switch for
remote filenames.

When specifying a remote filename, the switch permits only the following characters:
• Alphabetical letters, upper case and lower case (A-Z, a-z)
• Numerals (0-9)
• Period ( . )
• Dash ( - )

2554 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

• Underscore ( _ )
• Slash ( / )

When naming a remote file, remember the requirements listed above.

Example
The following command copies the configuration file test.cfg on host system1 to the
switch:
# scp2 admin@system1:test.cfg localtest.cfg

The following command copies the configuration file engineering.cfg from the switch
to host system1:
# scp2 engineering.cfg admin@system1:engineering.cfg

The following command copies the file Anna5.xsf from the default virtual router to
150.132.82.140:
# scp2 vr vr-default Anna5.xsf [email protected]:Anna5.xsf
Upload /config/Anna5.xsf to
Connecting to 150.132.82.140...

History
This command was first available in ExtremeXOS 11.2.

Changes to cipher, as well as the addition of mac and compression, were first available
in ExtremeXOS 15.7.1.

Ciphers and MACs that are unsupported in OpenSSH 8.1p1 were removed in
ExtremeXOS 30.7.

Platform Availability
This command is available on all Universal switches supported in this document.

set var
set var varname _expression

Note
This is a script command and operates only in scripts or on the command
line when scripting is enabled with the following command: enable cli
scripting {permanent}.

Description
Creates and sets the CLI scripting variable to the desired value.

Switch Engine™ Command Reference Guide for version 32.7.1 2555

Syntax Description Commands

Syntax Description
varname Specifies the name of the CLI scripting variable. Valid
format is $VARNAME (case insensitive, character string up
to 32 characters).
_expression Specifies the _expression whose value should be evaluated
and used to set the variable.

Default
N/A.

Usage Guidelines
The format of a local variable (case insensitive) is: $VARNAME.

An error message is displayed if the user attempts to use a variable name with a length
greater than 32 characters.

If a variable already exists, it is overwritten. No error message is displayed.

Example
The following examples show some ways you can manipulate variables:

Set var x 100

Set var x ($x + 2)
Set var y ($x - 100)
Set var y ($(x) – 100)

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

show access-list
show access-list {any | ports port_list | vlan vlan_name} {ingress |
egress}

Description
Displays the ACLs configured on an interface.

2556 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
aclname Specifies the ACL name. The name can be from 1-32
characters long.
any Specifies the wildcard ACL.
port_list Specifies which ports’ ACLs to display.
vlan_name Specifies which VLAN’s ACL to display.
ingress Display ingress ACLs.
egress Display egress ACLs.

Default
The default is to display all interfaces, ingress.

Usage Guidelines
The ACL with the port and VLAN displayed as an asterisk (*) is the wildcard ACL.

If you do not specify an interface, the policy names for all the interfaces are displayed,
except that dynamic ACL rule names are not displayed. To display dynamic ACLs use
the following commands:

show access-list dynamic

show access-list dynamic rule rule {detail}

If you specify an interface, all the policy entries, and dynamic policy entries are
displayed.

Example
The following command displays all the interfaces configured with an ACL:

show access-list

The output from this command is similar to:

Vlan Name Port Policy Name Dir Rules Dyn Rules

==================================================================
* 3:6 TCP_flag ingress 3 2
* 3:8 qos_hongkong ingress 3 0
* 2:1 tc_2.4 ingress 4 0
* 2:7 tcp ingress 1 0
v1 * tcp ingress 1 0
* * firewall1 ingress 2 1

The following command displays the ingress access list entries configured on the VLAN
v1006:

show access-list v1006 ingress

Switch Engine™ Command Reference Guide for version 32.7.1 2557

History Commands

The output from this command is similar to the following:

# RuleNo 1
entry dacl13 { #Dynamic Entry
if match all {
ethernet-destination-address 00:01:05:00:00:00 ;
} then {
count c13 ;
redirect 1.1.5.100 ;
} }
# RuleNo 2
entry dacl14 { #Dynamic Entry
if match all {
ethernet-source-address 00:01:05:00:00:00 ;
} then {
count c14 ;
qosprofile qp7 ;
} }
# RuleNo 3
entry dacl13 {
if match all {
ethernet-destination-address 00:01:05:00:00:00 ;
} then {
count c13 ;
redirect 1.1.5.100 ;
} }

History
This command was first available in ExtremeXOS 10.1.

The aclname option was removed in ExtremeXOS 11.1.

The ingress, egress, any, ports, and vlan options were added in ExtremeXOS 11.3.

Platform Availability
This command is available on all Universal switches supported in this document.

show access-list configuration

show access-list configuration

Description
Displays the ACL configuration.

Syntax Description
There are no arguments or variables for this command.

Default
N/A.

2558 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
This command displays the state of the ACL configuration, set by the following
commands:

enable access-list refresh blackhole

enable access-list permit to-cpu
configure access-list rule-compression port-counters
configure access-list vlan-acl-precedence

Example
The following command displays the state of the ACL configuration:

show access-list configuration

On a series switches, the output from this command is similar to the following:

Access-list Refresh Blackhole: Enabled

Access-list Permit To-CPU: Enabled
Access-list configured vlan-acl precedence mode: Dedicated or Shared
Access-list operational vlan-acl-precedence mode: Dedicated or Shared
Access-list Rule-compression Port-counters: Dedicated or Shared

The following displays how the output looks when "multiple matches" action resolution
mode is chosen:

Access-list Refresh Blackhole: Enabled

Access-list configured vlan-acl-precedence mode: Dedicated
Access-list operational vlan-acl-precedence mode: Dedicated
Access-list Rule-compression Port-counters: Dedicated
Access-list Action Resolution: Multiple

The following displays how the output looks when "highest priority only" action
resolution mode is chosen:

Access-list Refresh Blackhole: Enabled

Access-list configured vlan-acl-precedence mode: Dedicated
Access-list operational vlan-acl-precedence mode: Dedicated
Access-list Rule-compression Port-counters: Dedicated
Access-list Action Resolution: Highest Priority Only

The command show configuration acl also shows the configure access-list
action-resolution highest-priority command if "highest priority only" action
resolution mode is chosen:

show config acl

#
# Module acl configuration.
#
configure access-list action-resolution highest-priority

Switch Engine™ Command Reference Guide for version 32.7.1 2559

History Commands

History
This command was first available in ExtremeXOS 11.0.

The Access-list Permit to CPU configuration was added in ExtremeXOS 11.3.2.

The Access-list Rule-compression Port Counters configuration was added in

ExtremeXOS 12.3.

The Access-list Configured VLAN-ACL Precedence Mode configuration was added in

ExtremeXOS 12.3.

Platform Availability
This command is available on all Universal switches supported in this document.

show access-list counter

show access-list counter {countername} {any | ports port_list | vlan
vlan_name} {ingress | egress}

Description
Displays the specified access list counters.

Syntax Description
countername Specifies the ACL counter to display.
port_list Specifies to display the counters on these ports.
vlan_name Specifies to display the counters on the VLAN.
ingress Specifies to display ingress counters.
egress Specifies to display egress counters.

Default
The default direction is ingress.

Usage Guidelines
Use this command to display the ACL counters.

Example
The following example displays all the counters for all ACLs:

# sh access-list counter
Policy Name Vlan Name Port Direction
Counter Name Packet Count Byte Count

2560 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

==================================================================
temp * 15 ingress
mac1 0
mac2 2720
egressdeny * 15 egress
mac01count 0
temp * 20 egress
mac1 0
mac2 0

History
This command was first available in ExtremeXOS 10.1.

The egress option was first available in ExtremeXOS 11.3.

Platform Availability
This command is available on all Universal switches supported in this document.

show access-list counters process

show access-list counters process [snmp | telnet | ssh2 | http]

Description
Displays the access-list permit and deny statistics.

Syntax Description
snmp Specifies statistics for SNMP.
telnet Specifies statistics for Telnet.
ssh2 Specifies statistics for SSH2.
http Specifies statistics for HTTP.

Default
N/A.

Usage Guidelines
Use this command to display the access-list permit and deny statistics. The permit and
deny counters are updated automatically regardless of whether the ACL is configured
to add counters.

Switch Engine™ Command Reference Guide for version 32.7.1 2561

Example Commands

Example
The following command displays permit and deny statistics for the SNMP application:

# sh access-list counter process snmp

Following is sample output for this command:

show access-list counter process snmp

=============================================================
Access-list Permit Packets Deny Packets
=============================================================
a1 10 0
a3 0 25
a2 0 6
=============================================================
Total Rules : 3

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

show access-list dynamic rule

show access-list dynamic rule [rule | rule_li ] detail

Description
Displays the syntax of a dynamic ACL.

Syntax Description
rule Specifies the rule to display.
rule_li Specifies the dynamic rule name for
Lawful Intercept account only. You must
have lawful intercept user privileges to
specify this variable.
detail Specifies to display where the ACL has
been applied.

Default
N/A.

2562 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
None.

Example
The following command displays the syntax of the dynamic ACL udpacl:
show access-list dynamic rule udpacl

The output of the command is similar to the following:

entry udpacl {
if match all {
source-address 10.203.134.0/24 ;
destination-address 140.158.18.16/32 ;
protocol udp ;
source-port 190 ;
destination-port 1200 - 1250 ;
} then {
permit ;
} }

The following command displays where the dynamic ACL udpacl has been applied:
show access-list dynamic rule udpacl

The output of the command is similar to the following:

Rule updacl has been applied to the following interfaces.
Vlan Name Port Direction
=================================
* 1 ingress

The lawful intercept user can display the names of the existing dynamic ACLs and a
count of how many times each is used when the following command is issued:
* show access-list dynamic
Dynamic Rules: ((*)- Rule is non-permanent )
(*)hclag_arp_0_4_96_51_fe_b2 Bound to 0 interfaces for application HealthCheckLAG
(*)idmgmt_def_blacklist Bound to 0 interfaces for application IdentityManager
(*)idmgmt_def_whitelist Bound to 0 interfaces for application IdentityManager
(*)mirror-data Bound to 2 interfaces for application CLI

Use the following command to see the conditions and actions for a dynamic ACL:
* show access-list dynamic rule "mirror-data"
entry mirror-data {
if match all {
source-address 10.66.9.8/24 ;
protocol udp ;
} then {
permit ;
mirror law_mirror ;
} }

History
This command was first available in ExtremeXOS 11.3.

Switch Engine™ Command Reference Guide for version 32.7.1 2563

Platform Availability Commands

The detail keyword was added in ExtremeXOS 11.4.

The rule_li variable was added in ExtremeXOS 15.3.2.

Platform Availability
This command is available on all Universal switches supported in this document.

show access-list dynamic counter

show access-list dynamic counter {{countername} any | {countername}
ports port_list | {countername} vlan vlan_name} {ingress | egress}

Description
Displays the dynamic ACL counters.

Syntax Description
countername Display the counter.
any Specifies the wildcard ACL.
port_list Specifies which ports’ ACLs to display.
vlan_name Specifies which VLAN’s ACL to display.
ingress Display ingress ACLs.
egress Display egress ACLs.

Default
The default is to display all interfaces, ingress.

Usage Guidelines
None.

Example
The following command displays all the dynamic ACL counters:

# sh access-list dynamic counter

Vlan Name Port Direction
Counter Name Packet Count Byte Count
==================================================================
* 15 ingress
mac1Count 594
* 15 egress
egressCount 0

2564 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

The following command displays output with port number specified:

# sh access-list dynamic counter ports 15
Vlan Name Port Direction
Counter Name Packet Count Byte Count
==================================================================
* 15 ingress
mac1Count 757
* 15 egress
egressCount 0

The following command displays output with counter name specified:

# sh access-list counter mac1 ports 15,20
Policy Name Vlan Name Port Direction
Counter Name Packet Count Byte Count
==================================================================
temp * 15 ingress
mac1 0
temp * 20 egress
mac1 0

History
This command was first available in ExtremeXOS 11.3.

Platform Availability
This command is available on all Universal switches supported in this document.

show access-list dynamic

show access-list dynamic

Description
Displays the names of existing dynamic ACLs and a count of how many times each is
used.

Syntax Description
There are no arguments or variables for this command.

Default
N/A.

Usage Guidelines
This command displays the names of existing dynamic ACLs, and how many times the
ACL is used (bound to an interface).

To see the conditions and actions for a dynamic ACL, use the following command:

Switch Engine™ Command Reference Guide for version 32.7.1 2565

Example Commands

show access-list dynamic rule rule {detail}

Example
The following command displays names of all the dynamic ACLs:

show access-list dynamic

The following is sample output for this command:

Dynamic Rules:
Udpacl Bound to 1 interfaces
icmp-echo Bound to 1 interfaces

History
This command was first available in ExtremeXOS 11.3.

Platform Availability
This command is available on all Universal switches supported in this document.

show access-list interface

show access-list {rule rule {start} } [ any | port port | vlan
vlan_name ] {zone zone_name { appl-name appl_name {priority
number }}} {ingress | egress} {detail}

Description
Displays the specified ACL zones, including their priority, applications, and the
application priorities.

Syntax Description
any Displays all zones on the specified interface.
port port Displays all ACLs associated with the specified ports.
vlan vlan_name Displays all ACLs associated with the specified VLAN.
zone_name Specifies a zone to be displayed.
appl-name appl_name Displays information by application within a zone.
priority number Displays ACLs of the specified priority only, within an
application area.
ingress Displays ACLs applied to traffic in the ingress direction.
egress Displays ACLs applied to traffic in the egress direction.
detail Displays all ACLs applied to the specified interface.

2566 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
Use this command to display the ACL zones, applications, and priorities.

Specifying a zone will show all the ACLs installed in the particular zone. Specifying a
priority within a zone will show all the ACLs installed at a particular priority within a
zone.

Use the detail keyword to display all ACLs installed on a given interface.

Example
The following example displays the detailed view of the ACLs on port 1:1:

show access-list port 1:1 detail

The output of this command is similar to the following:

# show access-list port 1:1 detail

RuleNo Application Zone Sub Zone
==================================
1 CLI myZone 1
entry mac1 {
if match all {
ethernet-source-address 00:0c:29:e5:94:c1 ;
destination-address 192.168.11.144/32 ;
} then {
count mac1 ;
} }
2 CLI myZone 5
entry mac51 {
if match all {
ethernet-source-address 00:0c:29:e5:94:51 ;
} then {
count mack51;
} }
3 CLI myZone 5
entry mac52 {
if match all {
ethernet-source-address 00:0c:29:e5:94:52 ;
} then {
count mac52 ;
} }

The following example displays the detailed view of the priority 5 ACLs in the zone
myzone on port 1:1:

# show access-list port 1:1 zone myZone priority 5 detail

RuleNo Application Zone Sub Zone
==================================
2 CLI myZone 5
entry mac51 {

Switch Engine™ Command Reference Guide for version 32.7.1 2567

History Commands

if match all {
ethernet-source-address 00:0c:29:e5:94:51 ;
} then {
count mack51;
} }
3 CLI myZone 5
entry mac52 {
if match all {
ethernet-source-address 00:0c:29:e5:94:52 ;
} then {
count mac52 ;
} }

The following example displays the priority 5 ACLs in the zone myzone on port 1:1:

# show access-list port 1:1 zone myZone priority 5

#Dynamic Entries ((*)- Rule is non-perminent )
RuleNo Name Application Zone Sub-Zone
1 mac51 CLI myZone 5
2 mac52 CLI myZone 5

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available on all Universal switches supported in this document.

show access-list meter

show access-list meter {metername} [any | ports [port_list ] | vlan
vlanname ] {ingress | egress}

Description
Displays the specified access list meter statistics and configurations.

Syntax Description
meter-name Specifies the ACL meter to display.
out-of-profile Show the meter out-of-profile status.
disabled-ports Show the meter out-of-profile status that resulted in
disable-port action.
port_list Specifies the port list name to display the meters on.
port_group Specifies a port group name to display the meters on.
vlan_name Specifies to display the meters on the VLAN.
global-count Counter of all the rules using a per-port meter.

2568 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

ingress ACLs applied to ingress.

egress ACLs applied to egress.

Default
N/A.

Usage Guidelines
Use this command to display the ACL meters.

Example
The following example displays access list meter information for port 7:1:
# show access-list meter ports 1-4
==========================================================================
Policy Name Vlan Name Port
Committed Max Burst Out-of-Profile Out-of-Profile
Meter Rate (Kbps) Size Action DSCP Packet Count
===============================================================================
(none) * 2
ingmeter3 3000000 Kbps 300000 Kb - - - Dr - 123456
ingmeter4 4000000 pps 400000 pkt - - - Dr - 0
(none) * 3
ingmeter12 Max 123456 Kb - - - Dr - 0
ingmeter3 3000000 Kbps 300000 Kb - - - Dr - 0
ingmeter4 4000000 pps 400000 pkt - T - Dr - 0
(none)
ingmeter12 Max 123456 Kb L T D DrP 64 871234
ingmeter3 3000000 Kbps 300000 Kb - - D Dr - 0
ingmeter4 4000000 pps 400000 pkt L - D Dr - 0

Action : (D) Disable Port, (Dr) Drop, (DrP) Set Drop Precedence,
(L) Log, (T) Trap

History
This command was available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

show access-list network-zone

show access-list network-zone {zone_name}

Description
Displays the network-zones configured, the number of attributes configured, and the
number of policy files that have the specified zones in it.

Switch Engine™ Command Reference Guide for version 32.7.1 2569

Syntax Description Commands

Syntax Description
network-zone Specifies the logical group of remote devices.
zone_name Specifies the network-zone name.

Default
N/A.

Usage Guidelines
Use this command to display detailed information about a particular network-zone, the
attibutes configured in the zone, and the policies bound to the zone.

Example
The following example displays network-zone statistics for all configured zones:

Switch # sh access-list network-zone

============================================================
Network Zone No. of No. of Policies
Entities Bound
============================================================
zone1 5 2
zone2 3 1
zone3 0 0
============================================================
Total Network Zones : 3

This example displays statistics for the specified zones, “zone1”, and “zone2”:

Switch #show access-list network-zone zone1

Network-zone : zone1
Total Attributes : 3
Attributes : 10.1.1.1 / 32
10.1.1.1 / 30
10.1.1.0 / 24
No. of Policies : 1
Policies : test
Switch # sh access-list network-zone zone2
Network-zone : zone2
No. of Entities : 3
Entities : 00:00:00:00:00:22 / ff:ff:ff:ff:ff:ff
00:00:00:00:00:23 / ff:ff:ff:ff:00:00
00:00:00:00:00:24 / ff:ff:ff:ff:ff:00
No. of Policies : 0

History
This command was first available in ExtremeXOS 15.2.

2570 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

show access-list usage acl-mask port

show access-list usage acl-mask port port

Description
Displays the number of ACL masks consumed by the ACLs on a particular port.

Syntax Description
port Displays the usage on the specified port.

Default
N/A.

Usage Guidelines
Use this command to display how many masks are currently consumed on a port.

Example
The following example displays the ACL mask usage on port 1:1:

Switch.8 # show access-list usage acl-mask port 1:1

Used: 3 Available: 12

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

show access-list usage acl-range port

show access-list usage acl-range port port

Description
Displays the number of Layer 4 port ranges consumed by the ACLs on the slices that
support a particular port.

Switch Engine™ Command Reference Guide for version 32.7.1 2571

Syntax Description Commands

Syntax Description
port Specifies to display the usage for the slices that support
this port.

Default
N/A.

Usage Guidelines
ExtremeSwitching series switches can support a total of 16 Layer4 port ranges among
the slices that support each group of 24 ports.

Use this command to display how many of these Layer4 ranges are currently
consumed by the ACLs on the slices that support a particular port. The output of this
command also displays which ports share the same slices as the specified port.

Example
The following example displays the Layer4 range usage on port 9:1:

Switch.3 # show access-list usage acl-range port 9:1

Ports 9:1-9:12, 9:25-9:36
L4 Port Ranges: Used: 4 Available: 12

History
This command was first available in ExtremeXOS 11.5.

Platform Availability
This command is available on all Universal switches supported in this document.

show access-list usage acl-rule port

show access-list usage acl-rule port port

Description
Displays the number of ACL rules consumed by the ACLs on a particular port or on the
slices that support a particular port.

Syntax Description
port Specifies to display the usage on this port.

2572 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
Use this command to display the rules used per slice, and also display the rule usage of
the specified port.

Example
The following example displays the ACL rule usage on port 5:

Switch.3 # show access-list usage acl-rule port 5

Ports 1-12, 25-36
Total Rules: Used: 34 Available: 990
In ExtremeXOS 15.5.1 and onwards, unless there is at least 1 rule in a given slice, the slice
is not allocated. Since the slice is not yet allocated, a physical slice is not assigned to a
virtual slice. So in this previous example, "used" displays what is used in that particular
slice, and "available" shows the remaining rules in that particular used slice.

The following example displays the ACL ingress and egress rule usage on port 5:1:

Switch.4 # show access-list usage acl-rule port 5:1

Ports 5:1-5:48
Total Ingress/Egress Rules:
Used: 11 Available: 8181
Used: 1 Available: 1023

History
This command was first available in ExtremeXOS 11.4.

Platform Availability
This command is available on all Universal switches supported in this document.

show access-list usage acl-slice port

show access-list usage acl-slice port port

Description
Displays the number of ACL slices and rules consumed by the ACLs on the slices that
support a particular port.

Syntax Description
port Specifies to display the usage for the slices that support
this port.

Switch Engine™ Command Reference Guide for version 32.7.1 2573

Default Commands

Default
N/A.

Usage Guidelines
Use this command to display how many slices and how many rules per each slice
are currently consumed by the ACLs on the slices that support a particular port. This
command also displays which ports share the same slices as the specified port.

Beginning with ExtremeXOS 12.5, you can reserve or allocate a slice for a specific feature
such that rules for the feature does not share a slice with other components. A text
string has been added at the end of the output for each slice that indicates which
feature, if any, is reserving the slice. See the example below.

In ExtremeXOS 15.5.1 and onwards, unless there is at least one rule in a given slice, the
slice is not allocated. Since the slice is not yet allocated, a physical slice is not assigned
to a virtual slice. So "used" displays what is used in that particular slice, and "available"
shows the remaining rules in that particular used slice.

Slices are allocated or reserved as follows:

• user/other—The slice is used by user ACLs and/or other switch features.
• Reserved for: feature name—the slice is reserved for the named feature, for
instance VLAN statistics. Rules for this feature may not share a slice with other
features or user ACLs.
• system—The slice contains only rules used for certain specific switch features. User
ACLs may not share a slice with a system slice.

Example
The following example displays the ACL slice usage on port 1 or an ExtremeSwitching
X870 series switch:
# show access-list usage acl-slice port 1
Ports 1-93, 95, 97, 101, 105, 109, 113, 117, 121, 125
Stage: INGRESS Pipe 0
Group 3 Priority 31 Rules: Used: 10 Available 1014 system Double Reserved=FALSE
Reservations:
type num mode
Stage: INGRESS Pipe 1
Group 6 Priority 31 Rules: Used: 0 Available 2048 user/other IntraSliceDouble
Reserved=FALSE
Group 7 Priority 30 Rules: Used: 1 Available 2047 user/other IntraSliceDouble
Reserved=FALSE
Group 4 Priority 29 Rules: Used: 1 Available 2047 user/other IntraSliceDouble
Reserved=FALSE
Group 5 Priority 28 Rules: Used: 10 Available 758 system Double Reserved=FALSE
Reservations:
type num mode
Stage: INGRESS Pipe 2
Group 1 Priority 31 Rules: Used: 10 Available 1014 system Double Reserved=FALSE
Reservations:
type num mode
Stage: INGRESS Pipe 3
Group 2 Priority 31 Rules: Used: 10 Available 1014 system Double Reserved=FALSE

2574 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

Reservations:
type num mode
Stage: EGRESS
Slices: Used: 0 Available: 4
Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 256
Stage: LOOKUP
Slices: Used: 0 Available: 4
Virtual Slice * (physical slice 0) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 1) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 2) Rules: Used: 0 Available: 256
Virtual Slice * (physical slice 3) Rules: Used: 0 Available: 256
Stage: EXTERNAL

Virtual Slice : (*) Physical slice not allocated to any virtual slice.

History
This command was first available in ExtremeXOS 11.5.

Platform Availability
This command is available on all Universal switches supported in this document.

show access-list width

show access-list width [slot slotNo | all]

Description
Displays the wide ACL mode configured on the supported switch or slot.

Syntax Description
slotNo Specifies the slot to display.
all Specifies all slots.

Default
N/A.

Usage Guidelines
Use this feature to display the width of the ACL TCAM key configured on a switch as
being double wide or single wide.

Switch Engine™ Command Reference Guide for version 32.7.1 2575

Example Commands

Example
The following command displays the wide key mode on all slots:

show access-list width slot all

Following is sample output for this command:

Slot Type Width (Configured)
---- ---------------- ---------------------
1 X460G2-48t-10G4 Single
2 X460G2-48t-10G4 Single
3 X670G2-48x-4q Double
4 Single
5 Single
6 Single
7 Single
8 Single double

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

show accounts
show accounts

Description
Displays user account information for all users on the switch.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
You need to create a user account using the create account command before you can
display user account information.

To view the accounts that have been created, you must have administrator privileges.

2576 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

This command displays the following information in a tabular format:

• User Name—The name of the user. This list displays all of the users who have access
to the switch.
• Access—This may be listed as R/W for read/write or RO for read only.
• Login OK—The number of logins that are okay.
• Failed—The number of failed logins.
• Accounts locked out—Account configured to be locked out after three consecutive
failed login attempts (using the configure account password-policy lockout-
on-login-failures command).

Note
This command does not show the failsafe account.

Example
The following command displays user account information on the switch:
show accounts pppuser

Output from this command looks similar to the following:

User Name Access LoginOK Failed
-------------- ------- ------- ------
admin R/W 3 1
user RO 0 0
dbackman R/W 0 0
ron* RO 0 0
nocteam RO 0 0
----------------------------------------
(*) - Account locked

The following command displays the lawful intercept account distinguished by the
"R/L" displayed in the Access column:
* (Private) # show accounts
User Name Access LoginOK Failed
-------------------------------- ------ ------- ------
admin R/W 6 0
user RO 0 0
myLIuser R/L N/A N/A

History
This command was first available in ExtremeXOS 11.0.

Lawful intercept output was added in ExtremeXOS 15.3.2.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 2577

show accounts password-policy Commands

show accounts password-policy

show accounts password-policy

Description
Displays password policy information for all users on the switch.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
To view the password management information, you must have administrator
privileges.

The show accounts password-policy command displays the following information in

a tabular format:
• Global password management parameters applied to new accounts upon creation:
◦ Maximum age—The maximum number of days for the passwords to remain valid.
◦ History limit—The number of previous password that the switch scans prior to
validating a new password.
◦ Minimum length—The minimum number of characters in passwords.
◦ Character validation—The passwords must be in the specific format required by
the configure account password-policy char-validation command.
◦ Lockout on login failures—If enabled, the system locks out users after 3 failed
login attempts.
◦ Accounts locked out—Number of accounts locked out.
• User Name—The name of the user. This list displays all of the users who have access
to the switch.
• Password Expiry Date—Date the password for this account expires; may be blank.
• Password Max. age—The number of days originally allowed to passwords on this
account; may show None.
• Password Min. length—The minimum number of characters required for passwords
on this account; may show None.
• Password History Limit—The number of previous passwords the system scans to
disallow duplication on this account; may show None.

2578 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command displays the password management parameters configured
for each account on the switch:
# show accounts password-policy

---------------------------------------------------------------------------
Accounts global configuration(applied to new accounts on creation)
---------------------------------------------------------------------------
Password Max. age : None
Password Min. age : None
Password Min. Different Chars : 8
Password History limit : None
Password Min. length : None
Password Character Validation : Disabled
Accts. lockout on login failures: Disabled
Lockout time period : Until Cleared
------------------------------------------------------------------------------------------
----------------
User Name Expiry Max. Expiry Min. Min. Min. Hist
Lockout Lockout Flags
Date Age Date age len diff Limit
Time Time
(Max) (Min) char
Config Remain
-------------------------------- ------------ ---- ------------ ---- ---- ---- -----
------- ------- -----
admin None None None 0
None U - ---
user None None None 0
None U - ---
------------------------------------------------------------------------------------------
----------------
Lockout Time Config: (U) Account is locked until cleared via 'clear account <name>
lockout'.
Flags: (C) Password character validation enabled, (L) Account locked out,
(l) Account lockout on login failures enabled

History
This command was first available in ExtremeXOS 11.2.

Minimum different characters for changed password and minimum lifespan for
passwords information was added in ExtremeXOS 30.7.

Platform Availability
This command is available on all Universal switches supported in this document.

show auto-peering
show auto-peering {bgp | ospf}

Description
This command displays the status of BGP or OSPF auto-peering and the learned auto-
peering interfaces and corresponding remote peer information.

Switch Engine™ Command Reference Guide for version 32.7.1 2579

Syntax Description Commands

Syntax Description
ospf Shows OSPF auto-peering status and interface
information.
bgp Shows BGP auto-peering status and interface information.

Default
N/A

Usage Guidelines
All existing BGP show commands can be used to display the status of BGP peers and
routes.

Example
The following example shows the status of BGP auto-peering:
# show auto-peering bgp
Type : BGP
Password :
Id : 0
Router ID: 2.2.2.102
AS : 102

Peer Id Password
----------- ----------------------------------
2222 None
2223 #$75Zvb3YfCBE/4+eSQE5dA5T2lmhF5A==

VLAN Neighbor IP Address Router ID Remote AS Port Fabric ID

Peer
------------- ------------------------ --------------- ---------- ------- ---------- -----
SYS_BGP_0002 fe80::204:96ff:fe9d:66e8 3.3.3.103 103 69 0 Yes

The following example shows OSPF auto-peering information:

# show auto-peering ospf

Type : OSPF
Id : 0
Router ID: 1.1.1.54

VLAN Router ID Port Fabric ID Peer

------------- --------------- ------- ---------- -----
SYS_OSPF_0002 1.1.1.55 19 0 No

History
This command was first available in ExtremeXOS 22.5.

Peer ID and password information was added in ExtremeXOS 30.5.

The ospf option was added in ExtremeXOS 30.6.

2580 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

This feature requires the Advanced Edge license. For more information about licenses,
see the Switch Engine 32.7.1 Feature License Requirements.

show auto-peering one-config

show auto-peering one-config {remote | service | route | database |
bootprelay}

Description
Shows auto-peered OneConfig information configured on the device.

Syntax Description
auto-peering Specifies Auto-peering.
one-config Specifies changing the BGP Auto-peering OneConfig
configuration.
remote Displays only remote ID information.
service Displays only service information.
route Displays only host-driven static route information.
database Displays only overlay database information.
bootprelay Displays only BOOTP relay information.

Default
N/A.

Usage Guidelines
To configure remote IDs, use the configure auto-peering one-config remote id
[add | delete] id {password [none | {encrypted} tcpPassword]} command.

To configure services, use the configure auto-peering one-config nsi-id id

type [nsi | vrf] [add | delete] [[ipaddress {netmask} | ipNetmask ] |
ipNetmaskv6] {vr vrname } command.

To configure routes, use the configure auto-peering one-config iproute [add

| delete] [host | hostv6] [[ipaddress {netmask} | ipNetmask] gateway |
ipNetmaskv6 gatewayv6] {vr vrname } command.

To configure overlay databases, use the configure auto-peering one-config

overlay [add | delete] server [address | addressv6] {type bgp-rr } {id
id} {password [none | {encrypted} password]} command.

Switch Engine™ Command Reference Guide for version 32.7.1 2581

Example Commands

To configure BOOTP relay, use the configure auto-peering one-config bootprelay

[add | delete] [ip_address | ipv6_address] vr vrname comamnd.

Example
The following example shows all auto-peered OneConfig information:
# show auto-peering one-config
ID : 0
Password : None
Route Target : None
Anycast MAC : 00:00:00:1b:1b:1b

OneConfig Allowed Remote IDs

Remote ID Password
----------- ----------------------------------
23456 None
34567 #$HktHhKOFo/Tk1YtJC1pBz24ZMBHCGg==

OneConfig Dynamic Service

NSI Service Type VRF Address Installed

------------ -------- ------------ ------------------------------------------- ---------
1000 VRF red 0.0.0.0/0 YES
1001 NSI red 50.1.101.1/24 YES
1002 NSI red 50.1.102.1/24 YES
1003 NSI red 50.1.103.1/24 NO
1004 NSI red 50.1.104.1/24 YES
2000 VRF blue 0.0.0.0/0 YES
2001 NSI blue 50.1.201.1/24 YES
2002 NSI blue 50.1.202.1/24 YES
2003 NSI blue 50.1.203.1/24 NO
2004 NSI blue 50.1.204.1/24 YES
3001 NSI VR-Default 50.1.131.1/24 YES
3002 NSI VR-Default 50.1.132.1/24 YES
3003 NSI VR-Default 50.1.133.1/24 NO
4002 NSI VR-Default 1000:2000:3000:4000:5000:6000:7000:8000/128 NO

OneConfig Dynamic Host Static Routes

VRF Host Route Gateway

Installed
------------ ------------------------ --------------------------- -----------------------
---------
red 50.1.102.101 60.1.1.0/24 50.1.102.101
NO
red 50.1.103.104 70.1.1.0/24 50.1.103.104
NO
red 50.1.103.104 80.1.1.0/24 50.1.103.104
NO

OneConfig Overlay Database

Database Address Type ID Password

--------------------------------------- -------- --------------- -----------------------
50.1.133.104 Redis 2000 None
50.1.133.105 BGP_RR 2000 None

2582 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

OneConfig Dynamic Bootprelay

VRF Server
-------------------- ---------------------------------------
VR-Default 50.1.131.105
blue 50.1.201.105
red 50.1.101.105

History
This command was first available in ExtremeXOS 31.1.

Platform Availability
This command is available on all Universal switches supported in this document.

show auto-provision
show auto-provision {{vr} vr_name}

Description
Displays the current state of auto provision on the switch.

Syntax Description
vr_name Specifies the virtual router. This may be VR-Default or VR-
Mgmt only

Default
N/A.

Usage Guidelines
Use this command to display the current state and the statistics of the auto provision
feature on the switch.

Example
The following command displays all information on the current state of auto provision:

show auto-provision

Following is sample output for the command when the auto provision is enabled.
When “Enabled” the feature can be “In progress”, “Done”, or “Failed.”

(Auto-Provision) switch # show auto-provision

Switch Engine™ Command Reference Guide for version 32.7.1 2583

History Commands

---------------------------------------------------------------------------
VR-Name Auto-Provision Status Number of attempts
---------------------------------------------------------------------------
VR-Default Enabled (In progress) 2
VR-Mgmt Enabled (In progress) 1
switch # show auto-provision
---------------------------------------------------------------------------
VR-Name Auto-Provision Status Number of attempts
---------------------------------------------------------------------------
VR-Default Enabled (Done) 0
VR-Mgmt Enabled (Done) 0

The following command displays information on the current state of auto provision on
VR-Mgmt.

show auto-provision vr "VR-Mgmt"

Following is sample output for the command when auto provision is disabled:

switch # show auto-provision vr "VR-Mgmt"

DHCP Auto-Provision : Disabled
Number of attempts : 0

History
This command was first available in ExtremeXOS 12.5.

Platform Availability
This command is available on all Universal switches supported in this document.

show auto-provision cloud-connector

show auto-provision cloud-connector

Description
Displays Cloud Connector information.

Syntax Description
N/A.

Default
N/A.

Usage Guidelines
N/A.

2584 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Example
The following command displays the Cloud Connector information for starting the
Cloud Connector process.
show auto-provision cloud-connector

Sample output for when the Cloud Connector process is not running:
---------------------------------- --------------------------------------------
State Disabled
Serial Number TR022320Q-40031
---------------------------------- --------------------------------------------

Sample output for when the Cloud Connector process is enabled and the Cloud
Connector process is running:
---------------------------------- --------------------------------------------
State Enabled
Process NET TOOLS
Active VR VR-Mgmt
XIQ-SE Address 10.139.12.70
Serial Number TR022320Q-40031
---------------------------------- --------------------------------------------

Sample output for when the Cloud Connector process is enabled and the Cloud
Connector process is not running:
---------------------------------- --------------------------------------------
State Enabled
Process None
Serial Number PA062323G-00015
---------------------------------- --------------------------------------------

History
This command was first available in version 32.7.1.

Platform Availability
This command is available on all Universal switches supported in this document.

show automation edge database

show automation edge database

Description
Displays Automation Edge remote VXLAN network identifier (VNI)-device database
information.

Switch Engine™ Command Reference Guide for version 32.7.1 2585

Syntax Description Commands

Syntax Description
automation Displays Automation Edge VXLAN VNI-device database
information.
edge Specifies Automation Edge.
database Specifies Automation Edge database information.

Default
N/A.

Usage Guidelines
N/A.

Example
The following example shows database information:
# show automation edge database
Database Name Status
------------- ------
SampleDB Up

Database Name Status

------------- ------
SampleDB Down

History
This command was first available in ExtremeXOS 31.1 as a demonstration feature.

This command is fully supported in ExtremeXOS 31.2.

Platform Availability
This command is available on the ExtremeSwitching 5520 platform.

show automation edge devices

show automation edge devices {vni vni}

Description
Displays network devices information for an Automation Edge remote VXLAN network
identifier (VNI)-device database.

2586 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
automation Displays Automation Edge VXLAN VNI-device database
information.
edge Specifies Automation Edge.
devices Specifies network devices information, such as switches or
APs.
vni A unique 24-bit Virtual Network Identifier";%
vni Virtual Network Identifier value between 1 and 16777215";

Default
N/A.

Usage Guidelines
This command shows the details about the network devices, including device identifier,
IP address of the device, MAC address of the device, and the device type (access point
or switch).

Example
The following example shows network devices information:
# show automation edge devices
VNI Device Name Serial Number IP Address Type
----- ------------------------ ------------------------ --------------- ------
30 APName1 1111222233334444_110 200.200.200.10 AP
31 APName2 1111222233334444_11 200.200.200.1 AP

The following example shows network devices information for VNI "100":
# show automation edge devices vni 100
Device Name Serial Number IP Address Type
------------------------ ------------------------ --------------- ------
APName1 1111222233334444_15 200.200.200.5 AP
APName2 1111222233334444_17 200.200.200.7

History
This command was first available in ExtremeXOS 31.1 as a demonstration feature.

This command is fully supported in ExtremeXOS 31.2.

Platform Availability
This command is available on the ExtremeSwitching 5520 platform.

show avb
show avb

Switch Engine™ Command Reference Guide for version 32.7.1 2587

Description Commands

Description
Displays a summary of MSRP, MVRP, and gPTP configuration on the switch.

Syntax Description
avb Audio Video Bridging.

Default
N/A.

Usage Guidelines
Use this command to display a summary of MSRP, MVRP, and gPTP configuration and
status on the switch.

Example

#show avb
gPTP status : Enabled
gPTP enabled ports : *17d *19d

MSRP status : Enabled

MSRP enabled ports : !3 *17ab *19a

MVRP status : Enabled

MVRP enabled ports : *17 *19

Flags: (*) Active, (!) Administratively disabled,

(a) SR Class A allowed, (b) SR Class B allowed,
(d) Disabled gPTP port role, (m) Master gPTP port role,
(p) Passive gPTP port role, (s) Slave gPTP port role.

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on all ExtremeSwitching Universal switches that support the
AVB feature.

show bandwidth pool

show bandwidth pool [ingress | egress | duplex] vlan vlan_name

Description
Displays the configured bandwidth pool settings for the specified VLAN.

2588 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
ingress Displays configured bandwidth pool settings for incoming
traffic only.
egress Displays configured bandwidth pool settings for outgoing
traffic only.
duplex Displays configured bandwidth pool settings for traffic in
both directions.
vlan_name Displays configured bandwidth pool settings only for the
specified VLAN.

Default
N/A.

Usage Guidelines
This command displays the configured bandwidth pool settings for a VLAN. Values
displayed include the VLAN, maximum reserveable bandwidth (both ingress and
egress), and bandwidth reserved by application and by priority level.

Example
The following command displays bandwidth pool settings and accepted bandwidth
reservations for all ports:

show bandwidth pool duplex vlan vlan_1

# show bandwidth pool duplex vlan vlan_1
(mbps) Rsvd CIRBW Cmmt Cmmt CIRBW
Vlan Dir Phy BE Limit Pools Total Avail
----------------------------------------------------
vlan_1 Rx 1000 0 1000 300 300 700
Tx 1000 0 1000 500 500 500
---------------------------------------------------------------
(mbps) CIRBW Available in Pool (per priority level)
Appl Dir Pool 0 1 2 3 4 5 6 7
---------------------------------------------------------------
mpls Rx 300 300 300 290 290 290 290 290 290
Tx 500 500 500 491 491 491 491 491 491
(Rx)-Receive, (Tx)-Transmit (BE)-Best Effort

History
This command was first available in ExtremeXOS 11.6.

Platform Availability
This command is available only on the platforms that support MPLS as described in the
Switch Engine 32.7.1 Feature License Requirements document.

Switch Engine™ Command Reference Guide for version 32.7.1 2589

show banner Commands

show banner
show banner { after-login | before-login }

Description
Displays the user-configured banners.

Syntax Description
after-login Specifies the banner that is displayed after login.
before-login Specifies the banner that is displayed before login.

Default
N/A.

Usage Guidelines
Use this command to display specific configured CLI banners.

If no keywords are specified, all configured banners are displayed. To display a specific
banner, use the before-login or after-login keyword.

Example
The following command displays the configured CLI switch banners:
show banner

Output from this command varies depending on your configuration; the following is
one example:

Before-login banner:
Extreme Networks Summit Switch
#########################################################
Unauthorized Access is strictly prohibited.
Violators will be prosecuted
#########################################################
Acknowledge: Enabled
After-login banner:
Press any key to continue

History
This command was first available in ExtremeXOS 10.1.

The after-login option was added in ExtremeXOS 12.5.

2590 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Platform Availability

Platform Availability
This command is available on all Universal switches supported in this document.

show banner netlogin

show banner netlogin

Description
Displays the user-configured banner string for network login.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Use this command to view the banner that is displayed on the network login page.

Example
The following command displays the network login banner:

show banner netlogin

If a custom banner web page exists, show banner netlogin generates the following
output:
*********** Testing NETLOGIN BANNER at <system name>***********
NOTE: Banner is not in use. Overridden since custom login page
"netlogin_login_page.html" is present.

If a custom banner web page does not exist, show banner netlogin generates the
following output:
*********** Testing NETLOGIN BANNER at <system name>***********

History
This command was first available in ExtremeXOS 11.1.

Platform Availability
This command is available on all Universal switches supported in this document.

Switch Engine™ Command Reference Guide for version 32.7.1 2591

show bfd Commands

show bfd
show bfd

Description
Displays information on existing BFD sessions.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Use this command to show the status of the current BFD sessions.

The following session states are displayed:

• Init—The state when BFD is establishing the session.
• Down—The state when BFD detects that the session is down.
• Admin Down—The state when the user disables BFD on that interface.
• Up—The state when the BFD session is established.

Example
The following command displays information on current BFD sessions:
# show bfd

Following is sample output from this command:

Number of sessions : 2
Sessions in Init State : 0
Sessions in Down State : 0
Sessions in Admin Down State : 1
Sessions in Up State : 1

SNMP Traps for Session Down : Enabled

SNMP Traps for Session Up : Enabled
SNMP Traps Batch Delay : 1000 ms
Hardware Assist Operational State : Enabled
(or)
:
Disabled
(Incapable heterogeneous stack)
(Incapable standalone platform)
(Loopback port not configured)
Hardware Assist Primary Loopback Port : 1:1
Hardware Assist Secondary Loopback Port : None
Maximum # of Hardware Assist Sessions : 2047

2592 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.4.

The hardware assist output was added in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

show bfd counters

show bfd counters

Description
Displays the readings of the global BFD counters.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
Use this command to display global BFD counters.

To clear the counters, use the clear counters bfd command.

Example
The following command displays BFD global counters:
# show bfd counters

Valid Tx Pkt : 177 Valid Rx Pkt : 177

Rx Invalid TTL : 0 Rx Invalid UDP SrcPort : 0
Interface Not found : 0 Rx Invalid Version : 0
Rx Invalid Length Pkt : 0 Rx Invalid Multiplier : 0
Rx Invalid Demand Mode : 0 Rx Poll & Final set : 0
Rx Invalid My Discriminator : 0 Rx Invalid Your Discriminator : 0
Rx Invalid Auth Length : 0 Rx session Not Found : 6
Auth Type Fails : 0 Authentication Fails : 0

Switch Engine™ Command Reference Guide for version 32.7.1 2593

History Commands

Tx Fails : 0 Rx Discarded Pkt : 0

Rx Invalid Multipoint : 0

Note
The Rx session Not Found counter is incremented when the BFD session
corresponding to the received BFD packet is not found. The Rx Discarded Pkt
counter is incremented when the neighbor state indicated in the BFD packet
is not one of the expected/allowed states.

History
This command was first available in ExtremeXOS 12.4.

Rx Invalid Multipoint information was added in ExtremeXOS 30.7.

Platform Availability
This command is available on all Universal switches supported in this document.

show bfd session client

show bfd session client [ bgp {ipv4 | ipv6} | mpls | ospf {ipv4 | ipv6}
| static {ipv4 | ipv6}] {vr [vrname | all]}

Description
Displays the BFD session information for a specified client.

Syntax Description
bgp BGP
mpls Specifies an MPLS client.
ospf OSPF protocol.
ipv4 Displays sessions requested by IPv4 version client, e.g.
OSPFv2 (Default).
ipv6 Displays sessions requested by IPv6 version client, e.g.
OSPFv3.
static Specifies a static route.
vrname Specifies the name of the virtual router.

Default
IPv4.

2594 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Usage Guidelines

Usage Guidelines
Use this command to display session information for a specified client.

Example
The following command displays the BFD sessions for an MPLS client on all VRs:
# show bfd session client mpls vr all

Following is sample output from this command:

Neighbor Interface Detection Status
--------- -------- --------- -----
10.10.10.2 vlan10 3000 Up
===============================================
NOTE: All timers in milliseconds.

History
This command was first available in ExtremeXOS 12.4.

Support for BFD protected static route was added in ExtremeXOS 12.5.3.

The ospf keyword was added in ExtremeXOS 15.3.2.

Support for border gateway protocol (BGP) was added in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

show bfd session counters missed-hellos

show bfd session counters missed-hellos {session-id first {- last} |
neighbor ipaddress {vr [vrname | all]} | vr [vrname| all]} {detail |
no-refresh | refresh}

Description
This command displays statistics of missed hello packets.

Syntax Description
session-id Display statistics for sessions having session ID within the
given range.
first Only or first of range of session
last Last of range of session ID.
ipaddress Specify IPv4 or IPv6 Destination address.
vr Virtual router.

Switch Engine™ Command Reference Guide for version 32.7.1 2595

Default Commands

vrname Virtual router name.

all All virtual routers.
detail Detailed view of statistics.
no-refresh Page by page display without continuous refresh.
refresh Continuous refresh of output.

Default
Refresh.

Usage Guidelines
You can select the sessions by either neighbor IP address, by range of session IDs, by
VR or display all the available sessions. Display selection by session ID is useful if the
neighbor IP is link-local and VLAN name is long (i.e. close to 32 characters).

Example
The following example displays summary view with the refresh option.
# show bfd session counters missed-hellos
===============================================================================
Neighbor Session ID Number Of
Misses
1 2 2+
===============================================================================
fe80::204:96ff:fe7e:c2f%test 251 15 8 7
fe80::204:96ff:fe7e:c2f%verify 252 10 6 4
50.0.0.1 300 >9999 >9999 >9999

History
This command was first available in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

show bfd session counters vr all

show bfd session {ipv4 | ipv6} {ipaddress} counters {vr [vrname | all]}

Syntax Description
ipv4 Displays all IPv4 sessions.
ipv6 Displays all IPv6 sessions.
ipaddress Displays sessions in specified VR.

2596 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
Displays all IPv4 sessions counters by default if IPv4 or IPv6 is not specified.

Usage Guidelines
Use this command to display BFD session counters.

To clear the counters, use the clear counters bfd command.

Example
The following command displays the session counters:
# show bfd session counters vr all

Following is sample output from this command:

Neighbor : 10.10.10.1 Interface : vlan10Vr-Name : bfd_vr10

Valid Rx Pkt : 87
Total Tx Pkt : 87
Auth Type Fails : 0
Authentication Fails : 0
Discarded Pkt : 0

History
This command was first available in ExtremeXOS 12.4.

IPv6 version of this command was added in ExtremeXOS 15.3.2.

Platform Availability
This command is available on all Universal switches supported in this document.

show bfd session detail vr all

show bfd session {ipv4 | ipv6} {ipaddress } detail {vr [vrname | all]}

Description
Displays detailed information about a BFD session.

Syntax Description
ipv4 Displays all IPv4 sessions.
ipv6 Displays all IPv6 sessions.
ipaddress Displays sessions in specified VR.
vrname Displays sessions in specified VR.

Switch Engine™ Command Reference Guide for version 32.7.1 2597

Default Commands

Default
Displays all IPv4 sessions by default if ipv4 or ipv6 is not specified.

Usage Guidelines
Use this command to display BFD session information in detail.

Example
The following command displays the BFD session information in detail:
show bfd session detail vr all

Following is sample output from this command:

# show bfd session detail vr all
Neighbor : 10.10.10.1 Local : 10.10.10.2
Vr-Name : bfd_vr10 Interface : vlan10
Session Type : Single Hop State : Up
Detect Time : 3000 mc Age : 250 ms
Discriminator (local/remote) : 1 / 1
Demand Mode (local/remote) : 0 / 0
Poll (local/remote) : 0 / 0
Tx Interval (local/remote) : 1000 / 1000 ms
Rx Interval (local/remote) : 1000 / 1000 ms
oper Tx Interval : 1000 ms
oper Rx Interval : 1000 ms
Multiplier (local/remote) : 3 / 3
Local Diag : 0 (No Diagnostic)
Remote Diag : 0 (No Diagnostic)
Authentication : None
Clients : MPLS,
Uptime : 00 days 00 hours 00 minutes 41 seconds
Up Count : 1
Last Valid Packet Rx : 00:51:49.300000
Last Packet Tx : 00:51:48.820000
The following command displays a specified IPv6 BFD session in detail:
# show bfd session fe80::204:96ff:fe1f:a800%v2 detail

Neighbor : fe80::204:96ff:fe1f:a800
Local : fe80::204:96ff:fe27:2c6a
VR-Name : VR-Default Interface : v2
Session Type : Single Hop State : Up
Detect Time : 60000 ms Age : 460 ms
Discriminator (local/remote) : 1 / 1
Demand Mode (local/remote) : Off / Off
Poll (local/remote) : Off / Off
Tx Interval (local/remote) : 20000 / 1000 ms
Rx Interval (local/remote) : 20000 / 1000 ms
Oper Tx Interval : 20000 ms
Oper Rx Interval : 20000 ms
Multiplier (local/remote) : 3 / 3
Local Diag : 0 (No Diagnostic)
Remote Diag : 0 (No Diagnostic)
Authentication : None
Clients : OSPFv3
Uptime : 00 days 01 hours 35 minutes 43 seconds
Up Count : 9
Last Valid Packet Rx : 12:27:36.464105
Last Packet Tx : 12:27:19.34236

2598 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 12.4.

IPv6 version was added in ExtremeXOS 15.3.2.

Platform Availability
This command is available on all Universal switches supported in this document.

show bfd session vr all

show bfd session {ipv4 | ipv6} {ipaddress } { vr [vrname |all ] }

Description
Displays general information about a BFD session.

Syntax Description
ipv4 Displays all IPv4 sessions.
ipv6 Displays all IPv6 sessions.
ipaddress Displays session that has specified address as destination address.
vrname Displays sessions in specified VR.

Default
Displays all IPv4 sessions by default if ipv4 or ipv6 keyword is not specified.

Usage Guidelines
Use this command to display general information about a BFD session.

Example
The following command displays general information about the BFD session:
# show bfd session vr all

Following is sample output from this command:

Neighbor Interface Clients Detection Status VR

=============================================
30.30.30.2 bfdVlan ----s 0 Down VR-Default
=============================================
Clients Flag: b - BGP, m - MPLS, o - OSPF, s - Static
NOTE: All timers in milliseconds.

Switch Engine™ Command Reference Guide for version 32.7.1 2599

History Commands

Following is sample output with hardware assist information displayed:

)
# show bfd session detail vr all
Neighbour : 10.10.10.1 Local : 10.10.10.2
Vr-Name : bfd_vr10 Interface : bfd_vlan10
Session Type : Single Hop State : Up
…
Up Count : 1
Last Valid Packet Rx : 00:51:49.300000
Last Packet Tx : 00:51:48.8200000
Hardware Assist : Yes

Neighbour : 10.10.11.1 Local : 10.10.11.2

Vr-Name : bfd_vr10 Interface : bfd_vlan11
Session Type : Single Hop State : Up
…
Up Count : 1
Last Valid Packet Rx : 00:51:49.300000
Last Packet Tx : 00:51:48.8200000
Hardware Assist : Yes

History
This command was first available in ExtremeXOS 12.4.

The hardware assist example output was added in ExtremeXOS 21.1.

Support for BGP was added in ExtremeXOS 21.1.

Platform Availability
This command is available on all Universal switches supported in this document.

show bfd vlan counters

show bfd vlan {vlan_name} counters

Description
Displays BFD counters on a specified VLAN.

Syntax Description
vlan_name Specifies the VLAN name.

Default
N/A.

Usage Guidelines
Use this command to display counter readings for a specified VLAN.

2600 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

This command is not supported by hardware-assisted BFD.

Example
The following command displays the counter readings for the VLAN vlan10:
# show bfd vlan vlan10 counters

Following is sample output from this command:

VLAN : vlan10
Valid Rx Pkt : 144
Total Tx Pkt : 144
Auth Type Fails : 0
Authentication Fails : 0
Discarded Pkt : 0
Rx session Not Found : 6

Note
The Discarded Pkt counter is incremented when the neighbor state indicated
in the BFD packet is not one of the expected/allowed states. The Rx session
Not Found counter is incremented when the BFD session corresponding to the
received BFD packet is not found.

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

show bfd vlan

show bfd vlan {vlan_name}

Description
Displays the BFD settings for the specified VLAN.

Syntax Description
vlan_name Specifies the VLAN name.

Default
N/A.

Switch Engine™ Command Reference Guide for version 32.7.1 2601

Usage Guidelines Commands

Usage Guidelines
Use this command to display the BFD settings on a specified VLAN.

Example
The following command displays the BFD settings for the VLAN vlan10:
# show bfd vlan vlan10

Following is sample output from this command:

VLAN : vlan10
BFD : Enabled
Tx Interval : 1000
Rx Interval : 1000
Detection Multiplier : 3
Authentication : None

History
This command was first available in ExtremeXOS 12.4.

Platform Availability
This command is available on all Universal switches supported in this document.

show bgp
show bgp

Description
Displays BGP configuration information.

Syntax Description
This command has no arguments or variables.

Default
N/A.

Usage Guidelines
None.

Example
The following command examples display various BGP configurations:

2602 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Output for show bgp for a VRF (PE-CE Protocol, RD and RT configured):

(virtual-router vrf-foo) # show bgp

Enabled : No OperStatus : Down
RouterId : 3.3.3.3 AS : 200
LocalPref : 100 MED : None
Always-Compare-MED : Disabled Aggregation : Disabled
Route Reflector : No RR ClusterId : 0
IGP Synchronization : Disabled New Community Format: Disabled
Routes from EBGP : 2 Routes from IBGP : 0
Routes redistributed: 1 Out Updates queued : 0
Fast Ext Fallover : Disabled MPLS LSP as Next-Hop: No
AS Disp Format : Asplain Maximum ECMP Paths : 1
ConfedId : 0 Multipath-Relax : Disabled
Confed Peers :
Networks : 2
ipv4-unicast 10.0.0.0/16 network-policy nwk.pol
ipv4-multicast 11.0.0.0/16 network-policy nwk.pol
Aggregate Networks : 2
ipv4-unicast 21.0.0.0/8 as-match advertise-policy: agg.pol
ipv4-multicast 22.0.0.0/8 as-set summary-only advertise-policy: agg.pol
Route Statistics:
Address family EBGP IBGP Redist.
--------------------------------------------
ipv4-unicast 0 0 0
ipv4-multicast 0 0 0

Redistribute :
--------------------------------------------------------------------------------
Address Family

Route Type Flags Priority Policy

--------------------------------------------------------------------------------
ipv4-unicast

Direct EO 2048 None

ipv6-multicast

Direct EO 2048 None

--------------------------------------------------------------------------------
Flags: (E) Export Enabled, (L) Export Operationally Off due to Low Memory,

(O) Export Operationally On

Advertise Inactive Routes:

ipv4-unicast : Disabled
ipv4-multicast : Disabled
ipv6-unicast : Disabled
ipv6-multicast : Disabled
ipv4-vxlan : Disabled

Output of show bgp for a VRF (PE-CE Protocol, RD and RT “not” configured):
# show bgp
Enabled : No OperStatus : Down
RouterId : 3.3.3.3 AS : 200
LocalPref : 100 MED : None
Always-Compare-MED : Disabled Aggregation : Disabled
Route Reflector : No RR ClusterId : 0
IGP Synchronization : Disabled New Community Format: Disabled
Fast Ext Fallover : Disabled MPLS LSP as Next-Hop: No

Switch Engine™ Command Reference Guide for version 32.7.1 2603

Example Commands

AS Disp Format : Asplain Maximum ECMP Paths : 1

ConfedId : 0 Outbound rt. filter : Enabled
Confed Peers :
Networks : 4
ipv4-unicast 10.0.0.0/16 network-policy nwk.pol
ipv4-multicast 11.0.0.0/16 network-policy nwk.pol
ipv6-unicast 2001::/64 network-pol nwk6.pol
ipv6-multicast 2001::/64 network-pol nwk6.pol
Aggregate Networks : 4
ipv4-unicast 21.0.0.0/8 as-match advertise-policy: agg.pol
ipv4-multicast 22.0.0.0/8 as-set summary-only advertise-policy: agg.pol
ipv6-unicast 2003::/64 as-match advertise-policy: agg6.pol
ipv6-multicast 2004::/64 as-set advertise-policy: agg6.pol

Route Statistics:
Address family EBGP IBGP Redist.
--------------------------------------------
ipv4-unicast 0 0 0
ipv4-multicast 0 0 0
ipv6-unicast 0 0 0
ipv6-multicast 0 0 0

Redistribute:

--------------------------------------------------------------------------------
Address Family
Route Type Flags Priority Policy
--------------------------------------------------------------------------------
ipv4-unicast
Direct EO 2048 None
ipv6-multicast
Direct EO 2048 None
--------------------------------------------------------------------------------

Flags: (E) Export Enabled, (L) Export Operationally Off due to Low Memory,

(O) Export Operationally On

Advertise Inactive Routes:

ipv4-unicast : Disabled
ipv4-multicast : Disabled
ipv6-unicast : Disabled
ipv6-multicast : Disabled
ipv4-vxlan : Disabled

If BGP is added as a protocol inside a heavy-weight VR, normal BGP peering applies
with the addition of vpnv4 address family support:
# show bgp
Enabled : No OperStatus : Down
RouterId : 3.3.3.3 AS : 200
LocalPref : 100 MED : None
Always-Compare-MED : Disabled Aggregation : Disabled
Route Reflector : No RR ClusterId : 0
IGP Synchronization : Disabled New Community Format: Disabled
Fast Ext Fallover : Disabled MPLS LSP as Next-Hop: No
AS Disp Format : Asplain Maximum ECMP Paths : 1
ConfedId : 0 Outbound rt. filter : Enabled
Confed Peers :
Networks : 4
ipv4-unicast 10.0.0.0/16 network-policy nwk.pol
ipv4-multicast 11.0.0.0/16 network-policy nwk.pol
ipv6-unicast 2001::/64 network-pol nwk6.pol
ipv6-multicast 2001::/64 network-pol

2604 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

nwk6.pol
Aggregate Networks : 4
ipv4-unicast 21.0.0.0/8 as-match advertise-policy: agg.pol
ipv4-multicast 22.0.0.0/8 as-set summary-only advertise-policy: agg.pol
ipv6-unicast 2003::/64 as-match advertise-policy: agg6.pol
ipv6-multicast 2004::/64 as-set advertise-policy: agg6.pol

Route Statistics:
Address family EBGP IBGP Redist.
--------------------------------------------
ipv4-unicast 0 0 0
ipv4-multicast 0 0 0
vpnv4 0 0 0
ipv6-unicast 0 0 0
ipv6-multicast 0 0 0

Redistribute:
ipv4 Admin Operational Shutdown Policy
unicast Status Status Priority
----------------------------------------------------
Direct Disabled Down 2048 None
Static Disabled Down 2048 None
RIP Disabled Down 2048 None
BlackHole Disabled Down 2048 None
OSPFIntra Disabled Down 2048 None
OSPFInter Disabled Down 2048 None
OSPFExt1 Disabled Down 2048 None
OSPFExt2 Disabled Down 2048 None
ISISL1 Disabled Down 2048 None
ISISL2 Disabled Down 2048 None
ISISL1Ext Disabled Down 2048 None
ISISL2Ext Disabled Down 2048 None

ipv4 Admin Operational Shutdown Policy

multicast Status Status Priority
----------------------------------------------------
Direct Disabled Down 2048 None
Static Disabled Down 2048 None
RIP Disabled Down 2048 None
BlackHole Disabled Down 2048 None
OSPFIntra Disabled Down 2048 None
OSPFInter Disabled Down 2048 None
OSPFExt1 Disabled Down 2048 None
OSPFExt2 Disabled Down 2048 None
ISISL1 Disabled Down 2048 None
ISISL2 Disabled Down 2048 None
ISISL1Ext Disabled Down 2048 None
ISISL2Ext Disabled Down 2048 None

ipv6 Admin Operational Shutdown Policy

unicast Status Status Priority
-----------------------------------------------------
Direct Disabled Down 2048 None
Static Disabled Down 2048 None
Ripng Disabled Down 2048 None
Ospfv3-intra Disabled Down 2048 None
Ospfv3-inter Disabled Down 2048 None
Ospfv3-extern1 Disabled Down 2048 None
Ospfv3-extern2 Disabled Down 2048 None
ISISL1 Disabled Down 2048 None
ISISL2 Disabled Down 2048 None
ISISL1Ext Disabled Down 2048 None
ISISL2Ext Disabled Down 2048 None

Switch Engine™ Command Reference Guide for version 32.7.1 2605

History Commands

ipv6 Admin Operational Shutdown Policy

multicast Status Status Priority
-----------------------------------------------------
Direct Disabled Down 2048 None
Static Disabled Down 2048 None
Ripng Disabled Down 2048 None
Ospfv3-intra Disabled Down 2048 None
Ospfv3-inter Disabled Down 2048 None
Ospfv3-extern1 Disabled Down 2048 None
Ospfv3-extern2 Disabled Down 2048 None
ISISL1 Disabled Down 2048 None
ISISL2 Disabled Down 2048 None
ISISL1Ext Disabled Down 2048 None
ISISL2Ext Disabled Down 2048 None

Advertise Inactive Routes:

ipv4-unicast : Disabled
ipv4-multicast : Disabled
ipv6-unicast : Disabled
ipv6-multicast : Disabled
ipv4-vxlan : Disabled

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

This command was modified in Extreme ExtremeXOS 15.3 to reflect its operation in VRs
and VRFs.

Support for IPv4 VXLAN was added in ExtremeXOS 22.3.

Support for BGP multipath-relax was added in ExtremeXOS 22.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

show bgp evpn

show bgp evpn

Description
Displays EVPN global configuration.

Syntax Description
This command has no arguments or variables.

2606 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Example
The following example shows the EVPN global configuration for the switch:
# show bgp evpn

Enabled : Yes
OperStatus : Up
Local Identifier : 1.0.0.25 Restart Duration (sec) :
180
MAC Move Duration (sec) : 60 MAC Move
Limit : 10
MAC Withdraw Delay (sec) : 1
Ignore AS for Route Target Matching : On

History
This command was first available in ExtremeXOS 31.1.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature,see the Switch Engine 32.7.1
Feature License Requirements document.

show bpg evpn evi

show bgp evpn evi {evi-index evi_index} {vni vni}

Description
Show information about the EVPN instance table.

Syntax Description
bgp Specifies BGP.
evpn Specifies Ethernet VPN (RFC 7432).
evi Shows the EVPN instance table.
evi-index Specifies the EVI index.
vni Specifies a particular virtual network identifier.
vni Selects the VNI. Range is 1 to 16,777,215.

Switch Engine™ Command Reference Guide for version 32.7.1 2607

Default Commands

Default
N/A.

Usage Guidelines
Each EVPN instance represents a VLAN in a virtual network. In this implementation,
there must be a 1-to-1 relationship between VLAN and VNI.

Example
The following example displays the currently active EVPN EVI instances:
# show bgp evpn evi

Flgs EVI-Idx Name VNI Local VTEP RD Import RTs Export

RTs
---- ------- ---------- ------ ------------ ---------------- ----------------
---------------
* 190 10000 1.1.1.102 1.1.1.102:190 64716:16787216
64716:16787216
* 1020 101020 1.1.1.102 1.1.1.102:1020 64716:16878236
64716:16878236
* 3500 111103 1.1.1.102 1.1.1.102:3500 64716:16888319
64716:16888319
* 4089 101021 1.1.1.102 1.1.1.102:4089 64716:16878237
64716:16878237
*SM 125 MktEvi 777 1.1.1.102 65535:1 25:16777993
25:16777993
25:100
25:100
SM EngEvi 884 1.1.1.102 1:65535 20:1
20:1

Flags: (*) Entry is active, (S) Entry is statically configured. (M) RD

and RT are manually configured
RD: Route distinguisher
RT: Route target – See RFC 8365 section 5.1.2.1 for details on automatically
]generated RT decoding instructions.

Some static entries may have multiple route target sets.

These are listed in rows immediately following the initial row
for the EVI-Idx.

Total Displayed: 6 Static: 2 Dyn: 4

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

2608 Switch Engine™ Command Reference Guide for version 32.7.1

Commands show bgp evpn ipv4

show bgp evpn ipv4

show bgp evpn ipv4 {evi-index evi_index} {ip-address ip_address}

Description
Shows the IPv4 entries from the EVPN MAC/IP table.

Syntax Description
bgp Specifies BGP.
evpn Specifies Ethernet VPN (RFC 7432).
ipv4 Shows only the IPv4 entries from the EVPN MAC/IP table.
evi-index Specifies the EVI index.
evi_index Restricts the display to EVI index (should be equal to VLAN
ID). Range is 1 to 4,094.
ip-address Restricts the display to an IP address.
ip_address Selects the IP address.

Default
N/A.

Usage Guidelines
This command allows you to view the current set of IPv4 addresses configured in EVPN.
If the ESI and ESI-Port fields are non-zero, then the entry was learned over a shared
interface. The remote LACP partner’s 6-byte MAC address is part of the ESI. For a full
decoding of the ESI, see RFC 7432. The source (Src) column indicates whether the entry
was learned (L)ocally or (R)emotely. The local entries are from the IP ARP cache or a
locally configured routable VLAN. The remote entries appear only if the “In Use” flag is
set to yes.

Example
The following example shows the current set of IPv4 addresses configured in EVPN.
# show bgp evpn ipv4

Src EVI-Idx Destination MAC BGP Next Hop VNI

ESI ESI-Port In Use
--- ------- --------------- ----------------- --------------- ----------
------------------------------ ---------- ------
L 190 192.168.190.102 00:04:96:9d:64:e2 10000
00:01:02:03:04:05:06:07:08:09 22 Yes
R 190 192.168.190.101 00:04:96:9d:66:e8 3.3.3.103
10000 Yes
R 1020 20.1.1.3 00:04:96:9c:2c:a2 1.1.1.101
101020 Yes
L 1020 20.1.1.1 00:04:96:9d:64:e2

Switch Engine™ Command Reference Guide for version 32.7.1 2609

History Commands

101020 Yes
R 1020 20.1.1.2 00:04:96:9d:66:e8 3.3.3.103
101020 Yes
L 3500 1.1.103.1 00:04:96:9d:64:e2
111103 Yes
R 4089 21.1.1.3 00:04:96:9c:2c:a2 1.1.1.101
101021 Yes
L 4089 21.1.1.1 00:04:96:9d:64:e2
101021 Yes
R 4089 21.1.1.2 00:04:96:9d:66:e8 3.3.3.103
101021 Yes
R 4089 21.1.1.30 00:0f:20:98:87:5a 3.3.3.103
101021 Yes

Src: (L) Local, (R) Remote

In Use: Yes/No - Indicates if entry is installed in IP ARP cache.

Total MAC/IP entries: 10

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

show bgp evpn ipv6

show bgp evpn ipv6 {evi-index evi_index} {ip-address ip_address}

Description
Shows the IPv6 entries from the EVPN MAC/IP table.

Syntax Description
bgp Specifies BGP.
evpn Specifies Ethernet VPN (RFC 7432).
ipv6 Shows only the IPv6 entries from the EVPN MAC/IP table.
evi-index Specifies the EVI index.
evi_index Restricts the display to EVI index (should be equal to VLAN
ID). Range is 1 to 4,094.
ip-address Restricts the display to an IP address.
ip_address Selects the IP address.

2610 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

Default
N/A.

Usage Guidelines
This command allows you to view the current set of IPv6 addresses configured in EVPN.
If the ESI and ESI-Port fields are non-zero, then the entry was learned over a shared
interface. The remote LACP partner’s 6-byte MAC address is part of the ESI. For a full
decoding of the ESI, see RFC 7432. The source (Src) column indicates whether the entry
was learned (L)ocally or (R)emotely. The local entries are from the neighbor-discovery
cache or a locally configured routable VLAN. The remote entries are seen only if the “In
Use” flag is set to yes.

Example
The following example shows the current set of IPv6 addresses configured in EVPN.
# show bgp evpn ipv6

Src EVI-Idx Destination

MAC BGP Next Hop VNI ESI ESI-Port In Use
R 1020 2022::2%tenant
01:01:01:01:01:01 3.3.3.103 101020 00:01:02:03:04:05:06:07:08:09 22 Yes

Src: (L) Local, (R) Remote

In Use: Yes/No - Indicates if entry is installed in neighbor discovery cache.

Total MAC/IP entries: 1

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

show bgp evpn l3vni

show bgp evpn l3vni {vr vr_name}}

Description
Shows the L3 VNI entries from the EVPN MAC/IP table.

Switch Engine™ Command Reference Guide for version 32.7.1 2611

Syntax Description Commands

Syntax Description
bgp Specifies showing the BGP configuration.
evpn Specifies showing the EVPN configuration.
l3vni Specifies showing the integrated routing and bridging IP
VRF VNI configuration.
vr Specifies showing the VRF.
vr_name Provides the VRF name.

Default
N/A.

Usage Guidelines
If you do not specify a VR, all VRs appear.

Example
The following example shows all L3 VNI entries:
1 # show bgp evpn l3vni
VRF Name Layer 3 VNI RD
-------------------------------- ----------- ------------
vr-a 10300 2.2.2.2:10300
vr-b 10100 2.2.2.2:10100
vr-c 10200 2.2.2.2:10200

The following example shows L3 VNI entries for VR "vr-b":

# show bgp evpn l3vni vr vr-b
VRF Name Layer 3 VNI RD
-------------------------------- ----------- ------------
vr-b 10100 2.2.2.2:10100

History
This command was first available in ExtremeXOS 30.6.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

show bgp evpn mac

show bgp evpn mac {mac-address mac_address}

2612 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Description

Description
Shows the current set of MAC addresses configured in EVPN.

Syntax Description
bgp Specifies BGP.
evpn Specifies Ethernet VPN (RFC 7432).
mac Shows only the MAC entries from the EVPN MAC/IP table.
mac-address Specifies restricting the display to a particular MAC
address.
mac_address Selects the MAC address to show.

Default
N/A.

Usage Guidelines
If the ESI and ESI-Port fields are non-zero, then the entry was learned over a shared
interface. The remote LACP partner’s 6-byte MAC address is part of the ESI. For a full
decoding of the ESI, see RFC 7432. The (S)source column indicates whether the entry
was learned (L)ocally or (R)emotely. The local entries are from the MAC forwarding
database. The remote entries are in the MAC forwarding database only if the “In Use”
flag is set to yes.

Example
The following example shows the current set of MAC addresses configured in EVPN.
# show bgp evpn mac

Src EVI-Idx MAC BGP Next Hop VNI ESI

ESI-Port In Use
--- ------- ----------------- --------------- ---------- ------------------------------
---------- ------
L 190 00:04:96:9d:64:e2 10000 00:01:02:03:04:05:06:07:08:09
22 Yes
R 190 00:04:96:9d:66:e8 3.3.3.103
10000 Yes
R 1020 00:04:96:9c:2c:a2 1.1.1.101
101020 Yes
L 1020 00:04:96:9d:64:e2
101020 Yes
R 1020 00:04:96:9d:66:e8 3.3.3.103
101020 Yes
R 1020 01:01:01:01:01:01 3.3.3.103
101020 Yes
L 3500 00:04:96:9d:64:e2
111103 Yes
R 4089 00:04:96:9c:2c:a2 1.1.1.101
101021 Yes
L 4089 00:04:96:9d:64:e2
101021 Yes

Switch Engine™ Command Reference Guide for version 32.7.1 2613

History Commands

R 4089 00:04:96:9d:66:e8 3.3.3.103

101021 Yes
R 4089 00:0f:20:98:87:5a 3.3.3.103
101021 Yes

Src: (L) Local, (R) Remote

In Use: Yes/No - Indicates if entry is installed in MAC forwarding database.

Total MAC/IP entries: 11

History
This command was first available in ExtremeXOS 30.2.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

show bgp memory

show bgp memory {detail | memoryType}

Description
Displays BGP specific memory usage.

Syntax Description
detail Displays detail information.
memoryType Specifies the memory type usage to display.

Default
N/A.

Usage Guidelines
To see the memory types that you can display, enter the show bgp memory command
without any attributes.

Example
The following command displays detailed BGP output for a specific memory types:

Switch.16.3 # sh bgp memory

BGP Memory Information

2614 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

------------------------------------------------------------------------------------------
------------------
Current Memory Utilization Level: GREEN
------------------------------------------------------------------------------------------
------------------
Type AN AB
------------------------------------------------------------------------------------------
------------------
Callbacks 1141 17039828
Buffers 19 8456
Memory Utilization Statistics:
------------------------------------------------------------------------------------------
------------------
Module Type Module Id MemType
Name Size AN/AB/HN/HB
------------------------------------------------------------------------------------------
------------------
PCT_NBASE_ROOT 0x0000000000 16777219
MEM_PROCESS_ENTRY 212 8/1696/8/1696
PCT_NBASE_ROOT 0x0000000000 16777230
MEM_NBB_DIAGS_BLOCK 3212 8/25696/8/25696
PCT_NBASE_ROOT 0x0000000000 16777233
MEM_UNFORMATTED 1508 1/1508/1/1508
PCT_NBASE_ROOT 0x0000000000 50528257 0x0003030001
732 1/732/1/732
PCT_NBASE_ROOT 0x0000000000 50921473
0x0003090001 2004 1/2004/1/2004
PCT_NBASE_ROOT 0x0000000000 52232193
0x00031d0001 1508 1/1508/1/1508
PCT_NBASE_ROOT 0x0000000000 1090584577
MEM_QBRM_LOCAL 9660 2/19320/2/19320
PCT_NBASE_ROOT 0x0000000000 1090650113
MEM_QBNM_LOCAL 1508 2/3016/2/3016
PCT_NBASE_ROOT 0x0000000000 1107361793
MEM_QVB_LOCAL 3076 1/3076/1/3076
PCT_SCK 0x0001109000 16777220
MEM_NBB_POOL_CB 108 9/972/9/972

PCT_QVB 0x0001104000 1107361803

MEM_QVB_RV_REM_CB 60 6/360/6/360
PCT_QVB 0x0001104000 1107361806
MEM_QVB_AS_PATH_CB 60 4/240/4/240
PCT_QVB 0x0001104000 1107361807
MEM_QVB_RTM_CB 516 1/516/1/516

Flags : AN - Number of Allocations, AB - Total Allocation in

Bytes
: HN - Number of High Water Marks for Allocation, HB - Total High Water Mark
Allocations in Bytes
t16.3 # sh bgp memory 1107361807 BGP Memory Information
------------------------------------------------------------------------------------------
------------------
Current Memory Utilization Level: GREEN
------------------------------------------------------------------------------------------
------------------
Type AN AB
------------------------------------------------------------------------------------------
------------------
Callbacks 1141 17039828
Buffers 19 8456

Memory Statistics for MEM_QVB_RTM_CB:

------------------------------------------------------------------------------------------
------------------

Switch Engine™ Command Reference Guide for version 32.7.1 2615

History Commands

MemId Size AN AB
------------------------------------------------------------------------------------------
------------------
001107361807 516 1 516

Flags : AN - Number of Allocations, AB - Total Allocation in Bytes

: HN - Number of High Water Marks for Allocation, HB - Total High Water Mark
Allocations in Bytes

History
This command was first available in ExtremeXOS 10.1.

This command required a specific license in ExtremeXOS 11.1.

This command is updated to reflect L3 VPN changes in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

show bgp neighbor [flap-statistics | suppressed-routes]

For IPv4 and IPv6 address families:
show bgp {neighbor} remoteaddr {address-family [ipv4-unicast |
ipv4-multicast |ipv6-unicast | ipv6-multicast]} [flap-statistics
| suppressed-routes] {detail} [all | as-path path-expression |
community [no-advertise | no-export | no-export-subconfed | number
community-number | autonomous-system-id : bgp-community] | network
[any/netMaskLen | networkPrefixFilter] {exact}]

For the VPNv4 address family:

show bgp {neighbor} remoteaddr address-family vpnv4 [flap-statistics
| suppressed-routes] {detail} [all | as-path path-expression |
community [no-advertise | no-export | no-export-subconfed | number
community-number | autonomous-system-id : bgp-community] | rd
rd_value network [any/ netMaskLen | networkPrefixFilter] {exact}]

Description
Displays flap statistics or suppressed-route information about a specified neighbor.

Syntax Description
remoteaddr Specifies an IPv4 or IPv6 address that identifies a BGP neighbor.
ipv4-unicast Specifies the IPv4 unicast address family.

2616 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Default

ipv4-multicast Specifies an IPv4 multicast address family.

ipv6-unicast Specifies the IPv6 unicast address family.
ipv6-multicast Specifies an IPv6 multicast address family.
vpnv4 Specifies the VPNv4 address family for Layer 3 VPN support.
flap-statistics Specifies that only flap-statistics should be displayed (for route
flap dampening enabled routes).
suppressed- Specifies that only suppressed routes should be displayed (for
routes route flap dampening enabled routes).
detail Specifies to display the information in detailed format.
all Specifies all routes.
path-expression Display routes that match the specified AA path expression.
no-advertise Specifies the no-advertise community attribute.
no-export Specifies the no-export community attribute.
no-export- Specifies the no-export-subconfed community attribute.
subconfed
community_numbe Specifies a community number.
r
autonomous- Specifies an autonomous system ID (0-65535).
system-id
bgp-community Specifies the BGP community number.
rd Specifies the Route Distinquisher (RD) value for the Layer 3 VPN
routes for which you want to clear flap statistics.
any Specifies all routes with a given or larger mask length.
netMaskLen Specifies a IPv4 or IPv6 subnet mask length (number of bits).
networkPrefixFi Specifies an IPv4 or IPv6 address and netmask.
lter
exact Specifies an exact match with the IP address and subnet mask.

Default
If no address family is specified, IPv4 unicast is the default.

Usage Guidelines
This command applies to the current VR or VRF context.

Note
If this command displays Bad Source Address, the BGP neighbor IP address
is unavailable. Possible causes for this condition include a deleted or
unconfigured VLAN or IP address.

The option network any / netMaskLen displays all BGP routes whose mask length is
equal to or greater than maskLength, irrespective of their network address.

Switch Engine™ Command Reference Guide for version 32.7.1 2617

Example Commands

The option network any / netMaskLen exact displays all BGP routes whose mask length
is exactly equal to maskLength, irrespective of their network address.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
For an IPv6 peer, an IPv6 address family must be specified, because an IPv6
peer does not support IPv4 address families. If no address family is specified
for an IPv6 peer, the default, the IPv4 unicast address family, applies and no
address-family information appears. Similarly an IPv4 peer only supports IPv4
address families and no address-family information appears if an IPv6 address
family is specified.

To display Layer 3 VPN information, you must enter this command in the context of on
the MPLS-enabled VR; it is not supported for BGP neighbors on the CE (VRF) side of the
PE router.

Example
The following command displays flap statistics for the specified IPv4 neighbor:
* Switch.18 # show bgp neighbor 10.0.0.0 flap-statistics
BGP Routes Flap Statistics
Destination NextHop Penalty Flaps Duration Reuse AS-
Path

-----------------------------------------------------------------------------------------

* ?100:1:100.0.0.0/8 11.0.0.2 100

100
Flags: (*) Preferred BGP route, (>) Active, (d) Suppressed, (h) History
(s) Stale, (m) Multipath, (u) Unfeasible
Origin: (?) Incomplete, (e) EGP, (i) IGP
Total Number of Flapped Routes: 1

The following command displays flap statistics for the specified IPv6 neighbor:

* Switch.21 # show bgp neighbor 2001::64:: address-family ipv6-unicast flap-statistics

BGP Routes Flap Statistics
Destination NextHop Penalty Flaps Duration Reuse AS-
Path
----------------------------------------------------------------------------------------

* ?2001::/64 3001::1 100 100

Flags: (*) Preferred BGP route, (>) Active, (d) Suppressed, (h) History
(s) Stale, (m) Multipath, (u) Unfeasible
Origin: (?) Incomplete, (e) EGP, (i) IGP
Total Number of Flapped Routes: 1

2618 Switch Engine™ Command Reference Guide for version 32.7.1

Commands History

History
This command was first available in ExtremeXOS 10.1.

The any/netMaskLen options were added in ExtremeXOS 11.0.

This command required a specific license in ExtremeXOS 11.1.

Support for IPv6 was added in ExtremeXOS 12.6 BGP.

Support for Layer 3 VPNs was added in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the BGP feature, see the Switch Engine 32.7.1
Feature License Requirements document.

show bgp neighbor received orf

show bgp {neighbor} remoteaddr {address-family [ipv4-unicast |ipv4-
multicast | vpnv4] } received-orf

Description
Displays on the remote speaker the ORF lists received and installed from the local
speaker for installation and outbound route filtering for IPv4 and IPv6 address families.

Syntax Description
remoteaddr Specifies an IPv4 address that identifies a BGP neighbor.
ipv4-unicast Specifies IPv4 unicast routes.
ipv4-multicast Specifies IPv4 multicast routes.
vpnv4 Specifies VPNv4 routes.
received-orf Displays on the remote speaker the ORF lists it received, and
subsequently installed from the local speaker for installation and
outbound route filtering.

Default
If no address family is specified, IPv4 unicast is the default.

Usage Guidelines
ORF is only supported for IPv4 peers. If this command is executed for an IPv6 peer, the
command is rejected with the following error message:
Outbound-route-filtering not supported for IPv6 peer remoteaddr

Switch Engine™ Command Reference Guide for version 32.7.1 2619

Example Commands

Example
The following example shows the ORF filters received by the remote speaker:
show bgp neighbor 11.0.0.2 received-orf
Address family: IPv4 unicast
Prefix list:
nlri 21.0.0.0/8 exact permit
nlri 22.1.0.0/16 min 24 max 28 permit
nlri 23.0.0.0/8 min 16 deny

Community list:

Extended-community list:
rt:100:2 permit
rt:100:3 permit
rt:101:1 deny

History
This command was first available in ExtremeXOS 15.3.

Platform Availability
This command is available on platforms that support the appropriate license. For
complete information about software licensing, including how to obtain and upgrade
your license and which licenses support the L3 VPN feature, see the Switch Engine
32.7.1 Feature License Requirements document.

show bgp neighbor

For IPv4 and IPv6 address families:
show bgp {neighbor} remoteaddr {address-family [ipv4-unicast | ipv4-
multicast |ipv6-unicast | ipv6-multicast | ipv4-vxlan | {l2vpn-evpn
[inclusive-multicast | mac-ip | auto-discovery | esi | ip-prefix]}]}
[accepted-routes | received-routes | rejected-routes | transmitted-
routes] {detail} [all | as-path path-expression | community [no-
advertise | no-export | no-export-subconfed | number community_number
| autonomous-system-id : bgp-community] | network [any/netMaskLen |
networkPrefixFilter] {exact}]

For the VPNv4 address family:

show bgp {neighbor} remoteaddr address-family vpnv4 [accepted-routes
| received-routes | rejected-routes | transmitted-routes] {detail}
[all | as-path path-expression | community [no-advertise | no-
export | no-export-subconfed | number community_number | autonomous-
system-id :bgp-community] | rd rd_value network [any/netMaskLen |
networkPrefixFilter] {exact}]

Description
Displays information about routes to a specified neighbor.

2620 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Syntax Description

Syntax Description
remoteaddr Specifies an IPv4 or IPv6 address that identifies a BGP neighbor.
ipv4-unicast Specifies IPv4 unicast routes.
ipv4-multicast Specifies IPv4 multicast routes.
ipv6-unicast Specifies IPv6 unicast routes.
ipv6-multicast Specifies IPv6 multicast routes.
ipv4-vxlan Specifies IPv4 VXLAN routes.
l2vpn-evpn Specifies an L2VPN EVPN address family.
inclusive- Displays EVPN inclusive-multicast (type 3) routes
multicast
mac-ip Displays EVPN MAC/IP (type 2) routes.
auto-discovery Displays EVPN auto-discovery (type 1) routes.
esi Displays EVPN Ethernet segment (type 4) routes.
ip-prefix Displays EVPN ip-prefix (type 5) routes.
vpnv4 Specifies VPNv4 routes.
accepted-routes Specifies that only accepted routes are displayed.
received-routes Specifies that only received routes are displayed.
rejected-routes Specifies that only rejected routes are displayed.
transmitted- Specifies that only transmitted routes are displayed.
routes
detail Specifies to display the information in detailed format.
all Specifies all routes.
path-expression Display routes that match the specified AA path expression.
no-advertise Specifies the no-advertise community attribute.
no-export Specifies the no-export community attribute.
no-export- Specifies the no-export-subconfed community attribute.
subconfed
community_number Specifies a community number.
autonomous- Specifies an autonomous system ID (0-65535).
system-id
bgp-community Specifies the BGP community number.
rd Specifies the Route Distinquisher (RD) value for the Layer 3 VPN
routes for which you want to clear flap statistics.
any Specifies all routes with a given or larger mask length.
netMaskLen Specifies a IPv4 or IPv6 subnet mask length (number of bits).
networkPrefixFil Specifies an IPv4 or IPv6 address and netmask.
ter
exact Specifies an exact match with the IP address and subnet mask.

Switch Engine™ Command Reference Guide for version 32.7.1 2621

Default Commands

Default
If no address family is specified, IPv4 unicast is the default.

Usage Guidelines
show bgp neighbor now supports v6 unicast and multicast and vpnv4 address families.
This command applies to the current VR or VRF context.

Note
If this command displays Bad Source Address, the BGP neighbor IP address
is unavailable. Possible causes for this condition include a deleted or
unconfigured VLAN or IP address.

The option network any / netMaskLen displays all BGP routes whose mask length is
equal to or greater than maskLength, irrespective of their network address.

The option network any / netMaskLen exact displays all BGP routes whose mask length
is exactly equal to maskLength, irrespective of their network address.

If you do not specify an address family, this command applies to the IPv4 unicast
address family. To apply this command to an address family other than the IPv4 unicast
address family, you must specify the address family.

Note
For an IPv6 peer, an IPv6 address family must be specified, because an IPv6
peer does not support IPv4 address families. If no address family is specified for
an IPv6 peer, the default address-family, i.e. IPv4 unicast is assumed and hence
no address-family information appears. Similarly an IPv4 peer only supports
IPv4 address families and no address-family information appears if an IPv6
address family is specified.

To display Layer 3 VPN information, you must enter this command in the context of on
the MPLS-enabled VR; it is not supported for BGP neighbors on the CE (VRF) side of the
PE router.

Example
The following command displays sample output when an error message is generated
when the user attempts to create more than the limit of 2 peering sessions with a Base
license on VR-Default (including any child VRFs of VR-Default:
# show bgp neighbor

Peer AS Weight State InMsgs

OutMsgs(InQ) Up/Down
------------------------------------------------------------------------------------------
------------------
Id-- 10.1.1.1 10 1 IDLE 0 0
(0 ) 0:0:13:53
Id-- 20.1.1.1 10 1 IDLE 0 0
(0 ) 0:0:00:07

2622 Switch Engine™ Command Reference Guide for version 32.7.1

Commands Example

Flags: (d) disabled, (e) enabled, (E) external peer, (I) internal peer

switch-model-EXOS.24 # create bgp neighbor 30.1.1.1 remote-AS-number 10

Error: Core license is required to configure more than 2 peers

Base License (User VR):

* (vr user1) switch-model-EXOS.29 # create bgp neighbor 30.1.1.1 remote-AS-number 50

Error: vr user1: Core license is required to configure peer on VR other than VR-Default

The following command displays sample output for show bgp neighbor summary:
# show bgp neighbor

Peer AS Weight State InMsgs OutMsgs(InQ) Up/Down

-------------------------------------------------------------------------------
Ie-- 11.0.0.2 100 0 OPENSENT 0 9 (0 ) 0:8:27:21
Ie-- 3001::1 100 0 ESTABLISEHD 4 3 (0 ) 0:8:27:21

Flags: (d) disabled, (e) enabled, (E) external peer, (I) internal peer
(m) EBGP multihop, (r) route reflector client

BGP Peer Statistics

Total Peers : 2
EBGP Peers : 0
IBGP Peers : 2
RR Client : 0
EBGP Multihop : 0
Enabled : 2
Disabled : 0

The following example displays show output for an IPv4 peer:

# show bgp neighbor 192.168.66.2

Peer Description :
EBGP Peer : 192.168.66.2 AS : 38
Enabled : Yes OperStatus : Up
Weight : 1 Shutdown-Priority : 1024
ConnectRetry : 120 MinAsOrig : 30
HoldTimeCfg : 180 KeepaliveCfg : 60
Source Interface : Not configured RRClient : No
EBGP-Multihop : No Remove Private AS : No
BFD : Off BFD Status : Not Required
Capabilities Config : ipv4-unicast,ipv4-multicast,4-Byte-As,route-refresh (old &
new),l2vpn-evpn
Policy for NLRI Type ipv4-unicast
In Policy : None
Out Policy : None
NextHopSelf : Disabled Send Communities : No
Soft Input Recfg : Disabled Allow Looped AS-Path: No
NextHopUnchanged : Disabled
.
.
.
Policy for NLRI Type ipv4-vxlan
In Policy : None
Out Policy : None
NextHopSelf : Enabled Send Communities : No
Soft Input Recfg : Disabled Allow Looped AS-Path: No
NextHopUnchanged : Disabled
Policy for NLRI Type l2vpn-evpn
In Policy : None

Switch Engine™ Command Reference Guide for version 32.7.1 2623

Example Commands

Out Policy : None

NextHopSelf : Disabled Send Communities : No
Soft Input Recfg : Disabled Allow Looped AS-Path: No
NextHopUnchanged : Enabled
State : ESTABLISHED
FSM Up since : Sat May 5 04:05:30 2018
(Duration: 0:0:08:19)
Remote Addr : 192.168.66.2 Local Addr : 192.168.66.1
Remote Port : 179 Local Port : 51612
Remote RouterId : 1.0.0.38 Local RouterId : 1.0.0.25
HoldTimeNegotiated : 180 KeepAliveNegotiated : 60
FsmTransitions : 1
InUpdateElapsedTime : 00:00:08:25 InMsgElapsedTime : 0:0:08:25
InUpdates : 2 OutUpdates (in TxQ) : 3 (0)
InTotalMsgs : 14 OutTotalMsgs : 15
InRouteRefreshes : 0 OutRouteRefreshes : 0
Route Statistics for NLRI Type ipv4-unicast
Received : 1 Accepted : 1
Rej